Date: Thu, 22 Aug 2013 03:20:22 +0900 (JST) From: Hiroki Sato <hrs@FreeBSD.org> To: will@firepipe.net Cc: freebsd-net@FreeBSD.org, gibbs@FreeBSD.org, asomers@FreeBSD.org Subject: Re: CFR: FIB handling improvements Message-ID: <20130822.032022.481255110184207810.hrs@allbsd.org> In-Reply-To: <CADBaqmi6c7v8ojry8uViRi9tK18n8_RaDrP%2BUjvcmEN9guWm3w@mail.gmail.com> References: <CADBaqmi6c7v8ojry8uViRi9tK18n8_RaDrP%2BUjvcmEN9guWm3w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----Security_Multipart(Thu_Aug_22_03_20_22_2013_352)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Will Andrews <will@firepipe.net> wrote in <CADBaqmi6c7v8ojry8uViRi9tK18n8_RaDrP+UjvcmEN9guWm3w@mail.gmail.com>: wi> Please review: http://people.freebsd.org/~will/fix-fib-issues.1.diff wi> wi> This patch includes fixes for several issues relating to FIBs: wi> wi> * Use of dhclient with non-zero FIBs. With this patch, it is possible wi> to use DHCP on a specific interface with a non-zero FIB and have it wi> work correctly with this rc.conf snippet: wi> wi> ifconfig_em1="SYNCDHCP" wi> dhclient_fib_em1=1 I think the target FIB should be handled by dhclient, not in the rc.d scripts. More specifically, dhclient should call SIOCGIFFIB ioctl to obtain ifp->if_fib and use it if defined. It allows the following configuration which is much simpler and reliable: ifconfig_em1="fib 1 SYNCDHCP" wi> * Always add loopback routes for non-zero FIBs, for both IPv4 and wi> IPv6. Arguably, this could be a policy issue, but it is currently wi> less-than-trivial to specify (in rc.conf) that a route needs to be wi> applied to every FIB. I am not sure why this is needed. Are the loopback host routes installed into all of the FIBs automatically when lo0 is initialized? Even if it is required, get_fibmod() is not necessary. The following should work: # route add -inet 127.0.0.1/8 -iface lo0 -fib all wi> * Having two or more FIBs whose interfaces share the same prefix and wi> netmask. This involves adding fibnum arguments to ifa_ifwithnet() and wi> ifa_ifwithdstaddr(), and checking it within. wi> wi> * Setting the FIB on a network interface. rtinit1() looks it up via wi> the current process context, so we must be calling setfib(2) from wi> within ifconfig. wi> wi> * Creating & deleting loopback routes now works correctly for wi> non-default FIBs, by using the interface's FIB instead of always 0. wi> wi> Commits would be made on each of these issues separately, but since wi> they are all related, I thought it would be easier for others to wi> evaluate them with context. The other changes look reasonable to me (but not tested yet). -- Hiroki ----Security_Multipart(Thu_Aug_22_03_20_22_2013_352)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (FreeBSD) iEYEABECAAYFAlIVBOYACgkQTyzT2CeTzy2zCwCfViMRHsTjn+1MRAi773wmnM3m GfYAn3Iw+1R7KsY5is0KKsYg65Vztd58 =n6GQ -----END PGP SIGNATURE----- ----Security_Multipart(Thu_Aug_22_03_20_22_2013_352)----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130822.032022.481255110184207810.hrs>