Page MenuHomeFreeBSD

Turn net.inet.carp.allow into a RW tunable
ClosedPublic

Authored by lytboris_gmail.com on Jan 23 2023, 9:55 AM.
Tags
None
Referenced Files
Unknown Object (File)
Oct 17 2024, 8:04 PM
Unknown Object (File)
Oct 9 2024, 10:14 PM
Unknown Object (File)
Oct 2 2024, 8:21 AM
Unknown Object (File)
Oct 2 2024, 6:32 AM
Unknown Object (File)
Sep 29 2024, 7:23 AM
Unknown Object (File)
Sep 25 2024, 6:45 PM
Unknown Object (File)
Sep 8 2024, 7:35 PM
Unknown Object (File)
Sep 8 2024, 2:16 AM

Details

Summary

Bringing CARP announces into live could be harmful due to external dependencies like:

  • unfinished ipfw ruleset load
  • services on the host that exhibit considerably long startup times

The server, while being not ready for production role, could still acquire MASTER state.

On the other hand one might still want to configure IP address though convenient netif rc script.

In short, there should be a way to load carp module but to leave all VHIDs in INIT state. The easiest way is to turn net.inet.carp.allow into a RW tunable and set it to 0 in loader.conf.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

sys/netinet/ip_carp.c
2251

This will crash on VNET-enabled kernel

glebius requested changes to this revision.Jan 23 2023, 4:50 PM

As Alexander noted, the patch won't work as intended with VIMAGE.

You need a new VNET_SYSINIT() function to initialize V_carp_allow. Look at TCP syncache tunables initialization as an example.

This revision now requires changes to proceed.Jan 23 2023, 4:50 PM

Uploaded ver #2. Does it look like the way it should be? I do not have a way to check it on VNET-enabled kernel here and now.

Tested updated patch with GENERIC kernel 13.1/stable. Works as expected.

root@fbsd:~ # kldstat
Id Refs Address                Size Name
 1    7 0xffffffff80200000  1f30470 kernel
 2    1 0xffffffff82131000     f780 carp.ko
 3    1 0xffffffff82318000     3218 intpm.ko
 4    1 0xffffffff8231c000     2180 smbus.ko
root@fbsd:~ # sysctl net.inet.carp
net.inet.carp.ifdown_demotion_factor: 240
net.inet.carp.senderr_demotion_factor: 240
net.inet.carp.demotion: 0
net.inet.carp.log: 1
net.inet.carp.preempt: 0
net.inet.carp.dscp: 56
net.inet.carp.allow: 0
root@fbsd:~ # cat /boot/loader.conf
net.inet.carp.allow="0"
carp_load="YES"
root@fbsd:~ # uname -a
FreeBSD fbsd 13.1-RELEASE-p5 FreeBSD 13.1-RELEASE-p5 753d65a19 GENERIC amd64
root@fbsd:~ #

Jail configuration and sysctl checks:

root@fbsd:~ # jail -c bar
bar: created
root@fbsd:~ #
root@fbsd:~ # jls
   JID  IP Address      Hostname                      Path
     1                                                /
root@fbsd:~ # jexec bar /bin/sh
# ifconfig
lo0: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
# cat /etc/jail.conf
        bar {
        exec.start = '';
        exec.stop = '';
        path = /;
        vnet = new;
        mount.nodevfs;
        persist;                // Required because there are no processes
}
# sysctl net.inet.carp.allow
net.inet.carp.allow: 0
# sysctl net.inet.carp.allow=1
net.inet.carp.allow: 0 -> 1
# sysctl net.inet.carp.allow=0
net.inet.carp.allow: 1 -> 0
# w
 9:57PM  up 17 mins, 1 user, load averages: 0.13, 0.18, 0.10
USER       TTY      FROM           LOGIN@  IDLE WHAT
root       pts/0    192.168.56.1   9:41PM     - w
# sysctl net.inet.carp.allow=1
net.inet.carp.allow: 0 -> 1
# sysctl net.inet.carp.allow
net.inet.carp.allow: 1
# ^D
root@fbsd:~ # sysctl net.inet.carp.allow
net.inet.carp.allow: 0
root@fbsd:~ #

Works on -HEAD for me.
I'm going to commit it tomorrow, on Jan 30 if there are no objections.

This revision was not accepted when it landed; it landed in state Needs Review.Jan 30 2023, 11:33 AM
This revision was automatically updated to reflect the committed changes.