Page MenuHomeFreeBSD

inpcb: Allow SO_REUSEPORT_LB to be used in jails
ClosedPublic

Authored by markj on Oct 17 2022, 8:39 PM.
Tags
None
Referenced Files
F106847825: D37029.diff
Mon, Jan 6, 9:04 AM
Unknown Object (File)
Nov 26 2024, 6:44 PM
Unknown Object (File)
Nov 21 2024, 5:21 PM
Unknown Object (File)
Nov 17 2024, 2:22 PM
Unknown Object (File)
Nov 15 2024, 12:58 PM
Unknown Object (File)
Nov 15 2024, 12:32 PM
Unknown Object (File)
Nov 10 2024, 4:07 PM
Unknown Object (File)
Oct 25 2024, 5:10 PM

Details

Summary

Currently SO_REUSEPORT_LB silently does nothing when set by a jailed
process. It is trivial to support this option in VNET jails, but it's
also useful in traditional jails where the semantics are not quite
clear.

This patch enables LB groups in jails with the following semantics:


- all PCBs in a group must belong to the same jail
- PCB lookup prefers jailed groups to non-jailed groups, exactly how
we handle individual sockets

One pre-existing quirk of lbgroups is that they are matched before
jailed sockets. This seems like a (minor?) bug to me, but that
behaviour is preserved with this change.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 47866
Build 44753: arc lint + arc unit

Event Timeline

markj requested review of this revision.Oct 17 2022, 8:39 PM

Didn't do a thorough review, but overall looks good. Thanks!

sys/netinet/in_pcb.c
280

Why is this M_NOWAIT spread around the LB group code? This all happens in context of setsockopt(2), doesn't it?

This revision is now accepted and ready to land.Oct 18 2022, 4:36 AM
sys/netinet/in_pcb.c
280

No, it's a bit weird. It happens when binding the socket. First you set the SO_REUSEPORT_LB option, then bind. All sockets with SO_REUSEPORT_LB which bind to the same port are added to the same LB group.

Here, the inpcb and hash table are locked, so we can't allocate anything with M_WAITOK. I don't like it, I agree that we should be using M_WAITOK here but I haven't thought about how to fix it.