How to disable tryforward ?

k simon moremore2 at outlook.com
Thu Oct 31 04:30:29 UTC 2019 

Hi, Olivier,
This patch should fix ECMP forwarding as a workaround.  I’ve added the “fastforwarding” sysctl knob back and set it’s default value to “1”.  Value “0” would disable tryforward().  Maybe the right way is replaced fib4_lookup_nh_basic() with fib4_lookup_nh_ext() in ip_fastfwd.c, but I’m not familiar with it.

--- ip_input.c.orig     2019-10-26 20:33:21.468834000 +0800
+++ ip_input.c  2019-10-31 08:01:42.938504000 +0800
@@ -37,6 +37,7 @@
 #include "opt_bootp.h"
 #include "opt_ipstealth.h"
 #include "opt_ipsec.h"
+#include "opt_mpath.h"
 #include "opt_route.h"
 #include "opt_rss.h"

@@ -64,6 +65,9 @@
 #include <net/if_dl.h>
 #include <net/route.h>
 #include <net/netisr.h>
+#ifdef RADIX_MPATH
+#include <net/radix_mpath.h>
+#endif
 #include <net/rss_config.h>
 #include <net/vnet.h>

@@ -115,6 +119,11 @@
     &VNET_NAME(ipsendredirects), 0,
     "Enable sending IP redirects");

+VNET_DEFINE_STATIC(int, ipfastforward_active) = 1;
+#define V_ipfastforward_active          VNET(ipfastforward_active)
+SYSCTL_INT(_net_inet_ip, OID_AUTO, fastforwarding, CTLFLAG_VNET | CTLFLAG_RW,
+     &VNET_NAME(ipfastforward_active), 0, "Enable fast IP forwarding");
+
 /*
  * XXX - Setting ip_checkinterface mostly implements the receive side of
  * the Strong ES model described in RFC 1122, but since the routing table
@@ -566,7 +575,7 @@
         * case skip another inbound firewall processing and update
         * ip pointer.
         */
-       if (V_ipforwarding != 0 && V_ipsendredirects == 0
+       if (V_ipforwarding != 0 && V_ipsendredirects == 0 && V_ipfastforward_active != 0
 #if defined(IPSEC) || defined(IPSEC_SUPPORT)
            && (!IPSEC_ENABLED(ipv4) ||
            IPSEC_CAPS(ipv4, m, IPSEC_CAP_OPERABLE) == 0)



Simon Ke
20191031


在 2019年10月31日,00:33,Olivier Cochard-Labbé <olivier at freebsd.org<mailto:olivier at freebsd.org>> 写道:

On Wed, Oct 30, 2019 at 9:44 AM k simon <moremore2 at outlook.com<mailto:moremore2 at outlook.com>> wrote:
Hi, Andrey,
        OK, I’ve got it.  Radix_mpath.h file is not included in input.c. Maybe someone can fix and commit it. Thanks for your reply!

But does including this header file enough to fix ECMP forwarding ?

More information about the freebsd-net mailing list