From nobody Tue Dec 09 15:26:36 2025 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dQjPc4mpwz6Kn08 for ; Tue, 09 Dec 2025 15:26:44 +0000 (UTC) (envelope-from rozhuk.im@gmail.com) Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dQjPb12fxz3xMf for ; Tue, 09 Dec 2025 15:26:43 +0000 (UTC) (envelope-from rozhuk.im@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=j4j2ZBEn; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of rozhuk.im@gmail.com designates 2a00:1450:4864:20::62c as permitted sender) smtp.mailfrom=rozhuk.im@gmail.com Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-b7277324204so1057965466b.0 for ; Tue, 09 Dec 2025 07:26:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1765294000; x=1765898800; darn=freebsd.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:date:from:from:to:cc:subject:date :message-id:reply-to; bh=1QGLzkQVIgkeo/sdso54C4065Q1G9HXRADmJcJBCV8Q=; b=j4j2ZBEnsSGB3AUU+mBdse6tL+KFuPhn9wtWLdb4WdRPWmz/S90XNd7H2xLkfFeJRN iRHBmeDh6DATK2Du6SJ7KVTu4aikTzoPt52CtJ3Y8HW7Nr07Bl6gywBYZlwEbjWtDqtR OPxqXejLPELiYJN+vbNgsysiSE8NEEW3cjg/71S9szLwD4Do/6P5zY7ybBA8Pw/ZsM70 65UjFtAvaUkwzL7dPYtTVkVqYhXq8GWzNYEAfqjdlrkOJXfxH5/X7QuzcnkSAggUc7V+ 3P81VVcjvrdO68j+L2J8R04rPbLYS9X3FapBAsaU1UY93Ora9YblAkou0P44zKxxs9Fx yCAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765294000; x=1765898800; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:date:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=1QGLzkQVIgkeo/sdso54C4065Q1G9HXRADmJcJBCV8Q=; b=bRRFkD2/5V54avWEr6n8slFg54GlrI3w5vCgXZTFvImMkbKZIQotV2CIn8uGVsxtKu ydZp9WCBGzgEXpZWMrZ9Hh5C2afdND6pBJho9lesL+dqtwaJLxTwwXB4KBeFIWJktG6m 0fMorqdM11IIT8yIk5tIaNYRzJA1pTjlEW8VR6gSyxXnl0GWEZbLns+U3eV0sfy1FEiT EubNl9RGCzgPKqwTXnlj2Las6OgYyfbNns4g6c4HTxNRDHhDvRRUCyHSrAkFfAexdEdO ZruUwz7zhlYA5gNMZ/Bayk0fUG/abVlOTP1W+CxWGve3kSyHiexk8yj17LEU90yAn7RS Jwbw== X-Gm-Message-State: AOJu0YyjDX5XTetgIp8rHABUnsnX709N9LhbFPcppkL/B3PwLDv20rwP +w6WcNsnR3G5GnGkUSrRtLk//vsifZ5JoU6AH0PKzsxforxyRKWHiCTa X-Gm-Gg: ASbGncvsVic5qDK+Ca+buhy2NvrXyolwavTlXNRBwmRBbgaJaU0q9S6zHwxF8thr7gL 8ZI04/Ynunl5Ttij8rVQw0hKJuDsrV4Vp8KxA1grmD1Cp0lLpNnZhs91s/LySjRsfqvtqis8U6c Esqh4QN44+a5dX5EI/ntUWL84I3hAnicwPmgKj0bYJX/M1O06yIdjb4kwP52NgAdd7EnHina62B KmPAzWjizPGdbK7OMbNxVAU6lfQuKI6Z5JEx+HWpVJlO4vUn2qgMvl9qrH9767ecQ2wB2PqCwuD hbJnD095pfcG9BYCAN/grg7WlNOtPMfdQ2Yy7aXx1OsECkEfeQ6MAagIj3Hj8pGpkJhx3Ki72x7 bmSH9FOfzdcWty7k4ifgJIu/lMw3ZqNeZ4A3QNFY5H2MYQmf2+mKZRBDZ9wUOjNd7fllAitopPA se3XJiX5ZhYkWyQA== X-Google-Smtp-Source: AGHT+IGfUq+GwAsiD3imY1i9cSTfSF7efJNnQAIsggBVA3KWHBUdw41L7Vn7J4uTABm1DjEQIzNqtA== X-Received: by 2002:a17:907:7f10:b0:b70:7cd8:9098 with SMTP id a640c23a62f3a-b7a2475de83mr1238886966b.61.1765293999913; Tue, 09 Dec 2025 07:26:39 -0800 (PST) Received: from rimwks.local ([2001:470:1f1b:4dc:3daf:f3f0:f818:d3fd]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b79f4977ecdsm1435418566b.41.2025.12.09.07.26.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Dec 2025 07:26:39 -0800 (PST) From: Rozhuk Ivan X-Google-Original-From: Rozhuk Ivan Date: Tue, 9 Dec 2025 17:26:36 +0200 To: Michael Butler Cc: freebsd-current Subject: Re: fib selection and persistence using ipfw Message-ID: <20251209172636.6dd7ae73@rimwks.local> In-Reply-To: <75037780-3748-4cf3-8a44-a0e9c0b76e06@protected-networks.net> References: <20350073-abc5-4116-9fd7-8e8f708a26d4@protected-networks.net> <20251208031147.393b2391@rimwks.local> <75037780-3748-4cf3-8a44-a0e9c0b76e06@protected-networks.net> X-Mailer: Claws Mail 4.3.1 (GTK 3.24.51; amd64-portbld-freebsd14.3) List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.97 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.97)[-0.968]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; TO_DN_ALL(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_TRACE(0.00)[0:+]; TAGGED_FROM(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ARC_NA(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; RCVD_VIA_SMTP_AUTH(0.00)[]; MLMMJ_DEST(0.00)[freebsd-current@freebsd.org]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::62c:from] X-Rspamd-Queue-Id: 4dQjPb12fxz3xMf On Mon, 8 Dec 2025 08:38:22 -0500 Michael Butler wrote: > > Do not forget set fib to network interface like it done in examlpe. > > In my case if same IP+mask set on more than one net if - only last > > one will process packets to sockets. > > Interface FIBs only work when the connection stays on the same > machine. https://man.freebsd.org/cgi/man.cgi?ifconfig fib fib_number Specify interface FIB. A FIB fib_number is assigned to all frames or packets received on that interface. The FIB is not ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^!!! inherited, e.g., vlans or other sub-interfaces will use the de- fault FIB (0) irrespective of the parent interface's FIB. The kernel needs to be tuned to support more than the default FIB using the ROUTETABLES kernel configuration option, or the net.fibs tunable.