From owner-freebsd-current@freebsd.org Tue Nov 10 22:33:30 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4A496A2CFBB for ; Tue, 10 Nov 2015 22:33:30 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qg0-x229.google.com (mail-qg0-x229.google.com [IPv6:2607:f8b0:400d:c04::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0554419B1 for ; Tue, 10 Nov 2015 22:33:29 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by qgea14 with SMTP id a14so10874551qge.0 for ; Tue, 10 Nov 2015 14:33:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd_org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=OSz2lOxwXW8HBuridRTm7gEufULpZRCQrogywKF8bP8=; b=q+2UmF+MBBC16rW6l4pVF0CsPM7gJS4cixv6o9Qf+4HRyUNvEylOmd446a0bACrxfL GSYWgkYDfRvvTq4VFOuANxQI7T6gUiLRsezW6ngwW1g1JE4CQQm0IAO7vIX17mqxhMKG oaAuymFEOwPFeaRnX0mgBgszG+7ae5pz1z94b2mur1fPxdefmtWMHOmRd9/JYbO5aZ6m qG5lWWC0DsdlRgL2MUStJcoTbF9n6MkaOxKwNl7vOtS/Dw/fzm+XQBwlCaJI+ntVmykt h46ToBONaF93gXetzszPhGknlTxKQCHXuzVMWhy7eMsxW0cdqBnIB+W3Pdoj0cOcuJ1l nYSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=OSz2lOxwXW8HBuridRTm7gEufULpZRCQrogywKF8bP8=; b=ReeIgHMtNDWMbAr5r7a/OVKL/frDapGkSLOMZ9BBkcFqW0hav1+QG7cO7buoJ0CQ4Y 2uF5bJDpgGht1BnS8u59em1h5nimRXJCkBPv1dsvsg49UZyYYxpxN1IxP9EfgzPSUTmH 3E/4mqAAwKlQ8+I0bsg4bVfBMdQG5B8vugudMeUmwCw0rpmyktEurAcmIKsMyEfF3LsG r8Apgd3EPBFfqW7VvkjMKfYzGSy3gt46efDdOFqrNU94eC7eN1CFg3UH2O+ANYsYM7L8 vPDGUjL4VFyViPYyz9NUYT7NcVaKRHF4SYSVryTjswOrUVCYMc1c9JkCa2So+WbA0OC2 FZxQ== X-Gm-Message-State: ALoCoQlVMyqz9dNq3KE9XXaIJctIQwRaP5yFad/914GUhlUtMUk9ovCo+HT5pRoGkc6oelArXCtb X-Received: by 10.140.254.195 with SMTP id z186mr8148009qhc.68.1447194808953; Tue, 10 Nov 2015 14:33:28 -0800 (PST) Received: from mutt-hardenedbsd (c-73-135-80-144.hsd1.md.comcast.net. [73.135.80.144]) by smtp.gmail.com with ESMTPSA id y200sm2138696qka.48.2015.11.10.14.33.28 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Nov 2015 14:33:28 -0800 (PST) Date: Tue, 10 Nov 2015 17:33:26 -0500 From: Shawn Webb To: NGie Cooper Cc: Kristof Provost , FreeBSD Current Subject: Re: pf NAT and VNET Jails Message-ID: <20151110223326.GB55345@mutt-hardenedbsd> References: <13324720.omGDCH0sVj@hbsd-dev-laptop> <5815854.WJiA8b3P58@hbsd-dev-laptop> <20151110024701.GA2694@mutt-hardenedbsd> <20151110212805.GB13268@vega.codepro.be> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="O5XBE6gyVG5Rl6Rj" Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD mutt-hardenedbsd 11.0-CURRENT-HBSD FreeBSD 11.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Nov 2015 22:33:30 -0000 --O5XBE6gyVG5Rl6Rj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 10, 2015 at 01:45:21PM -0800, NGie Cooper wrote: > On Tue, Nov 10, 2015 at 1:28 PM, Kristof Provost wrote: > > On 2015-11-09 21:47:01 (-0500), Shawn Webb = wrote: > >> I found the problem: it seems that the new Intel Haswell graphics > >> support (which I've been running with) is at odds somehow with pf NAT. > >> Removing Haswell graphics support means working pf NAT. > >> > > That's ... very strange. > > > > I've built the drm-i915-update-38 branch of http:////github.com/freebsd= /freebsd-base-graphics.git, > > but still haven't managed to reproduce the problem. > > It is if course entirely possible that it would only manifest if the > > haswell graphics are actually in use. In that case there's little I can > > do as I don't have haswell hardware I could test on. >=20 > 1. Add memguard(9) support to kernel. > 2. Set the descriptions for the zones (as noted in the manpage) to > catch panics when either driver tries to touch eachothers' space. > Cheers, > -NGie I think I might've been between some major pf commits or had some sort of stale file. I updated to latest HEAD with the new haswell stuff merged in and all is well. Thanks for the help in troubleshooting this. I'll keep an eye on it. Thanks, --=20 Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --O5XBE6gyVG5Rl6Rj Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWQnC1AAoJEGqEZY9SRW7u+cEP/0ClfKBrzLwKfa3XG7DLMG9+ r7HfKAhIRiFefLQxUAGCvLuDf95SakKKkUuyU8G1PBfMp5enIO9w04a3yuKRZYzD j+DwNUgE6HPA/IkhqhOxZnL3uTt5lUaHvSGj3lCmmI31i4EPCP9eaxwIoAdQC9dp 1RIZIYMRu9hheF2xzMlS6yNHnK3b/T6SnkWP3w3ximRWanTs8M8nZEug5Zmcgfij OpLyEO23ubfB6ruF5RcFnV3kS8PmuvN8jFAazSZJ4pMZUse0ot0TWJnjPxV/L5lG nlpVCY5keI4T0O518nHyBTO+3zjSFbPHDlXuqOejsBavqyhOffv04envTg3r9x36 luHdmKLMm4DTKI0D1I7fIjqfYKuqbmU5QqsvB8W46QyFfHj4zi0t79mVPnts7rw4 LZkZnRBm0SceWUQqvhXB7jNkIfJBRcgzinYSS6d9Ug3Ighncrj/I0+tFupTiqkuV ERogscvWw7T2X0rzqyW2Zd3r6wwj2i389wnkWUQajVFZGTVaKYLZg6wQ9TqevWI6 pGoYvplh4iNDqlhRYliHMoKM5+OG/dxNgFNPwLkzpcQrDG1Zh3RuT1R7Hfk4QKa+ h8+QnWaGu4ZjAm3n67gffWKVoNsk/Cfrv0k3QCWZBOT7BuBFlsh5i0du+lhOsNDm rCb2UjQMb0ThdRGAAPiH =jBfQ -----END PGP SIGNATURE----- --O5XBE6gyVG5Rl6Rj--