From owner-freebsd-virtualization@FreeBSD.ORG Sun Oct 17 16:20:08 2010 Return-Path: <owner-freebsd-virtualization@FreeBSD.ORG> Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D43F5106566B; Sun, 17 Oct 2010 16:20:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [IPv6:2001:4068:10::3]) by mx1.freebsd.org (Postfix) with ESMTP id 5B3B88FC13; Sun, 17 Oct 2010 16:20:08 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id BF40A41C80E; Sun, 17 Oct 2010 18:20:06 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([192.168.74.103]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id Qumscshu7ptY; Sun, 17 Oct 2010 18:20:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id CC66141C832; Sun, 17 Oct 2010 18:20:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 7F9824448F3; Sun, 17 Oct 2010 16:17:01 +0000 (UTC) Date: Sun, 17 Oct 2010 16:17:01 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> X-X-Sender: bz@maildrop.int.zabbadoz.net To: Nikolay Denev <ndenev@gmail.com> In-Reply-To: <7051D018-684F-417A-AAA0-00603B2FDCD4@gmail.com> Message-ID: <20101017161256.U10185@maildrop.int.zabbadoz.net> References: <7051D018-684F-417A-AAA0-00603B2FDCD4@gmail.com> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org, FreeBSD virtualization mailing list <freebsd-virtualization@freebsd.org> Subject: Re: ifconfig, vnets and interface names X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: FreeBSD virtualization mailing list <freebsd-virtualization@freebsd.org> List-Id: "Discussion of various virtualization techniques FreeBSD supports." <freebsd-virtualization.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, <mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization> List-Post: <mailto:freebsd-virtualization@freebsd.org> List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, <mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe> X-List-Received-Date: Sun, 17 Oct 2010 16:20:09 -0000 On Sun, 17 Oct 2010, Nikolay Denev wrote: > Hello, > > While playing with vnet jails I've discovered the following oddity, which probably is not what's expected to happen : > ... > And that's what ifconfig shows after this : > > [16:52]root@nas:/home/ndenev# ifconfig > <... snip lo0 and physical interface ...> > epair0a: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > ether 02:8c:53:00:03:0a > epair1a: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > ether 02:b6:49:00:05:0a > eth0: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > ether 02:8c:53:00:04:0b > ether 02:b6:49:00:06:0b > > Instead of two interfaces, I'm seeing one with to lladdrs, because of the interface names being the same. > > Then I'm trying to destroy them : > > [16:52]root@nas:/home/ndenev# ifconfig eth0 destroy > [16:53]root@nas:/home/ndenev# ifconfig > <... snip lo0 and physical interface ...> > epair1a: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > ether 02:b6:49:00:05:0a > eth0: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > ether 02:b6:49:00:06:0b > [16:53]root@nas:/home/ndenev# ifconfig eth0 destroy > > > So in this case there may be not a clean way to address one of the interfaces specifically (i.e. destroy only the second one)? > > I've not investigated further, but I'm thinking probably this is just a "bug" in ifconfig interpreting/parsing the information from the kernel. > Maybe a solution is to extend ifconfig to be able print the interface list along with the ifIndex values and also manage the interfaces by index? > Auto renaming also is also probably a possible solution (i.e. eth0_1 , eth0_2 ) as these are interfaces coming from destroyed vnet's and are not likely to be in use. (but still sounds scary :) ) It's actually a bug in sys/net/if.c:if_vmove* we know about and that's on the todo list. I am not sure when the behaviour of ifconfig changed as previousy it would only show you one of the two interfaces with the single ether address. ifconfig -l however had shown eth0 twice. Neither is really what one would expect thus needs changing. /bz PS: freebsd-virtualization@ is the best list to report "VIMAGE" or "vnet" related problems. -- Bjoern A. Zeeb Welcome a new stage of life. From owner-freebsd-virtualization@FreeBSD.ORG Sun Oct 17 17:02:29 2010 Return-Path: <owner-freebsd-virtualization@FreeBSD.ORG> Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1C9CF106564A for <freebsd-virtualization@freebsd.org>; Sun, 17 Oct 2010 17:02:29 +0000 (UTC) (envelope-from ndenev@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 9503E8FC0A for <freebsd-virtualization@freebsd.org>; Sun, 17 Oct 2010 17:02:28 +0000 (UTC) Received: by bwz16 with SMTP id 16so79622bwz.13 for <freebsd-virtualization@freebsd.org>; Sun, 17 Oct 2010 10:02:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:mime-version :content-type:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to:x-mailer; bh=6OR2FNsQpBNvTtYovYB9XJEyem1wX1SuuhpUo8VlFlQ=; b=kTmVVcFfyU7RGZDrGhXIAutYpRFtnJ5cvcSU1LD6Y3P7JzsGIWYhHm4wRnOvjivpNE yPMHG1ijZRICsZQDFpAdlBHFFIpMdXq/wc4kB6Fg/F1D3OFEj2syiWkB25faMhX+SrVN LwnuNJkJVZJ8GdRD8VCxvUTSKNLQT0VkwnZj8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; b=iq/YC1nbRWvFosp31P10yuH1gpLB6yu4caR2sQnm3hKYux0SEdsdoB/xJotX0SkXbn yrZJqFfejLkX1VSzavIvrwPZS5hpxig8rDnwDlHUdwbTn0WqPR9etwxSuXS3Ytgwgiil W/3RqHjlO6uQ3rQaMh0MGAu9JecK6avSLwh/0= Received: by 10.204.68.145 with SMTP id v17mr3447998bki.81.1287333458738; Sun, 17 Oct 2010 09:37:38 -0700 (PDT) Received: from ndenev.totalterror.net (93-152-151-19.ddns.onlinedirect.bg [93.152.151.19]) by mx.google.com with ESMTPS id a25sm14224025bks.20.2010.10.17.09.37.36 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 17 Oct 2010 09:37:37 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v1081) Content-Type: text/plain; charset=us-ascii From: Nikolay Denev <ndenev@gmail.com> In-Reply-To: <20101017161256.U10185@maildrop.int.zabbadoz.net> Date: Sun, 17 Oct 2010 19:37:34 +0300 Content-Transfer-Encoding: 7bit Message-Id: <F5742FD0-AD93-4BE4-977C-15DE0DC4A00F@gmail.com> References: <7051D018-684F-417A-AAA0-00603B2FDCD4@gmail.com> <20101017161256.U10185@maildrop.int.zabbadoz.net> To: FreeBSD virtualization mailing list <freebsd-virtualization@freebsd.org> X-Mailer: Apple Mail (2.1081) X-Mailman-Approved-At: Sun, 17 Oct 2010 17:06:36 +0000 Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org Subject: Re: ifconfig, vnets and interface names X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." <freebsd-virtualization.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, <mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization> List-Post: <mailto:freebsd-virtualization@freebsd.org> List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, <mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe> X-List-Received-Date: Sun, 17 Oct 2010 17:02:29 -0000 On Oct 17, 2010, at 7:17 PM, Bjoern A. Zeeb wrote: > On Sun, 17 Oct 2010, Nikolay Denev wrote: > >> [ ... snip ... ] > > It's actually a bug in sys/net/if.c:if_vmove* we know about and that's > on the todo list. > Thanks, good to know. > I am not sure when the behaviour of ifconfig changed as previousy it > would only show you one of the two interfaces with the single ether > address. ifconfig -l however had shown eth0 twice. Neither is really > what one would expect thus needs changing. > > /bz > > PS: freebsd-virtualization@ is the best list to report "VIMAGE" or > "vnet" related problems. > Ok, I'll keep that in mind. > -- > Bjoern A. Zeeb Welcome a new stage of life. Regards, Nikolay From owner-freebsd-virtualization@FreeBSD.ORG Mon Oct 18 11:07:09 2010 Return-Path: <owner-freebsd-virtualization@FreeBSD.ORG> Delivered-To: freebsd-virtualization@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ED41B10656B1 for <freebsd-virtualization@FreeBSD.org>; Mon, 18 Oct 2010 11:07:09 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D9FFE8FC35 for <freebsd-virtualization@FreeBSD.org>; Mon, 18 Oct 2010 11:07:09 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o9IB79ao029492 for <freebsd-virtualization@FreeBSD.org>; Mon, 18 Oct 2010 11:07:09 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o9IB791R029490 for freebsd-virtualization@FreeBSD.org; Mon, 18 Oct 2010 11:07:09 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 18 Oct 2010 11:07:09 GMT Message-Id: <201010181107.o9IB791R029490@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster <bugmaster@FreeBSD.org> To: freebsd-virtualization@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-virtualization@FreeBSD.org X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." <freebsd-virtualization.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, <mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization> List-Post: <mailto:freebsd-virtualization@freebsd.org> List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, <mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe> X-List-Received-Date: Mon, 18 Oct 2010 11:07:10 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/148155 virtualization[vimage] Kernel panic with PF/IPFilter + VIMAGE kernel s kern/143808 virtualization[pf] pf does not work inside jail 2 problems total. From owner-freebsd-virtualization@FreeBSD.ORG Mon Oct 18 19:15:15 2010 Return-Path: <owner-freebsd-virtualization@FreeBSD.ORG> Delivered-To: virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 417F61065675; Mon, 18 Oct 2010 19:15:15 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from out-0.mx.aerioconnect.net (outx.internet-mail-service.net [216.240.47.247]) by mx1.freebsd.org (Postfix) with ESMTP id 22C178FC24; Mon, 18 Oct 2010 19:15:14 +0000 (UTC) Received: from idiom.com (postfix@mx0.idiom.com [216.240.32.160]) by out-0.mx.aerioconnect.net (8.13.8/8.13.8) with ESMTP id o9IItqD8002880; Mon, 18 Oct 2010 11:55:52 -0700 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id 0E9F52D601F; Mon, 18 Oct 2010 11:55:51 -0700 (PDT) Message-ID: <4CBC986C.30205@freebsd.org> Date: Mon, 18 Oct 2010 11:56:44 -0700 From: Julian Elischer <julian@freebsd.org> User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.9) Gecko/20100915 Thunderbird/3.1.4 MIME-Version: 1.0 To: =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org>, virtualization@freebsd.org References: <AANLkTinXNRKSwjuOeQkDTANhSSbHYHZnf4SvaFHbEdrg@mail.gmail.com> In-Reply-To: <AANLkTinXNRKSwjuOeQkDTANhSSbHYHZnf4SvaFHbEdrg@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.67 on 216.240.47.51 Cc: Subject: Re: [PATCH] pf(4) patch from OpenBSD 4.5 X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." <freebsd-virtualization.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, <mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization> List-Post: <mailto:freebsd-virtualization@freebsd.org> List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, <mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe> X-List-Received-Date: Mon, 18 Oct 2010 19:15:15 -0000 On 10/18/10 11:10 AM, Ermal Luçi wrote: > Hello, > > the link http://people.freebsd.org/~eri/pf45_1.diff has the patch for > pf(4) as of OpenBSD 4.5 version. > The patch is against HEAD. > After OpenBSD 4.5 the syntax has changed and this is the reason for > such an 'old' version patch. > > After importing this one the work will go on the newest version and > decisions on it will than be done. > > Be aware that this patch has even support for VIMAGE/VNET. > It will enable you to run pf(4) with[in] jails+vnets or just vnets > themselves with separate rulesets > and policies. > pfsync(4) can be loaded as a module also with this patch. hooray! what to do with pfsync is hte question.. we don't yet have devfs-per-jail but I think that's probably something we should work on pretty soon. I guess /dev/pfsync could only give you stuff from your own jail/vnet but I don't use it so I'm not sure how it works. > Feedback is very welcome. > > Regards, From owner-freebsd-virtualization@FreeBSD.ORG Mon Oct 18 18:41:23 2010 Return-Path: <owner-freebsd-virtualization@FreeBSD.ORG> Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 25D1410656A3 for <freebsd-virtualization@freebsd.org>; Mon, 18 Oct 2010 18:41:23 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id A4CA58FC12 for <freebsd-virtualization@freebsd.org>; Mon, 18 Oct 2010 18:41:22 +0000 (UTC) Received: by bwz16 with SMTP id 16so6111bwz.13 for <freebsd-virtualization@freebsd.org>; Mon, 18 Oct 2010 11:41:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:sender:received :in-reply-to:references:from:date:x-google-sender-auth:message-id :subject:to:content-type; bh=kdKFyJiGIKELHWBESFr5nfx6JsLzRjhkotT+bqgmEQA=; b=OfouZzyX0UQxEWUQpTFsY462Z8jFmGWCR3N8E5djbdyNx8fylaKMymyusg2SFBhGlB 03io1lbdLgRQiSElJAMFdXOy1eebVzWuEHLPVlswvMQipbmsOsHJwz/m4kG7wQLZ9zeo XA0tgpWYfBZCdTbjNJdnLauyFKtqAkIDoBznM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:content-type; b=sHmoq6ZDLwWjgaMexZZHjBSChc8jOzWH9ZU0SaoA4mQDw79DYouNVumH/91SyLoGiX nTzyEy5BYsp4+16SqH5THmmgRKM6K1EUjybGtBWQ8ymzNhjF9DDH8P3eCa9Ejt1MvBVJ yAQkvE2PMe6KgtCsBxuzdZKwd58ht6lQBGUFk= Received: by 10.204.68.67 with SMTP id u3mr4611968bki.199.1287425555072; Mon, 18 Oct 2010 11:12:35 -0700 (PDT) MIME-Version: 1.0 Sender: ermal.luci@gmail.com Received: by 10.204.35.68 with HTTP; Mon, 18 Oct 2010 11:12:14 -0700 (PDT) In-Reply-To: <AANLkTinXNRKSwjuOeQkDTANhSSbHYHZnf4SvaFHbEdrg@mail.gmail.com> References: <AANLkTinXNRKSwjuOeQkDTANhSSbHYHZnf4SvaFHbEdrg@mail.gmail.com> From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org> Date: Mon, 18 Oct 2010 19:12:14 +0100 X-Google-Sender-Auth: 7avyEe8Ix2wSW55xIoFwWUEpD3g Message-ID: <AANLkTikhiGp_kvLXrrcQRzfD40=y93w_JkpUaa6dk_zB@mail.gmail.com> To: FreeBSD virtualization mailing list <freebsd-virtualization@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1 X-Mailman-Approved-At: Mon, 18 Oct 2010 19:19:35 +0000 Subject: [PATCH] pf(4) patch from OpenBSD 4.5 X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." <freebsd-virtualization.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, <mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization> List-Post: <mailto:freebsd-virtualization@freebsd.org> List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, <mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe> X-List-Received-Date: Mon, 18 Oct 2010 18:41:23 -0000 Hello, the link http://people.freebsd.org/~eri/pf45_1.diff has the patch for pf(4) as of OpenBSD 4.5 version. The patch is against HEAD. After OpenBSD 4.5 the syntax has changed and this is the reason for such an 'old' version patch. After importing this one the work will go on the newest version and decisions on it will than be done. Be aware that this patch has even support for VIMAGE/VNET. It will enable you to run pf(4) with[in] jails+vnets or just vnets themselves with separate rulesets and policies. pfsync(4) can be loaded as a module also with this patch. Feedback on the VIMAGE enabled kernels is very welcome. Regards, -- Ermal P.S. keep me CC'd since i am not on this list. From owner-freebsd-virtualization@FreeBSD.ORG Mon Oct 18 20:55:04 2010 Return-Path: <owner-freebsd-virtualization@FreeBSD.ORG> Delivered-To: virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2DF791065672; Mon, 18 Oct 2010 20:55:04 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 7B3B48FC1E; Mon, 18 Oct 2010 20:55:03 +0000 (UTC) Received: by bwz16 with SMTP id 16so76929bwz.13 for <multiple recipients>; Mon, 18 Oct 2010 13:55:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:sender:received :in-reply-to:references:from:date:x-google-sender-auth:message-id :subject:to:cc:content-type:content-transfer-encoding; bh=xMSpL20gdMvMfYoj1IqyTO3A1bX3qO/kKubYLL2OJ8o=; b=xkqxmiBkLGxLkm2kzO5SnQbQWiPEIrnrGz7BZLgo/gRp8a6zHoLitw4rtRGt+XjGXy 4S/i/s6tDvZWT+pRFnjD6GpWh1SRpw2b/q0F/q9Pk7uTlQn9CwFpeFi/U3VaDEMRjYPV tJKnZbgx2xhipxZ7Aa2TxqiInMf8z8ruiLymM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; b=GKj1Jui0rNyflvj2uPwLbcAnUdn329p7uX09hCb4jenJaKutO/GuMEwjT5Wcbwyom/ +WktXQmmKSTMdMFg3J9MEGbIrebmO/INDfUlmjZ2YGRyccWmmwMz/B33W0+NCNgCn1TV ud+ords3tflR/I7UMMYiPVHQJGM3yoTULtMz4= Received: by 10.204.46.33 with SMTP id h33mr4958542bkf.95.1287433888392; Mon, 18 Oct 2010 13:31:28 -0700 (PDT) MIME-Version: 1.0 Sender: ermal.luci@gmail.com Received: by 10.204.35.68 with HTTP; Mon, 18 Oct 2010 13:31:07 -0700 (PDT) In-Reply-To: <4CBC986C.30205@freebsd.org> References: <AANLkTinXNRKSwjuOeQkDTANhSSbHYHZnf4SvaFHbEdrg@mail.gmail.com> <4CBC986C.30205@freebsd.org> From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org> Date: Mon, 18 Oct 2010 21:31:07 +0100 X-Google-Sender-Auth: G-6K6Rni5ge0nm-6sE9eeGQrOxA Message-ID: <AANLkTi=tzBX0mLabgd3TB2NW+7jU_RVpHni6RJc0j-jd@mail.gmail.com> To: Julian Elischer <julian@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: virtualization@freebsd.org Subject: Re: [PATCH] pf(4) patch from OpenBSD 4.5 X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." <freebsd-virtualization.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, <mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization> List-Post: <mailto:freebsd-virtualization@freebsd.org> List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, <mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe> X-List-Received-Date: Mon, 18 Oct 2010 20:55:04 -0000 On Mon, Oct 18, 2010 at 7:56 PM, Julian Elischer <julian@freebsd.org> wrote= : > =A0On 10/18/10 11:10 AM, Ermal Lu=E7i wrote: >> >> Hello, >> >> the link http://people.freebsd.org/~eri/pf45_1.diff has the patch for >> pf(4) as of OpenBSD 4.5 version. >> The patch is against HEAD. >> After OpenBSD 4.5 the syntax has changed and this is the reason for >> such an 'old' version patch. >> >> After importing this one the work will go on the newest version and >> decisions on it will than be done. >> >> Be aware that this patch has even support for VIMAGE/VNET. >> It will enable you to run pf(4) with[in] jails+vnets or just vnets >> themselves with separate rulesets >> and policies. >> pfsync(4) can be loaded as a module also with this patch. > > hooray! > > what to do with pfsync is hte question.. =A0we don't yet have devfs-per-j= ail > =A0but I think that's probably something we > should work on pretty soon. > I guess /dev/pfsync could only give you stuff from your own jail/vnet but= I > don't use it so I'm not sure how it works. AFAIK pfsync(4) is not a devfs consumer. Its just a wrapped up in-kernel packet generator glued to ifnet interface. So you should be able to run a failover scenario on 2 jails through pfsync(= 4). > >> Feedback is very welcome. >> >> Regards, > > --=20 Ermal