From owner-freebsd-virtualization@FreeBSD.ORG Sun Jun 19 03:26:39 2011 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A50071065670 for ; Sun, 19 Jun 2011 03:26:39 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) by mx1.freebsd.org (Postfix) with ESMTP id 469698FC12 for ; Sun, 19 Jun 2011 03:26:39 +0000 (UTC) Received: from julian-mac.elischer.org (home-nat.elischer.org [67.100.89.137]) (authenticated bits=0) by vps1.elischer.org (8.14.4/8.14.4) with ESMTP id p5J37KxX092715 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sat, 18 Jun 2011 20:07:23 -0700 (PDT) (envelope-from julian@freebsd.org) Message-ID: <4DFD67F0.3010508@freebsd.org> Date: Sat, 18 Jun 2011 20:07:28 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 MIME-Version: 1.0 To: Stefan Bethke References: <0A8B9BF3-8401-4541-9FBD-0C292149C5E4@lassitu.de> In-Reply-To: <0A8B9BF3-8401-4541-9FBD-0C292149C5E4@lassitu.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-virtualization@freebsd.org Subject: Re: VIMAGE and pf? X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Jun 2011 03:26:39 -0000 On 6/18/11 3:53 AM, Stefan Bethke wrote: > Is VIMAGE supposed to be compatible with pf? On r223207 (8-stable) I'm getting a panic when pfctl loads the rules: no they are not compatible.. there are comatibilty patches but we have so far failed to get them into the tree. > Fatal trap 12: page fault while in kernel mode > cpuid = 1; apic id = 01 > fault virtual address = 0x28 > fault code = supervisor read data, page not present > instruction pointer = 0x20:0xffffffff803da27a > stack pointer = 0x28:0xffffff811ef8b7d0 > frame pointer = 0x28:0xffffff811ef8b7f0 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 839 (pfctl) > trap number = 12 > panic: page fault > cpuid = 1 > KDB: stack backtrace: > db_trace_self_wrapper() at db_trace_self_wrapper+0x2a > kdb_backtrace() at kdb_backtrace+0x37 > panic() at panic+0x187 > trap_fatal() at trap_fatal+0x290 > trap_pfault() at trap_pfault+0x28f > trap() at trap+0x3df > calltrap() at calltrap+0x8 > --- trap 0xc, rip = 0xffffffff803da27a, rsp = 0xffffff811f03f7d0, rbp = 0xffffff811f03f7f0 --- > ifunit() at ifunit+0x2a > pfioctl() at pfioctl+0x1c2a > devfs_ioctl_f() at devfs_ioctl_f+0x7b > kern_ioctl() at kern_ioctl+0x102 > ioctl() at ioctl+0xfd > syscallenter() at syscallenter+0x1e5 > syscall() at syscall+0x4b > Xfast_syscall() at Xfast_syscall+0xe2 > --- syscall (54, FreeBSD ELF64, ioctl), rip = 0x80099a8ac, rsp = 0x7fffffffb568, rbp = 0x7fffffffb6c0 --- > > (The above is likely mangled due to my console server missing a few characters now and then.) > > I've got these interfaces configured: > em0: flags=8943 metric 0 mtu 1500 > options=219b > ether 00:1c:c0:7d:8c:50 > inet6 fe80::21c:c0ff:fe7d:8c50%em0 prefixlen 64 scopeid 0x1 > nd6 options=3 > media: Ethernet autoselect (1000baseT) > status: active > pflog0: flags=0<> metric 0 mtu 33152 > lo0: flags=8049 metric 0 mtu 16384 > options=3 > inet 127.0.0.1 netmask 0xff000000 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0xb > nd6 options=3 > bridge0: flags=8843 metric 0 mtu 1500 > ether 02:00:00:00:00:01 > inet 44.128.65.1 netmask 0xffffffc0 broadcast 44.128.65.63 > inet6 fe80::21c:c0ff:fe7d:8c50%bridge0 prefixlen 64 scopeid 0xc > inet6 2001:470:1f0b:1064::1 prefixlen 64 > nd6 options=3 > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > member: vlan1 flags=143 > ifmaxaddr 0 port 14 priority 128 path cost 55 > member: tap0 flags=143 > ifmaxaddr 0 port 13 priority 128 path cost 2000000 > tap0: flags=8943 metric 0 mtu 1500 > options=80000 > ether 00:bd:c5:5a:01:00 > inet6 fe80::2bd:c5ff:fe5a:100%tap0 prefixlen 64 scopeid 0xd > nd6 options=3 > Opened by PID 2524 > vlan1: flags=8943 metric 0 mtu 1500 > options=3 > ether 00:1c:c0:7d:8c:50 > inet6 fe80::21c:c0ff:fe7d:8c50%vlan1 prefixlen 64 scopeid 0xe > nd6 options=3 > media: Ethernet autoselect (1000baseT) > status: active > vlan: 1 parent interface: em0 > vlan2: flags=8843 metric 0 mtu 1500 > options=3 > ether 00:1c:c0:7d:8c:50 > inet 44.128.65.249 netmask 0xfffffff8 broadcast 44.128.65.255 > inet6 fe80::21c:c0ff:fe7d:8c50%vlan2 prefixlen 64 scopeid 0xf > nd6 options=3 > media: Ethernet autoselect (1000baseT) > status: active > vlan: 2 parent interface: em0 > vlan3: flags=8843 metric 0 mtu 1500 > options=3 > ether 00:1c:c0:7d:8c:50 > inet 172.23.54.1 netmask 0xffffff00 broadcast 172.23.54.255 > inet6 fe80::21c:c0ff:fe7d:8c50%vlan3 prefixlen 64 scopeid 0x10 > nd6 options=3 > media: Ethernet autoselect (1000baseT) > status: active > vlan: 3 parent interface: em0 > vlan4: flags=8843 metric 0 mtu 1500 > options=3 > ether 00:1c:c0:7d:8c:50 > inet6 fe80::21c:c0ff:fe7d:8c50%vlan4 prefixlen 64 scopeid 0x11 > inet 31.18.32.155 netmask 0xfffff800 broadcast 31.18.39.255 > nd6 options=3 > media: Ethernet autoselect (1000baseT) > status: active > vlan: 4 parent interface: em0 > gif0: flags=8051 metric 0 mtu 1280 > tunnel inet 31.18.32.155 --> 216.66.80.30 > inet6 fe80::21c:c0ff:fe7d:8c50%gif0 prefixlen 64 scopeid 0x12 > inet6 2001:470:1f0a:1064::2 --> 2001:470:1f0a:1064::1 prefixlen 128 > nd6 options=3 > options=1 > tun1: flags=8043 metric 0 mtu 1500 > options=80000 > inet6 fe80::21c:c0ff:fe7d:8c50%tun1 prefixlen 64 scopeid 0x13 > inet 44.128.127.2 netmask 0xffffff00 broadcast 44.128.127.255 > nd6 options=3 > Opened by PID 2516 > > > From owner-freebsd-virtualization@FreeBSD.ORG Sun Jun 19 20:40:34 2011 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 024D6106564A; Sun, 19 Jun 2011 20:40:34 +0000 (UTC) (envelope-from stb@lassitu.de) Received: from gilb.zs64.net (gilb.zs64.net [IPv6:2001:470:1f0b:105e::1ea]) by mx1.freebsd.org (Postfix) with ESMTP id C10D78FC18; Sun, 19 Jun 2011 20:40:33 +0000 (UTC) Received: by gilb.zs64.net (Postfix, from stb@lassitu.de) id 3F2FC7B442; Sun, 19 Jun 2011 22:40:32 +0200 (CEST) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: Stefan Bethke In-Reply-To: <4DFD67F0.3010508@freebsd.org> Date: Sun, 19 Jun 2011 22:40:31 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <30F13111-4ED7-412C-9F08-93340D51A633@lassitu.de> References: <0A8B9BF3-8401-4541-9FBD-0C292149C5E4@lassitu.de> <4DFD67F0.3010508@freebsd.org> To: freebsd-virtualization@freebsd.org X-Mailer: Apple Mail (2.1084) Cc: Subject: Re: VIMAGE and pf? X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Jun 2011 20:40:34 -0000 Am 19.06.2011 um 05:07 schrieb Julian Elischer: > On 6/18/11 3:53 AM, Stefan Bethke wrote: >> Is VIMAGE supposed to be compatible with pf? On r223207 (8-stable) = I'm getting a panic when pfctl loads the rules: >=20 >=20 > no they are not compatible.. there are comatibilty patches but we have = so far failed to get them into the tree. Aw, too bad. I'm trying to get some processes, maybe a full jail, to use a seperate = ADSL (PPPoE) connection as their default route, and I'm a bit flummoxed = by the options. It seems that pf won't allow me to reference jails in rules (according = to pf.conf(5)), but I could have those processes run as a certain user. Alternatively, I think I should be able to use setfib(1) with = ROUTETABLES. Any advice on how I would configure mpd5 and/or a jail? Thanks, Stefan --=20 Stefan Bethke Fon +49 151 14070811 From owner-freebsd-virtualization@FreeBSD.ORG Sun Jun 19 21:42:48 2011 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F0DF31065672 for ; Sun, 19 Jun 2011 21:42:48 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) by mx1.freebsd.org (Postfix) with ESMTP id 81EFC8FC19 for ; Sun, 19 Jun 2011 21:42:48 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 41D4D25D3A95; Sun, 19 Jun 2011 21:42:47 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id F0FD715A20E8; Sun, 19 Jun 2011 21:42:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id 9GOGZhNKmx1I; Sun, 19 Jun 2011 21:42:44 +0000 (UTC) Received: from orange-en1.sbone.de (orange-en1.sbone.de [IPv6:fde9:577b:c1a9:31:cabc:c8ff:fecf:e8e3]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 552C815A2037; Sun, 19 Jun 2011 21:42:44 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: "Bjoern A. Zeeb" In-Reply-To: <30F13111-4ED7-412C-9F08-93340D51A633@lassitu.de> Date: Sun, 19 Jun 2011 21:42:42 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <27F2A9EF-EE03-47BD-894E-7CDB1B4BF478@FreeBSD.org> References: <0A8B9BF3-8401-4541-9FBD-0C292149C5E4@lassitu.de> <4DFD67F0.3010508@freebsd.org> <30F13111-4ED7-412C-9F08-93340D51A633@lassitu.de> To: Stefan Bethke X-Mailer: Apple Mail (2.1084) Cc: freebsd-virtualization@freebsd.org Subject: Re: VIMAGE and pf? X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Jun 2011 21:42:49 -0000 On Jun 19, 2011, at 8:40 PM, Stefan Bethke wrote: > Am 19.06.2011 um 05:07 schrieb Julian Elischer: >=20 >> On 6/18/11 3:53 AM, Stefan Bethke wrote: >>> Is VIMAGE supposed to be compatible with pf? On r223207 (8-stable) = I'm getting a panic when pfctl loads the rules: >>=20 >>=20 >> no they are not compatible.. there are comatibilty patches but we = have so far failed to get them into the tree. >=20 > Aw, too bad. >=20 > I'm trying to get some processes, maybe a full jail, to use a seperate = ADSL (PPPoE) connection as their default route, and I'm a bit flummoxed = by the options. >=20 > It seems that pf won't allow me to reference jails in rules (according = to pf.conf(5)), but I could have those processes run as a certain user. >=20 > Alternatively, I think I should be able to use setfib(1) with = ROUTETABLES. Any advice on how I would configure mpd5 and/or a jail? I had posted a patch and I thought (maybe even committed to HEAD?) that = restricts pf to the base system so you could use it from there, it = wouldn't panic but not be available from within vnets. For mpd5 to work inside a jail and create interfaces etc. you would need = VNETs. For moving mpd interfaces into a JAIL you would need VNETs. If you just want mpd in base and services in a jail static IPs could do = the trick. Jails can exists without the IPs present -- listening = services will be more tircky. Ok, just a patch it seems, not committed; try to see if it still applies = to stable/8. If not I can probably update it quickly: = http://lists.freebsd.org/pipermail/freebsd-virtualization/2010-September/0= 00509.html /bz --=20 Bjoern A. Zeeb You have to have visions! Stop bit received. Insert coin for new address family.= From owner-freebsd-virtualization@FreeBSD.ORG Mon Jun 20 11:07:14 2011 Return-Path: Delivered-To: freebsd-virtualization@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4F948106564A for ; Mon, 20 Jun 2011 11:07:14 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 3E0D88FC1E for ; Mon, 20 Jun 2011 11:07:14 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p5KB7EU7098284 for ; Mon, 20 Jun 2011 11:07:14 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p5KB7DUc098282 for freebsd-virtualization@FreeBSD.org; Mon, 20 Jun 2011 11:07:13 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 20 Jun 2011 11:07:13 GMT Message-Id: <201106201107.p5KB7DUc098282@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-virtualization@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-virtualization@FreeBSD.org X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jun 2011 11:07:14 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/152047 virtualization[vimage] [panic] TUN\TAP under jail with vimage crashe o kern/148155 virtualization[vimage] Kernel panic with PF/IPFilter + VIMAGE kernel a kern/147950 virtualization[vimage] [carp] VIMAGE + CARP = kernel crash s kern/143808 virtualization[pf] pf does not work inside jail a kern/141696 virtualization[rum] [panic] rum(4)+ vimage = kernel panic 5 problems total.