From nobody Sun Jan 29 20:32:07 2023 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P4jfK1kfcz3c1ry for ; Sun, 29 Jan 2023 20:32:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P4jfK0j70z3LJB for ; Sun, 29 Jan 2023 20:32:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675024329; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=u4vqFi6gb2zU5W12+T4e1p5+AOKQfTlzB57LyStTPAc=; b=ghpobfyZo9akIdinlglb+dJYBid6WrBCmjbbs/LmWSg7+uezS8LeVnqbmzuSOXboxd/Yll Hfv/bO9+kWrcPW+3LBlxR6e05nixcJAAIJ8MMJZiW1g6pKsgHEpyLJrMWAp5cBZEaLfefU GqkVL5bcvtsN0ep3ucUSMaYkO90BJLpZL5yd5W88MJZtyWJIoERZExF/hrSeZbVFeIN0Iu BPiXOYbhm2j/nx9XhkUwzlk2mo3EBfReDUQJ7ihayjBQLCyo0GhdiWlpKgZgLefSYl2dDI kD99lOmH+VqScwAo7iHQbz+gqSbsfPFPqWGGTUM8BYXMCIbYMBkVbHhAeXtqJQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675024329; a=rsa-sha256; cv=none; b=W9lEicr0DBbX1SoWAjLIaY3I6PcYjXDF3NT4jy/fHAURXvSHyOsYBYorRNiL7+CrGJL2wF gc/GGxk75yw1yqTm9dCZxpIv5qelSgusERTKHb74i4KV9S1fDR8n+9HqYiF7Sq8EYdkAHS w1Fiupwhvw0hWnF3luY2Tm7zbqugeAU54uzMmSrN7E3O3r5aYEDTHZdaR0OwVdKnPo4kiF lVWP8le5WBLYowZCPwUGJpTggQ+CZRn2fm7oXXu/C+5XyS+QNsk+Z+Xg+e9vrEaY24YFpN HUYE7zFPrTnOjy26HnrhT7CUHQ/Kvs+ld51oUAjcso7opEJHy4CsCNB+zuZ/Kg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4P4jfJ6wJdzhNH for ; Sun, 29 Jan 2023 20:32:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 30TKW8sf029199 for ; Sun, 29 Jan 2023 20:32:08 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 30TKW8dv029198 for jail@FreeBSD.org; Sun, 29 Jan 2023 20:32:08 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 240106] VNET issue with ARP and routing sockets in jails Date: Sun, 29 Jan 2023 20:32:07 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: avg@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240106 --- Comment #25 from Andriy Gapon --- (In reply to Kristof Provost from comment #24) I think I will need to look at the code. I thought that a bridge would see packets only from a bridged virtual/vlan interface (such as the proposed igb0.0), but it looks that the actual ethernet input processing has a diffe= rent flow. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Feb 17 18:07:02 2023 X-Original-To: freebsd-jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PJKXH0stVz3rFpF for ; Fri, 17 Feb 2023 18:07:11 +0000 (UTC) (envelope-from DtxdF@disroot.org) Received: from knopi.disroot.org (knopi.disroot.org [178.21.23.139]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PJKXF75Xfz3rcn for ; Fri, 17 Feb 2023 18:07:09 +0000 (UTC) (envelope-from DtxdF@disroot.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=disroot.org header.s=mail header.b="VmChU1x/"; spf=pass (mx1.freebsd.org: domain of DtxdF@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=DtxdF@disroot.org; dmarc=pass (policy=reject) header.from=disroot.org Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 7B2894454C for ; Fri, 17 Feb 2023 19:07:08 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lYD-dmZJzU_U for ; Fri, 17 Feb 2023 19:07:07 +0100 (CET) Date: Fri, 17 Feb 2023 18:07:02 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1676657227; bh=Khbh5hR384ERE0u5WK5AqbX+ZjhbRgG2bbuNFisOqyY=; h=Date:From:To:Subject; b=VmChU1x/HUEZWYxUy0fGOOzJxQellAl+Q5E5EjTY+na6Yulapv/xBBZjpbFfAGROT jBSVMQik1t7WN9jA4XytLTZxqpsCGXxIT3nCsqu7GcWimfYatQ7iymWS5wclptj+P+ YFuOxrSm3UNhfU86pP1j5UfNiW0j1K74ktRW1jlopoLtQ/TUZHc1Doz2Rm2RHo8HaP 3Eiq6Ijh8QclyS1QzxDU40TKA42K28h2NhjFGlrPbyKxIdESajatsaoSE1OHqeYunS lT2bw1yTRiwLoJeLdU5/AuEUtEJialfeEeGnl/5cAG8BFwub88CbmnDpPxmgdYa62A KBIQvZYNJd9xg== From: DtxdF To: freebsd-jail@FreeBSD.org Subject: AppJail: Simple and easy-to-use tool for creating portable jails Message-ID: List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=----TQ3739NHM0LBQPXBFKQ97TH96S4M0N Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-4.00 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,reject]; R_SPF_ALLOW(-0.20)[+a]; R_DKIM_ALLOW(-0.20)[disroot.org:s=mail]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; MLMMJ_DEST(0.00)[freebsd-jail@FreeBSD.org]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[disroot.org:+]; ARC_NA(0.00)[]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_NONE(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Queue-Id: 4PJKXF75Xfz3rcn X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N ------TQ3739NHM0LBQPXBFKQ97TH96S4M0N Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi! I want to share a tool I created to test my ports, to learn more about jai= ls and just as a hobby=2E This is AppJail, a simple and easy to use tool to create portable jails=2E My main motivation is a tool for system administrators and developers=2E The features are as follows: * Easy to use=2E * Parallel startup (Jails & NAT)=2E * UFS and ZFS support=2E * RACCT/RCTL support=2E * NAT support=2E * Port expose - network port forwarding into jail=2E * IPv4 and IPv6 support=2E * DHCP and SLAAC support=2E * Virtual networks - A jail can be on several virtual networks at the same= time=2E * Bridge support=2E * VNET support * Deploy your applications much easier using Makejail! * Netgraph support=2E * LinuxJails support=2E * Supports thin and thick jails=2E * TinyJails - Experimental feature to create a very stripped down jail tha= t is very useful to distribute=2E * Startup order control - Using priorities and the boot flag makes managem= ent much easier=2E * Jail dependency support=2E * Initscripts - Make your jails interactive! * Backup your jails using tarballs or raw images (ZFS only) with a single = command=2E * Modular structure - each command is a unique file that has its own respo= nsability in AppJail=2E This makes AppJail maintenance much easier=2E * Table interface - many commands have a table-like interface, which is ve= ry familiar to many sysadmin tools=2E * No databases - each configuration is separated in each entity (networks,= jails, etc=2E) which makes maintenance much easier=2E * Supervisor - Coming soon =2E=2E=2E * =2E=2E=2E AppJail has a useful feature called Makejail, which is somewhat similar to= Dockerfile=2E The idea is to use a file that contains the steps to create = a jail with its configured packages=2E Visit the main site: https://github=2Ecom/DtxdF/AppJail and the centralize= d repository for Makejails: https://github=2Ecom/AppJail-makejails I have created a bug to use it as a port: https://bugs=2Efreebsd=2Eorg/bug= zilla/show_bug=2Ecgi?id=3D269631 ------TQ3739NHM0LBQPXBFKQ97TH96S4M0N Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi!

I want to share a tool I created to t= est my ports, to learn more about jails and just as a hobby=2E

This = is AppJail, a simple and easy to use tool to create portable jails=2E
My main motivation is a tool for system administrators and developers=2E<= br>
The features are as follows:

* Easy to use=2E
* Parallel s= tartup (Jails & NAT)=2E
* UFS and ZFS support=2E
* RACCT/RCTL sup= port=2E
* NAT support=2E
* Port expose - network port forwarding into= jail=2E
* IPv4 and IPv6 support=2E
* DHCP and SLAAC support=2E
* = Virtual networks - A jail can be on several virtual networks at the same ti= me=2E * Bridge support=2E
* VNET support
* Deploy your applications m= uch easier using Makejail!
* Netgraph support=2E
* LinuxJails support= =2E
* Supports thin and thick jails=2E
* TinyJails - Experimental fea= ture to create a very stripped down jail that is very useful to distribute= =2E
* Startup order control - Using priorities and the boot flag makes m= anagement much easier=2E
* Jail dependency support=2E
* Initscripts -= Make your jails interactive!
* Backup your jails using tarballs or raw = images (ZFS only) with a single command=2E
* Modular structure - each co= mmand is a unique file that has its own responsability in AppJail=2E This m= akes AppJail maintenance much easier=2E
* Table interface - many command= s have a table-like interface, which is very familiar to many sysadmin tool= s=2E
* No databases - each configuration is separated in each entity (ne= tworks, jails, etc=2E) which makes maintenance much easier=2E
* Supervis= or - Coming soon =2E=2E=2E
* =2E=2E=2E

AppJail has a useful featu= re called Makejail, which is somewhat similar to Dockerfile=2E The idea is = to use a file that contains the steps to create a jail with its configured = packages=2E

Visit the main site: https://github=2Ecom/DtxdF/AppJail=C2=A0and the centralized= repository for Makejails: https://github=2Ecom/AppJail-makejails

I have created a bug t= o use it as a port: https://bugs=2Efreebsd=2Eorg/bugzilla/show_bug=2Ecgi?= id=3D269631 ------TQ3739NHM0LBQPXBFKQ97TH96S4M0N--