Date: Wed, 29 Nov 2017 09:38:10 -0700 From: James Gritton <jamie@gritton.org> To: freebsd-jail@freebsd.org Cc: Kristof Provost <kristof@sigsegv.be>, Matthias Meyser <matthias@harz.de> Subject: Re: IPSEC in VNET Jails Message-ID: <99043e609d69713e651f9c2d53549ad8@gritton.org> In-Reply-To: <C93BA264-A200-4448-8F52-D9E347F066CF@sigsegv.be> References: <f144fcea-b5c2-683e-c7ca-5a86bc45ffbc@harz.de> <20A48018-1601-4AFC-95E5-AA9725E79E3D@sigsegv.be> <a249b135-35d8-97ed-d258-d61d3a3bc5d7@harz.de> <C93BA264-A200-4448-8F52-D9E347F066CF@sigsegv.be>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2017-11-29 06:05, Kristof Provost wrote: > On 29 Nov 2017, at 13:42, Matthias Meyser wrote: >> Am 29.11.2017 um 12:40 schrieb Kristof Provost: >>> I stand by my initial assessment that VNET is not sufficiently stable >>> in stable/11 to encourage its use there. >>> There are still issues with IPSec, even in head. See >>> https://reviews.freebsd.org/D13017 for some more information on that. >>> Those issues are being addressed in head, but I do not expect VNET to >>> ever become robust in 11. >> >> I could not find any bug report about those problems. > The issue discussed in D13017 was discovered by the new tests. There’s > no bug report yet, and there probably won’t be one as it’ll likely get > fixed in the next couple of days. > >> As there are test (your link) that are failing I would expect some >> sort of bug report. >> > They’re new tests. The tests haven’t been committed yet. > >> If VNET support in /etc/rc.d/ipsec is too "encouraging users" why is >> it in /etc/rc.d/[routing|netif|ipfw]. I just don't get it. >> > You’d have to ask jamie@, but I’d speculate that as this was done > earlier in the development of vnet so the issues that cause my > hesitation now may not have been considered then. > Also, routing is a more common code path than IPSec, thus more likely > to be tested and less likely to explode. (Although that wouldn’t apply > to ipfw.) I'm afraid I'm no more a vnet expert than anyone else around here. While I did the bit that put vnet under the auspices of jails, I didn't have anything to do with the actual networking side of things. On such esoteric things as how safe is 11 vs Current, I really have no idea. - Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99043e609d69713e651f9c2d53549ad8>