Date: Mon, 19 Nov 2018 21:50:11 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 233341] 12.0-RC1 i386 vnet does not behave like the amd64 vnet version. Message-ID: <bug-233341-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233341 Bug ID: 233341 Summary: 12.0-RC1 i386 vnet does not behave like the amd64 vnet version. Product: Base System Version: 12.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: qjail1@a1poweruser.com Created attachment 199362 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D199362&action= =3Dedit pflog from host symptoms=3D i386 vnet does not behave like the amd64 vnet version. The i386 version is flooding the host pflog with ipv4 MULTICAST requests and ipv6 Neighborhood requests. The amd64 version doesn't do that. On the i386 system with all the vnet jails stopped and then issuing the shutdown command the system takes a dump only if vnet jails had been started/stopped. This does = not happen on a amd64 system.=20 Configuration =3D I386 box running pf firewall with very simple rules that = pass and log all traffic. This I386 box is on private lan so no nat being done. = Has vnet jail running pf firewall with very simple rules that pass and log all traffic. Host config =3D rc.conf=20 ifconfig_xl0=3D"DHCP" pf_enable=3D"YES"=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 pflog_enable=3D"YES"=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 pf_rules=3D"/etc/pf.rules.host"=20=20=20=20 pflog_logfile=3D"/var/log/pflog"=20=20=20 pf.rules.host oif =3D "xl0" set block-policy drop=20 set state-policy if-bound=20 set loginterface $oif scrub out on $oif all random-id scrub reassemble tcp set skip on lo0 pass out log (all) quick pass in log (all) quick Vnet jail configuration rc.conf gateway_enable=3D"YES" pf_enable=3D"YES" pf_rules=3D"/etc/pf.conf" pflog_enable=3D"YES" pflog_logfile=3D"/var/log/pflog" pf.conf oif=3Depair1b set block-policy drop set fail-policy drop set state-policy if-bound scrub in on $oif all set skip on lo0 block out log quick on $oif inet proto tcp from any to any port 43 pass out log (all) quick pass in log (all) quick After the vnet jail is started I see this on the host ipfconfig xl0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>=20 options=3D82009<RXCSUM,VLAN_MTU,WOL_MAGIC,LINKSTATE> ether 00:01:02:2f:c3:00 inet 10.0.10.6 netmask 0xfffffff0 broadcast 10.0.10.15 media: Ethernet autoselect (100baseTX <full-duplex>) status: active nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> pflog0: flags=3D141<UP,RUNNING,PROMISC> metric 0 mtu 33184 groups: pflog bridge10: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> ether 02:2a:47:08:71:0a id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: epair1a flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 7 priority 128 path cost 2000 member: xl0 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 2 priority 128 path cost 200000 groups: bridge nd6 options=3D9<PERFORMNUD,IFDISABLED> epair1a: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>=20 options=3D8<VLAN_MTU> ether 02:a0:73:db:2f:0a inet6 fe80::a0:73ff:fedb:2f0a%epair1a prefixlen 64 scopeid 0x7 groups: epair media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>) status: active nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL> ps ax 692 - DL 0:06.87 [pf purge] 1105 - Is 0:00.00 pflogd: [priv] (pflogd) 1106 - S 0:00.29 pflogd: [running] -s 116 -i pflog0=20 1409 - IsJ 0:00.01 pflogd: [priv] (pflogd) 1413 - SJ 0:00.31 pflogd: [running] -s 116 -i pflog0=20=20 1465 - SsJ 0:00.02 /usr/sbin/syslogd -ss 1521 - IsJ 0:00.03 /usr/sbin/cron -J 60 -s After the vnet jail is started I see this on the vnet console ipfconfig pflog0: flags=3D141<UP,RUNNING,PROMISC> metric 0 mtu 33184 groups: pflog epair1b: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> options=3D8<VLAN_MTU> ether 02:a0:73:db:2f:0b inet 10.0.10.31 netmask 0xff000000 broadcast 10.255.255.255 inet6 fe80::a0:73ff:fedb:2f0b%epair1b prefixlen 64 scopeid 0x3 groups: epair media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>) status: active nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL> ****************************************************** >From the vnet console I issue this command. ping -c 2 freebsd.org PING freebsd.org (96.47.72.84): 56 data bytes 64 bytes from 96.47.72.84: icmp_seq=3D0 ttl=3D46 time=3D39.367 ms 64 bytes from 96.47.72.84: icmp_seq=3D1 ttl=3D46 time=3D39.096 ms --- freebsd.org ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev =3D 39.096/39.231/39.367/0.135 ms Then I looked at the pflog on the host and in the vnet jail to see the ping packets and what I see is a flood of other=20 ipv4 and ipv6 packets. The ipv6 packet flood was there in 11.x i386=20 and now in 12.0 there is a flood of ipv4 packets. There is a bug report about the ipv6 packet flood in 11.x. A lot of network resources are=20 being consumed making this background noise. Looks like originating from vimage. The pflog host report is attached as separate file. pflog.txt.bug1.host --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-233341-227>