From owner-freebsd-net@freebsd.org  Wed Oct  9 18:39:00 2019
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5214C12B22A
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Wed,  9 Oct 2019 18:39:00 +0000 (UTC) (envelope-from lan@zato.ru)
Received: from mail.zato.ru (mail.zato.ru [178.255.248.12])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mail.zato.ru", Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 46pNKH1VKKz3KVV
 for <freebsd-net@freebsd.org>; Wed,  9 Oct 2019 18:38:58 +0000 (UTC)
 (envelope-from lan@zato.ru)
Received: from [82.209.121.13] (helo=[192.168.101.178])
 by mail.zato.ru with esmtpsa (TLSv1.2:AES128-SHA:128)
 (Exim 4.84 (FreeBSD)) (envelope-from <lan@zato.ru>)
 id 1iIGrQ-000OfT-7H
 for freebsd-net@freebsd.org; Wed, 09 Oct 2019 21:38:57 +0300
To: freebsd-net@freebsd.org
References: <213f9284-5ddd-4dbc-6631-f8592efa2995@zato.ru>
 <4A3381ED-7C78-48E2-BD1F-45B7A4A930CE@lists.zabbadoz.net>
 <a7872f80-5ae6-7ed0-494e-f7472190fe6c@zato.ru>
From: Alexander Lunev <lan@zato.ru>
Message-ID: <23b104ca-8e37-7ccc-1af5-a15f68930100@zato.ru>
Date: Wed, 9 Oct 2019 21:38:50 +0300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <a7872f80-5ae6-7ed0-494e-f7472190fe6c@zato.ru>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: ru
Content-Transfer-Encoding: 8bit
X-SA-Exim-Connect-IP: 82.209.121.13
X-SA-Exim-Mail-From: lan@zato.ru
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.zato.local
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED
 autolearn=unavailable autolearn_force=no version=3.4.2
Subject: Re: VLAN+bridge problem [was: no network between jails and host with
 VNET on same interface]
X-SA-Exim-Version: 4.2
X-SA-Exim-Scanned: Yes (on mail.zato.ru)
X-Rspamd-Queue-Id: 46pNKH1VKKz3KVV
X-Spamd-Bar: ------
X-Spamd-Result: default: False [-6.72 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[];
 R_DKIM_ALLOW(-0.20)[zato.ru:s=mailserverdkimkey];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:178.255.248.12];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain];
 TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 RCPT_COUNT_ONE(0.00)[1]; DKIM_TRACE(0.00)[zato.ru:+];
 DMARC_POLICY_ALLOW(-0.50)[zato.ru,reject];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+];
 IP_SCORE(-3.72)[ip: (-9.80), ipnet: 178.255.248.0/24(-4.90), asn:
 56868(-3.92), country: RU(0.01)]; 
 ASN(0.00)[asn:56868, ipnet:178.255.248.0/24, country:RU];
 MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[];
 RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2019 18:39:00 -0000

07.10.2019 8:21, Alexander N. Lunev via freebsd-net пишет:
> I've tested with tcpdump, and here's what i found:

 > Host interfaces:
 > em0 up
 > vlan22 10.15.15.1/24 vlandev em0 vlan22
 > epair0a - part of epair for jail foo
 > bridge0 addm epair0 addm em0

 > Jail foo interfaces:
 > epair0b up (vnet interface)
 > vlan22 10.15.15.2/24 vlandev epair0b vlan22

I found that there's already reported a bug 240106.

Just to spread the word - I've added comment about my situation with 
some more test with tcpdump:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240106#c3

To make it short here: if I add static ARP entries for IPs on host's and 
jail's vlan interfaces, then ICMP requests reach host's vlan interface, 
but replies doesn't return to jail. All tcpdump output is in my comment 
in PR, see link.

-- 
Best regards,
Alexander Lunev