From owner-freebsd-current@freebsd.org  Tue Nov 10 21:45:22 2015
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 61C2AA2C5D7
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Tue, 10 Nov 2015 21:45:22 +0000 (UTC)
 (envelope-from yaneurabeya@gmail.com)
Received: from mail-qk0-x22f.google.com (mail-qk0-x22f.google.com
 [IPv6:2607:f8b0:400d:c09::22f])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 16D801D7B;
 Tue, 10 Nov 2015 21:45:22 +0000 (UTC)
 (envelope-from yaneurabeya@gmail.com)
Received: by qkas77 with SMTP id s77so5013110qka.0;
 Tue, 10 Nov 2015 13:45:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=auiDpHS0D6fUUJeU2FAbsjpztyKKwvbMmtr2jVl7n6E=;
 b=nb4a/xx4cDYDcsy+SaoEWpt/aV0rs1KW9xZUiZ/js/ahSFfD2M94169WY+8UpvYdIf
 e9l77QddpQU0K6a6/yneHGjZlRw8jH2aYGCNQ4leAKuSnIOXau4CXH3o2yb1BJaKkKYm
 f6PLhcdto8HAQiQFmVprU4SHyS3ZyPMnqeSlczK7+cb/PIDFvFqRAAYcu7O35uO2fqtE
 1f3AlCWhkE/Ej7axu6PFHhFxvfTe8eELJ5uzSF4KH/C/EGe021vFwJynEQwsCNgurIU2
 bSlQSCdVOXTHnWiu4bGylt0y5IcT6fVKJBwK+Hym/qOXEh/oK2rBGGri7FE+qx92Iv7B
 Qdaw==
MIME-Version: 1.0
X-Received: by 10.55.79.68 with SMTP id d65mr7422227qkb.35.1447191921259; Tue,
 10 Nov 2015 13:45:21 -0800 (PST)
Received: by 10.140.88.209 with HTTP; Tue, 10 Nov 2015 13:45:21 -0800 (PST)
In-Reply-To: <20151110212805.GB13268@vega.codepro.be>
References: <CAExMvs=jVsASLyiqU9nTpir0Hy_s_DfChgf4XKeGWv-8yojNBw@mail.gmail.com>
 <13324720.omGDCH0sVj@hbsd-dev-laptop>
 <D8AAC66A-ED1D-4A6C-9CCF-447CA788073A@FreeBSD.org>
 <5815854.WJiA8b3P58@hbsd-dev-laptop>
 <20151110024701.GA2694@mutt-hardenedbsd>
 <20151110212805.GB13268@vega.codepro.be>
Date: Tue, 10 Nov 2015 13:45:21 -0800
Message-ID: <CAGHfRMBSAuz823rVC_BVsvucpaaxMocM1=-aG+XCTebXpJNO4g@mail.gmail.com>
Subject: Re: pf NAT and VNET Jails
From: NGie Cooper <yaneurabeya@gmail.com>
To: Kristof Provost <kp@freebsd.org>
Cc: Shawn Webb <shawn.webb@hardenedbsd.org>, 
 FreeBSD Current <freebsd-current@freebsd.org>
Content-Type: text/plain; charset=UTF-8
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2015 21:45:22 -0000

On Tue, Nov 10, 2015 at 1:28 PM, Kristof Provost <kp@freebsd.org> wrote:
> On 2015-11-09 21:47:01 (-0500), Shawn Webb <shawn.webb@hardenedbsd.org> wrote:
>> I found the problem: it seems that the new Intel Haswell graphics
>> support (which I've been running with) is at odds somehow with pf NAT.
>> Removing Haswell graphics support means working pf NAT.
>>
> That's ... very strange.
>
> I've built the drm-i915-update-38 branch of http:////github.com/freebsd/freebsd-base-graphics.git,
> but still haven't managed to reproduce the problem.
> It is if course entirely possible that it would only manifest if the
> haswell graphics are actually in use. In that case there's little I can
> do as I don't have haswell hardware I could test on.

1. Add memguard(9) support to kernel.
2. Set the descriptions for the zones (as noted in the manpage) to
catch panics when either driver tries to touch eachothers' space.
Cheers,
-NGie