Date: Wed, 29 Nov 2017 14:05:27 +0100 From: "Kristof Provost" <kristof@sigsegv.be> To: "Matthias Meyser" <matthias@harz.de> Cc: freebsd-jail@FreeBSD.org Subject: Re: IPSEC in VNET Jails Message-ID: <C93BA264-A200-4448-8F52-D9E347F066CF@sigsegv.be> In-Reply-To: <a249b135-35d8-97ed-d258-d61d3a3bc5d7@harz.de> References: <f144fcea-b5c2-683e-c7ca-5a86bc45ffbc@harz.de> <20A48018-1601-4AFC-95E5-AA9725E79E3D@sigsegv.be> <a249b135-35d8-97ed-d258-d61d3a3bc5d7@harz.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 29 Nov 2017, at 13:42, Matthias Meyser wrote: > Am 29.11.2017 um 12:40 schrieb Kristof Provost: >> I stand by my initial assessment that VNET is not sufficiently stable >> in stable/11 to encourage its use there. >> There are still issues with IPSec, even in head. See >> https://reviews.freebsd.org/D13017 for some more information on that. >> Those issues are being addressed in head, but I do not expect VNET to >> ever become robust in 11. > > I could not find any bug report about those problems. The issue discussed in D13017 was discovered by the new tests. There’s no bug report yet, and there probably won’t be one as it’ll likely get fixed in the next couple of days. > As there are test (your link) that are failing I would expect some > sort of bug report. > They’re new tests. The tests haven’t been committed yet. > If VNET support in /etc/rc.d/ipsec is too "encouraging users" why is > it in /etc/rc.d/[routing|netif|ipfw]. I just don't get it. > You’d have to ask jamie@, but I’d speculate that as this was done earlier in the development of vnet so the issues that cause my hesitation now may not have been considered then. Also, routing is a more common code path than IPSec, thus more likely to be tested and less likely to explode. (Although that wouldn’t apply to ipfw.) Regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C93BA264-A200-4448-8F52-D9E347F066CF>