From owner-freebsd-pf@FreeBSD.ORG Fri Mar 5 19:46:49 2010 Return-Path: Delivered-To: pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 47949106564A; Fri, 5 Mar 2010 19:46:49 +0000 (UTC) (envelope-from julian@elischer.org) Received: from out-0.mx.aerioconnect.net (out-0-20.mx.aerioconnect.net [216.240.47.80]) by mx1.freebsd.org (Postfix) with ESMTP id 1D1B68FC19; Fri, 5 Mar 2010 19:46:48 +0000 (UTC) Received: from idiom.com (postfix@mx0.idiom.com [216.240.32.160]) by out-0.mx.aerioconnect.net (8.13.8/8.13.8) with ESMTP id o25JYFt5011050; Fri, 5 Mar 2010 11:34:15 -0800 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id BDE2F2D6018; Fri, 5 Mar 2010 11:34:14 -0800 (PST) Message-ID: <4B915CB5.4070702@elischer.org> Date: Fri, 05 Mar 2010 11:34:13 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: "jim@sifferle.net" References: <1266739527.25137.519.camel@localhost> <4B80F076.5020109@elischer.org> <20100221084118.W27327@maildrop.int.zabbadoz.net> <4B8169EB.4030100@elischer.org> <9a542da31002230211k2fb5d99do7ed574a8cd94f4d9@mail.gmail.com> <900375163.294375.1267816560546.JavaMail.open-xchange@oxusltgw09.schlund.de> In-Reply-To: <900375163.294375.1267816560546.JavaMail.open-xchange@oxusltgw09.schlund.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.67 on 216.240.47.51 Cc: "Bjoern A. Zeeb" , FreeBSD virtualization mailing list , pf@freebsd.org Subject: Re: Network simulation using jails & vimage X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2010 19:46:49 -0000 jim@sifferle.net wrote: > > On February 23, 2010 at 10:11 AM "Ermal Luçi" wrote: > > > On Sun, Feb 21, 2010 at 6:14 PM, Julian Elischer > wrote: > > > > > Bjoern A. Zeeb wrote: > > > > > >> On Sun, 21 Feb 2010, Julian Elischer wrote: > > >> > > >> Hi, > > >> > > >> Jim Sifferle wrote: > > >>> > > >>>> Hi, > > >>>> > > >>>> Does any FreeBSD branch / vimage release combination support > separate pf > > >>>> AND ipfw configurations per jail? I need ipfw+pf/altq for HFSC > queuing > > >>> > > >>> -current (9) should be close, with patches for pf supplied by ceri. > > >> > > >> s,ceri,eri, (Ermal Luçi) > > > > > > it'd be nice if itcould get committed > > > > > > Ermal, is it ready? > > > > > It is usable look at http://svn.freebsd.org/base/user/eri/pf45/head/. > > For vnet pfsync/pflow/pflog needs some fixes still. > > > > I just now had some time to put together a CURRENT box for testing. I'm > getting a 'Fatal trap 12: page fault while in kernel mode' whenever I > boot with pf_enable set to YES in rc.conf. Here's my current setup: > > > > - FreeBSD CURRENT cvs snapshot as of 2/25/10, running AMD64 kernel > > - GENERIC kernel compiled with ALTQ and VIMAGE options, invariants and > witness options disabled, plus Imunes patch for FreeBSD 8 RC3 available > here: http://imunes.net/imunes-8.0-RC3.diff > > - pf loaded as module with very simple pass all pf.conf > > - ipfw not loaded > > > > The Fatal trap seems to occur when pfctl is run. This is unfortunately one for Ermal, as I wouldn't know a pfctl command if it came up and kicked me in the shins. :-) We really should try get the new pf stuff into -current so that it gets more testing. > > I am recompiling my kernel with all debugging options turned on. > Hopefully I can get a good kernel dump. I will also try with fresh > kernel sources skipping the Imunes patch. Anything else I should try? > > > > Thanks for your help, > > > > Jim >