From owner-freebsd-jail@FreeBSD.ORG Tue Jan 27 14:17:09 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5C0E7AE1 for ; Tue, 27 Jan 2015 14:17:09 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2B5DB15A for ; Tue, 27 Jan 2015 14:17:08 +0000 (UTC) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 6E23120AA8 for ; Tue, 27 Jan 2015 09:17:05 -0500 (EST) Received: from web3 ([10.202.2.213]) by compute5.internal (MEProxy); Tue, 27 Jan 2015 09:17:05 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:x-sasl-enc:from:to :mime-version:content-transfer-encoding:content-type:subject :date:in-reply-to:references; s=smtpout; bh=8wJWvcUpKM2i806fz2HC 3cE3qvA=; b=f1+GEW8qaAYp5Ag06wZ27AOvUIj1RVkNMNA7U3zis0eQC64JVvHR 8dNVuYweGIxbz4qvOewXR0WkBjJgKXP82TOdx8QA0ADrR4a4W6ce+MBNd97Gezrc 2FHOqtJ/9E3nyOnkUsXwTFmfNRWwQov/XSY4B5bDMxGm2cM0RVTjbGA= Received: by web3.nyi.internal (Postfix, from userid 99) id 3E60910BA68; Tue, 27 Jan 2015 09:17:05 -0500 (EST) Message-Id: <1422368225.3958980.219494573.4EAD939C@webmail.messagingengine.com> X-Sasl-Enc: 41kSlclwzMNjGh+yZHzLPjIacddgPH4wfbQ9SAZR8JCe 1422368225 From: Mark Felder To: freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-46f3f2c7 Subject: Re: preferred jail management tool Date: Tue, 27 Jan 2015 08:17:05 -0600 In-Reply-To: <54C7958B.40007@gmail.com> References: <20150127012347.GA4940@lonesome.com> <20150127141239.V77290@sola.nimnet.asn.au> <54C7958B.40007@gmail.com> X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 14:17:09 -0000 On Tue, Jan 27, 2015, at 07:41, Ernie Luzar wrote: > > On the subject of vimage/vnet, vimage has many outstanding PRs and has > received absolutely no maintenance since it was first published. This statement is ridiculous. r276747 | rodrigc | 2015-01-06 03:03:03 -0600 (Tue, 06 Jan 2015) | 7 lines Instead of creating a purge thread for every vnet, create a single purge thread and clean up all vnets from this thread. r276746 | rodrigc | 2015-01-06 02:39:06 -0600 (Tue, 06 Jan 2015) | 14 lines Merge: r258322 from projects/pf branch Split functions that initialize various pf parts into their vimage parts and global parts. Since global parts appeared to be only mutex initializations, just abandon them and use MTX_SYSINIT() instead. Kill my incorrect VNET_FOREACH() iterator and instead use correct approach with VNET_SYSINIT(). r275599 | rodrigc | 2014-12-08 01:25:59 -0600 (Mon, 08 Dec 2014) | 11 lines Use CURVNET macros inside inet_get_local_port_range() function. Without this fix, a kernel with VIMAGE + Infiniband will panic on bootup. Certain necessary #include statements require LIST_HEAD. Add these includes to ofed/include/linux/list.h, because LIST_HEAD is specifically overridden in this file. r275555 | rodrigc | 2014-12-05 20:59:59 -0600 (Fri, 05 Dec 2014) | 8 lines MFp4: @181627 Allow UMA allocated memory to be freed when VNET jails are torn down. r274803 | rodrigc | 2014-11-21 11:57:37 -0600 (Fri, 21 Nov 2014) | 4 lines Create a vimage.9 link to vnet.9 r274745 | rodrigc | 2014-11-20 03:56:34 -0600 (Thu, 20 Nov 2014) | 8 lines MFp4: @179066 Add page which describes VNET network stack virtualization infrastructure. r274744 | rodrigc | 2014-11-20 02:11:54 -0600 (Thu, 20 Nov 2014) | 15 lines Set the current vnet inside the ioctl handler for ipfilter. Without this fix, the vnet was NULL and would crash. This fix is similar to what was done inside the ioctl handler for PF. Tested by: (1) Boot a kernel with "options VIMAGE" enabled (2) Type: echo "map lo0 from 10.0.0.0/24 to ! 10.0.0.0/24 -> 127.0.0.1/32" > /etc/ipnat.rules ; service ipnat onerestart r272889 | hrs | 2014-10-10 01:45:13 -0500 (Fri, 10 Oct 2014) | 5 lines Virtualize if_epair(4). An if_xname check for both "a" and "b" interfaces is added to return EEXIST when only "b" interface exists---this can happen when epairb is moved to a vnet jail and then "ifconfig epair create" is invoked there. r272386 | hrs | 2014-10-01 16:37:32 -0500 (Wed, 01 Oct 2014) | 10 lines Virtualize lagg(4) cloner. This change fixes a panic when tearing down if_lagg(4) interfaces which were cloned in a vnet jail. Sysctl nodes which are dynamically generated for each cloned interface (net.link.lagg.N.*) have been removed, and use_flowid and flowid_shift ifconfig(8) parameters have been added instead. Flags and per-interface statistics counters are displayed in "ifconfig -v". I could go on, but I'm sure you can search the svn logs yourself. > Vimage has to be compiled into the kernel and its kernel compile option > has comment that it is highly experimental. No it doesn't. # Network stack virtualization. #options VIMAGE #options VNET_DEBUG # debug for VIMAGE See for yourself: https://svnweb.freebsd.org/base/head/sys/conf/NOTES?view=markup