Date: Tue, 18 Nov 2014 19:28:05 -0800 From: Craig Rodrigues <rodrigc@FreeBSD.org> To: FreeBSD Net <freebsd-net@freebsd.org> Cc: Alfred Perlstein <alfred@freebsd.org>, "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org>, Warner Losh <imp@bsdimp.com>, freebsd-arch <freebsd-arch@freebsd.org> Subject: Re: RFC: Enabling VIMAGE in GENERIC Message-ID: <CAG=rPVeEEuK874g6%2BfVpHa5J_4V%2BA%2BQNbB5bCpXiS86jZW_U3Q@mail.gmail.com> In-Reply-To: <546A34C8.6060004@freebsd.org> References: <CAG=rPVccq7R5%2Bcbm6nR1WCZDM=-xwwkmF=cw8PCuk58oHPA-gQ@mail.gmail.com> <1423616F-F44D-47E5-8595-DE862DC04464@bsdimp.com> <546A34C8.6060004@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 17, 2014 at 9:47 AM, Alfred Perlstein <alfred@freebsd.org> wrote: > > On 11/17/14, 3:02 AM, Warner Losh wrote: > >> On Nov 17, 2014, at 12:46 AM, Craig Rodrigues <rodrigc@FreeBSD.org> >> wrote: >> >> >>> (3) Take a pass through http://wiki.freebsd.org/VIMAGE/TODO >>> and >>> https://bugs.freebsd.org/bugzilla/buglist.cgi? >>> quicksearch=vimage%20or%20vnet >>> and try to clean things up. Get help from net@ developers to >>> do >>> this. >>> >> And if these don't get cleaned up? >> > If they are not cleaned/stable up by 11-RELEASE then we turn it off. That > is simple. > Yes, I agree with Alfred that we can turn VIMAGE back off before 11-RELEASE if things don't get cleaned up. We have approximately until the end of 2015, so that gives us time. > > >> (4) Take a pass on trying to VIMAGE-ify ipfilter. I'll need help from >>> the ipfilter maintainers for this and some net@ developers. >>> >> And if this doesn't happen? >> > > Well we do have 2 other firewalls in the kernel to pick, but we do need > VIMAGE so I will let you draw your own conclusions. > Again, I agree with Alfred on this. Darren Reed originally imported ipfilter into FreeBSD, but hasn't actively maintained it (in FreeBSD) in a while. Cy Schubert has recently expressed interest in ipfilter and has committed some fixes in the past year, but has not fixed the VIMAGE problems ( https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=176992 ). I can take an initial effort at trying to fix VIMAGE + ipfilter. In the past, I've delved into areas I'm not so familiar with in order to fix VIMAGE + Bluetooth. If Cy can provide any knowledge or guidance, that will be great. A lot of bug fixes have gone into VIMAGE in the past 2 years, and I have received multiple reports of people using it in production environments. See the latest post by Peter Ross. To flush out the last few issues and corner cases, I think we need to turn VIMAGE on by default and get feedback and help from the FreeBSD user community and developers to identify and fix the problems. We have about 1 year until 11-RELEASE, so I think it is OK to do this. I would also add two items to my action plan. (6) Ask clusteradm to run one of the machines they use for PF firewalls + IPv6 with a VIMAGE enabled kernel, and provide feedback. (7) Ask for help with testing from companies who have more involvement with the network stack. Two of the people in the CC: line of this e-mail work for such places. :) -- Craig -- Craig
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG=rPVeEEuK874g6%2BfVpHa5J_4V%2BA%2BQNbB5bCpXiS86jZW_U3Q>