From owner-freebsd-virtualization@FreeBSD.ORG Wed Nov 19 03:28:08 2014 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 01086F50; Wed, 19 Nov 2014 03:28:07 +0000 (UTC) Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com [IPv6:2a00:1450:4010:c03::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 70949F09; Wed, 19 Nov 2014 03:28:07 +0000 (UTC) Received: by mail-la0-f42.google.com with SMTP id s18so7259758lam.15 for ; Tue, 18 Nov 2014 19:28:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=AaS3LXE8s4tueoBKaQu1DRvqPKO2t73RzBNcmRfqN5A=; b=R8KqIplC7EQjD9z4qWUFT6jo0oqhB/n9huMPO5v5gLKJSy9RlI2HWYfr197Lpxj5sz Qr/JjME0F2/ruHHZ8SP8USg+3YtaSniqPTlMgsgInhNeL2ODZB/CHMz6UXrYkZOlCzeE I0PJfg51NYlRBehYRLBiBjWehY/0D4rnc//1CP+rpSG+YS2CWhFnEwWAFnzL8TJNfUY0 rAEjAkKmJtdGegmcq5dlL+aMmLTtJ7XMzDcbCK0PQ263W+nFfJCYY+1bIwnvPfWHL38I EJdaI+BNaStA2C7W8UEm0IeRXMrY/LTUdZevILgvTyuqDLfCo4S2sToZYd5K/9CuSm5L 2Zkg== MIME-Version: 1.0 X-Received: by 10.112.135.229 with SMTP id pv5mr2928817lbb.52.1416367685372; Tue, 18 Nov 2014 19:28:05 -0800 (PST) Sender: crodr001@gmail.com Received: by 10.112.130.168 with HTTP; Tue, 18 Nov 2014 19:28:05 -0800 (PST) In-Reply-To: <546A34C8.6060004@freebsd.org> References: <1423616F-F44D-47E5-8595-DE862DC04464@bsdimp.com> <546A34C8.6060004@freebsd.org> Date: Tue, 18 Nov 2014 19:28:05 -0800 X-Google-Sender-Auth: TTScpdATYtYmx9Wo88nvuv4WoVY Message-ID: Subject: Re: RFC: Enabling VIMAGE in GENERIC From: Craig Rodrigues To: FreeBSD Net Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: "freebsd-virtualization@freebsd.org" , Warner Losh , freebsd-arch X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2014 03:28:08 -0000 On Mon, Nov 17, 2014 at 9:47 AM, Alfred Perlstein wrote: > > On 11/17/14, 3:02 AM, Warner Losh wrote: > >> On Nov 17, 2014, at 12:46 AM, Craig Rodrigues >> wrote: >> >> >>> (3) Take a pass through http://wiki.freebsd.org/VIMAGE/TODO >>> and >>> https://bugs.freebsd.org/bugzilla/buglist.cgi? >>> quicksearch=vimage%20or%20vnet >>> and try to clean things up. Get help from net@ developers to >>> do >>> this. >>> >> And if these don't get cleaned up? >> > If they are not cleaned/stable up by 11-RELEASE then we turn it off. That > is simple. > Yes, I agree with Alfred that we can turn VIMAGE back off before 11-RELEASE if things don't get cleaned up. We have approximately until the end of 2015, so that gives us time. > > >> (4) Take a pass on trying to VIMAGE-ify ipfilter. I'll need help from >>> the ipfilter maintainers for this and some net@ developers. >>> >> And if this doesn't happen? >> > > Well we do have 2 other firewalls in the kernel to pick, but we do need > VIMAGE so I will let you draw your own conclusions. > Again, I agree with Alfred on this. Darren Reed originally imported ipfilter into FreeBSD, but hasn't actively maintained it (in FreeBSD) in a while. Cy Schubert has recently expressed interest in ipfilter and has committed some fixes in the past year, but has not fixed the VIMAGE problems ( https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=176992 ). I can take an initial effort at trying to fix VIMAGE + ipfilter. In the past, I've delved into areas I'm not so familiar with in order to fix VIMAGE + Bluetooth. If Cy can provide any knowledge or guidance, that will be great. A lot of bug fixes have gone into VIMAGE in the past 2 years, and I have received multiple reports of people using it in production environments. See the latest post by Peter Ross. To flush out the last few issues and corner cases, I think we need to turn VIMAGE on by default and get feedback and help from the FreeBSD user community and developers to identify and fix the problems. We have about 1 year until 11-RELEASE, so I think it is OK to do this. I would also add two items to my action plan. (6) Ask clusteradm to run one of the machines they use for PF firewalls + IPv6 with a VIMAGE enabled kernel, and provide feedback. (7) Ask for help with testing from companies who have more involvement with the network stack. Two of the people in the CC: line of this e-mail work for such places. :) -- Craig -- Craig