From owner-freebsd-jail@freebsd.org Wed Nov 29 11:22:28 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3656AE4F7D6 for ; Wed, 29 Nov 2017 11:22:28 +0000 (UTC) (envelope-from matthias@harz.de) Received: from server1.xenet.de (server1.xenet.de [213.221.94.201]) by mx1.freebsd.org (Postfix) with ESMTP id B202A700E6 for ; Wed, 29 Nov 2017 11:22:27 +0000 (UTC) (envelope-from matthias@harz.de) Received: from [10.0.0.68] (xenet.gate.xenet.de [213.221.94.32]) (authenticated bits=0) by server1.xenet.de (8.12.5/8.12.5) with ESMTP id vATBG5fs001199 for ; Wed, 29 Nov 2017 12:16:05 +0100 (CET) (envelope-from matthias@harz.de) To: freebsd-jail@FreeBSD.org From: Matthias Meyser Subject: IPSEC in VNET Jails Message-ID: Date: Wed, 29 Nov 2017 12:16:08 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Nov 2017 11:22:28 -0000 Hi i use a IPSEC Tunnel inside a VNET jail without problems. Annoyingly /etc/rc.d/ipsec dos not run in VNET jails. This is fixed in head see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211364 This is NOT MFCed to stable/11 because the author isn't convinced that VNET jails are "is sufficiently robust in stable/11 to encourage people to use it" As this fix only makes a difference if you 1) Have compiled a Kernel WITH VIMAGE support 2) Setup and configured a VNET jail. 3) Setup IPSEC inside the VNET jail. i think this should be MFCed. -- Matthias Meyser 38678 Clausthal-Zellerfeld, Marktstrasse 40 Telefon: +49 5323 9839910 Fax: +49 5323 9839917 From owner-freebsd-jail@freebsd.org Wed Nov 29 11:40:16 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E4BB8E4FB32 for ; Wed, 29 Nov 2017 11:40:16 +0000 (UTC) (envelope-from srs0=oboh=c3=sigsegv.be=kristof@codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AEF6A70592 for ; Wed, 29 Nov 2017 11:40:16 +0000 (UTC) (envelope-from srs0=oboh=c3=sigsegv.be=kristof@codepro.be) Received: from [172.16.5.2] (vega.codepro.be [IPv6:2a01:4f8:162:1127::3]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id D667F3398E; Wed, 29 Nov 2017 12:40:13 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigsegv.be; s=mail; t=1511955613; bh=+PPXCSc6zg5XiDFe5rz/yG92uV+f6tj1YAUoVwEbKAE=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=MobAgx8BUCR3hEVJUzPeJlefF9ea6uSQGchqVCFp6uiOaUTHr2eeiNdBj07Wy3ntE zxwQehPmD/tU5Rs7WgVH5h/K9yh47tlDZpgEx/BYDipcEAbOatt+A2NeyNy6cEZfYf IKxOms8qNV81iYVnhlYYj4gmqvBQD0i5vNuk6HOM= From: "Kristof Provost" To: "Matthias Meyser" Cc: freebsd-jail@FreeBSD.org Subject: Re: IPSEC in VNET Jails Date: Wed, 29 Nov 2017 12:40:22 +0100 X-Mailer: MailMate (2.0BETAr6098) Message-ID: <20A48018-1601-4AFC-95E5-AA9725E79E3D@sigsegv.be> In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; format=flowed X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Nov 2017 11:40:17 -0000 On 29 Nov 2017, at 12:16, Matthias Meyser wrote: > Hi > > i use a IPSEC Tunnel inside a VNET jail without problems. > > Annoyingly /etc/rc.d/ipsec dos not run in VNET jails. > > This is fixed in head see > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211364 > > This is NOT MFCed to stable/11 because the author isn't convinced that > VNET jails are "is sufficiently robust in stable/11 to encourage > people to use it" > > As this fix only makes a difference if you > > 1) Have compiled a Kernel WITH VIMAGE support > 2) Setup and configured a VNET jail. > 3) Setup IPSEC inside the VNET jail. > > i think this should be MFCed. > I stand by my initial assessment that VNET is not sufficiently stable in stable/11 to encourage its use there. There are still issues with IPSec, even in head. See https://reviews.freebsd.org/D13017 for some more information on that. Those issues are being addressed in head, but I do not expect VNET to ever become robust in 11. Regards, Kristof From owner-freebsd-jail@freebsd.org Wed Nov 29 12:42:53 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BE6F2E53224 for ; Wed, 29 Nov 2017 12:42:53 +0000 (UTC) (envelope-from matthias@harz.de) Received: from server1.xenet.de (server1.xenet.de [213.221.94.201]) by mx1.freebsd.org (Postfix) with ESMTP id 5A0B472D1B for ; Wed, 29 Nov 2017 12:42:52 +0000 (UTC) (envelope-from matthias@harz.de) Received: from [10.0.0.68] (xenet.gate.xenet.de [213.221.94.32]) (authenticated bits=0) by server1.xenet.de (8.12.5/8.12.5) with ESMTP id vATCgpfs003098; Wed, 29 Nov 2017 13:42:51 +0100 (CET) (envelope-from matthias@harz.de) Subject: Re: IPSEC in VNET Jails To: Kristof Provost Cc: freebsd-jail@FreeBSD.org References: <20A48018-1601-4AFC-95E5-AA9725E79E3D@sigsegv.be> From: Matthias Meyser Message-ID: Date: Wed, 29 Nov 2017 13:42:54 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <20A48018-1601-4AFC-95E5-AA9725E79E3D@sigsegv.be> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Nov 2017 12:42:53 -0000 Am 29.11.2017 um 12:40 schrieb Kristof Provost: > On 29 Nov 2017, at 12:16, Matthias Meyser wrote: >> Hi >> >> i use a IPSEC Tunnel inside a VNET jail without problems. >> >> Annoyingly /etc/rc.d/ipsec dos not run in VNET jails. >> >> This is fixed in head see >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211364 >> >> This is NOT MFCed to stable/11 because the author isn't convinced that >> VNET jails are "is sufficiently robust in stable/11 to encourage people to >> use it" >> >> As this fix only makes a difference if you >> >> 1) Have compiled a Kernel WITH VIMAGE support >> 2) Setup and configured a VNET jail. >> 3) Setup IPSEC inside the VNET jail. >> >> i think this should be MFCed. >> > I stand by my initial assessment that VNET is not sufficiently stable in > stable/11 to encourage its use there. > There are still issues with IPSec, even in head. See > https://reviews.freebsd.org/D13017 for some more information on that. > Those issues are being addressed in head, but I do not expect VNET to ever > become robust in 11. I could not find any bug report about those problems. As there are test (your link) that are failing I would expect some sort of bug report. If VNET support in /etc/rc.d/ipsec is too "encouraging users" why is it in /etc/rc.d/[routing|netif|ipfw]. I just don't get it. Regards Matthias > > Regards, > Kristof > -- Matthias Meyser 38678 Clausthal-Zellerfeld, Marktstrasse 40 Telefon: +49 5323 9839910 Fax: +49 5323 9839917 From owner-freebsd-jail@freebsd.org Wed Nov 29 13:05:21 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 30A13E538B6 for ; Wed, 29 Nov 2017 13:05:21 +0000 (UTC) (envelope-from srs0=oboh=c3=sigsegv.be=kristof@codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E1AAD738EE for ; Wed, 29 Nov 2017 13:05:20 +0000 (UTC) (envelope-from srs0=oboh=c3=sigsegv.be=kristof@codepro.be) Received: from [172.16.5.2] (vega.codepro.be [IPv6:2a01:4f8:162:1127::3]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id AD1CE340F0; Wed, 29 Nov 2017 14:05:18 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigsegv.be; s=mail; t=1511960718; bh=bJcs21r6w00biXIr5/6g3FU+vPEAOW3M0JpgcABioEY=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=DFkM4fYKHJ2Mw3X8g9Xa3EiRhbD3qfk30pO/2I/D9hykcnYbXfAo3zYCixb3594UC K3nw3ZJ8hnpa+Yy0s/xBZb64eXvMoUfE77GkkXO5/VTlu5n5OSHw6SJEboCEeT9ReU ZKr2lCVWNWRHet661NezN88mE4f4/y+7Rc8OA1gE= From: "Kristof Provost" To: "Matthias Meyser" Cc: freebsd-jail@FreeBSD.org Subject: Re: IPSEC in VNET Jails Date: Wed, 29 Nov 2017 14:05:27 +0100 X-Mailer: MailMate (2.0BETAr6098) Message-ID: In-Reply-To: References: <20A48018-1601-4AFC-95E5-AA9725E79E3D@sigsegv.be> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed; markup=markdown Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Nov 2017 13:05:21 -0000 On 29 Nov 2017, at 13:42, Matthias Meyser wrote: > Am 29.11.2017 um 12:40 schrieb Kristof Provost: >> I stand by my initial assessment that VNET is not sufficiently stable >> in stable/11 to encourage its use there. >> There are still issues with IPSec, even in head. See >> https://reviews.freebsd.org/D13017 for some more information on that. >> Those issues are being addressed in head, but I do not expect VNET to >> ever become robust in 11. > > I could not find any bug report about those problems. The issue discussed in D13017 was discovered by the new tests. There’s no bug report yet, and there probably won’t be one as it’ll likely get fixed in the next couple of days. > As there are test (your link) that are failing I would expect some > sort of bug report. > They’re new tests. The tests haven’t been committed yet. > If VNET support in /etc/rc.d/ipsec is too "encouraging users" why is > it in /etc/rc.d/[routing|netif|ipfw]. I just don't get it. > You’d have to ask jamie@, but I’d speculate that as this was done earlier in the development of vnet so the issues that cause my hesitation now may not have been considered then. Also, routing is a more common code path than IPSec, thus more likely to be tested and less likely to explode. (Although that wouldn’t apply to ipfw.) Regards, Kristof From owner-freebsd-jail@freebsd.org Wed Nov 29 16:38:17 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E237EE5D5E7 for ; Wed, 29 Nov 2017 16:38:17 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [199.192.165.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gritton.org", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id A31647B48D for ; Wed, 29 Nov 2017 16:38:17 +0000 (UTC) (envelope-from jamie@gritton.org) Received: from gritton.org (gritton.org [199.192.165.131]) by gritton.org (8.15.2/8.15.2) with ESMTP id vATGcAhO047532; Wed, 29 Nov 2017 09:38:10 -0700 (MST) (envelope-from jamie@gritton.org) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Wed, 29 Nov 2017 09:38:10 -0700 From: James Gritton To: freebsd-jail@freebsd.org Cc: Kristof Provost , Matthias Meyser Subject: Re: IPSEC in VNET Jails In-Reply-To: References: <20A48018-1601-4AFC-95E5-AA9725E79E3D@sigsegv.be> Message-ID: <99043e609d69713e651f9c2d53549ad8@gritton.org> X-Sender: jamie@gritton.org User-Agent: Roundcube Webmail/1.3.3 X-Greylist: inspected by milter-greylist-4.6.2 (gritton.org [199.192.165.131]); Wed, 29 Nov 2017 09:38:11 -0700 (MST) for IP:'199.192.165.131' DOMAIN:'gritton.org' HELO:'gritton.org' FROM:'jamie@gritton.org' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (gritton.org [199.192.165.131]); Wed, 29 Nov 2017 09:38:11 -0700 (MST) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Nov 2017 16:38:18 -0000 On 2017-11-29 06:05, Kristof Provost wrote: > On 29 Nov 2017, at 13:42, Matthias Meyser wrote: >> Am 29.11.2017 um 12:40 schrieb Kristof Provost: >>> I stand by my initial assessment that VNET is not sufficiently stable >>> in stable/11 to encourage its use there. >>> There are still issues with IPSec, even in head. See >>> https://reviews.freebsd.org/D13017 for some more information on that. >>> Those issues are being addressed in head, but I do not expect VNET to >>> ever become robust in 11. >> >> I could not find any bug report about those problems. > The issue discussed in D13017 was discovered by the new tests. There’s > no bug report yet, and there probably won’t be one as it’ll likely get > fixed in the next couple of days. > >> As there are test (your link) that are failing I would expect some >> sort of bug report. >> > They’re new tests. The tests haven’t been committed yet. > >> If VNET support in /etc/rc.d/ipsec is too "encouraging users" why is >> it in /etc/rc.d/[routing|netif|ipfw]. I just don't get it. >> > You’d have to ask jamie@, but I’d speculate that as this was done > earlier in the development of vnet so the issues that cause my > hesitation now may not have been considered then. > Also, routing is a more common code path than IPSec, thus more likely > to be tested and less likely to explode. (Although that wouldn’t apply > to ipfw.) I'm afraid I'm no more a vnet expert than anyone else around here. While I did the bit that put vnet under the auspices of jails, I didn't have anything to do with the actual networking side of things. On such esoteric things as how safe is 11 vs Current, I really have no idea. - Jamie From owner-freebsd-jail@freebsd.org Wed Nov 29 17:03:24 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9141AE5DF79 for ; Wed, 29 Nov 2017 17:03:24 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 559CD7C108 for ; Wed, 29 Nov 2017 17:03:24 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 4480F25D3860; Wed, 29 Nov 2017 17:03:21 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 7A66ED1F822; Wed, 29 Nov 2017 17:03:20 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id oUAdns6xW9SA; Wed, 29 Nov 2017 17:03:19 +0000 (UTC) Received: from [10.248.102.39] (fresh-ayiya.sbone.de [IPv6:fde9:577b:c1a9:f001::2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id D3A27D1F821; Wed, 29 Nov 2017 17:03:18 +0000 (UTC) From: "Bjoern A. Zeeb" To: "Kristof Provost" Cc: "Matthias Meyser" , freebsd-jail@FreeBSD.org Subject: Re: IPSEC in VNET Jails Date: Wed, 29 Nov 2017 17:03:17 +0000 X-Mailer: MailMate (2.0BETAr6098) Message-ID: In-Reply-To: <20A48018-1601-4AFC-95E5-AA9725E79E3D@sigsegv.be> References: <20A48018-1601-4AFC-95E5-AA9725E79E3D@sigsegv.be> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Nov 2017 17:03:24 -0000 On 29 Nov 2017, at 11:40, Kristof Provost wrote: > On 29 Nov 2017, at 12:16, Matthias Meyser wrote: >> Hi >> >> i use a IPSEC Tunnel inside a VNET jail without problems. >> >> Annoyingly /etc/rc.d/ipsec dos not run in VNET jails. >> >> This is fixed in head see >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211364 >> >> This is NOT MFCed to stable/11 because the author isn't convinced >> that VNET jails are "is sufficiently robust in stable/11 to encourage >> people to use it" >> >> As this fix only makes a difference if you >> >> 1) Have compiled a Kernel WITH VIMAGE support >> 2) Setup and configured a VNET jail. >> 3) Setup IPSEC inside the VNET jail. >> >> i think this should be MFCed. >> > I stand by my initial assessment that VNET is not sufficiently stable > in stable/11 to encourage its use there. > There are still issues with IPSec, even in head. See > https://reviews.freebsd.org/D13017 for some more information on that. > Those issues are being addressed in head, but I do not expect VNET to > ever become robust in 11. Well, whether people will use it or not is their decision. If they want to give it a try I don’t see any harm why ipsec should not start. It’s a lot more likely to work than some firewalls, given I used it years ago under vnet to debug ipcomp problems. I think in order to not waste more time on this, can we just MFC the change to 11? Feel free to put in “Urged to by: bz” Thanks, /bz From owner-freebsd-jail@freebsd.org Wed Nov 29 22:19:22 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 411BBDEB869 for ; Wed, 29 Nov 2017 22:19:22 +0000 (UTC) (envelope-from srs0=oboh=c3=sigsegv.be=kristof@codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 09AFB670BB; Wed, 29 Nov 2017 22:19:21 +0000 (UTC) (envelope-from srs0=oboh=c3=sigsegv.be=kristof@codepro.be) Received: from [192.168.228.1] (ptr-8ripyyfor05a8iv5ffe.18120a2.ip6.access.telenet.be [IPv6:2a02:1811:2419:4e02:54c8:e441:6c99:e45a]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id A231534CF4; Wed, 29 Nov 2017 23:19:19 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigsegv.be; s=mail; t=1511993959; bh=oAwVOM6DJVdu3yp1ep0D7u2eFneYjTw6zNrUf7IWp1c=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=LCjAKmq+QHHhDJXNudxYI0LBurWPa6+C/BAKJW54HbqvRr+dINMzj56ChRKyMVe6A MXbWc81B5nMiqRHDT3sB9VPEHJsvDEAmW8woqMCAOmmifxELQCoOHdt72Iib9wXGur 6WtWeL9lEG0ZhQMkd5+vwkth2xZKamXVN29436MU= From: "Kristof Provost" To: "Bjoern A. Zeeb" Cc: "Matthias Meyser" , freebsd-jail@FreeBSD.org Subject: Re: IPSEC in VNET Jails Date: Wed, 29 Nov 2017 23:19:17 +0100 X-Mailer: MailMate (2.0BETAr6098) Message-ID: In-Reply-To: References: <20A48018-1601-4AFC-95E5-AA9725E79E3D@sigsegv.be> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed; markup=markdown Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Nov 2017 22:19:22 -0000 On 29 Nov 2017, at 18:03, Bjoern A. Zeeb wrote: > I think in order to not waste more time on this, can we just MFC the > change to 11? > > Feel free to put in “Urged to by: bz” > I’ve got another MFC to do in the next couple of days. I’ll see about doing them both. Regards, Kristof From owner-freebsd-jail@freebsd.org Thu Nov 30 13:36:51 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EE95BE56A4A for ; Thu, 30 Nov 2017 13:36:51 +0000 (UTC) (envelope-from notification+z=f_92yc@facebookmail.com) Received: from mx-out.facebook.com (66-220-155-150.outmail.facebook.com [66.220.155.150]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 21F806439E for ; Thu, 30 Nov 2017 13:36:50 +0000 (UTC) (envelope-from notification+z=f_92yc@facebookmail.com) Received: from facebook.com (BnQiSLy5Ce5QWFryj7j3ohJj79EFlZAOtcbOhbUc6M6NiPvFbnTKpQNAvwqTcW8n 2401:db00:0030:8046:face:0000:0009:0000) by facebook.com with Thrift id 82e0e1f0d5d311e79190248a07b10c98-7a5fb058; Thu, 30 Nov 2017 05:36:46 -0800 X-Facebook: from 2401:db00:30:31b3:face:0:4c:0 ([MTI3LjAuMC4x]) by async.twshared5831.06.prn3.facebook.com with HTTP (ZuckMail); Date: Thu, 30 Nov 2017 05:36:46 -0800 To: Zhang Elisa Subject: =?UTF-8?B?WmhhbmcgRWxpc2HvvIzkvaDmnIkx?= =?UTF-8?B?IOadoeaWsOmAmuefpQ==?= X-Priority: 3 X-Mailer: ZuckMail [version 1.00] From: "Facebook" Reply-to: noreply Errors-To: notification+z=f_92yc@facebookmail.com X-Facebook-Notify: stale_notifications; mailid=55f330e386bcfG45c0dbe8G55f3357ce6ea1G32b Feedback-ID: 3180:stale_notifications:Facebook X-FACEBOOK-PRIORITY: 1 X-Auto-Response-Suppress: All Require-Recipient-Valid-Since: freebsd-jail@freebsd.org; Tuesday, 17 Mar 2009 14:58:38 +0000 Message-ID: <5d6d18f634c8a86ed4f8d4deb4b6a137@async.twshared5831.06.prn3.facebook.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Nov 2017 13:36:52 -0000 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =E5=89=8D=E5=BE=80 Facebook https://www.facebook.com/n/?aref=3D1512049004670625&medium=3Demail&mid=3D5= 5f330e386bcfG45c0dbe8G55f3357ce6ea1G32b&bcode=3D2.1512049006.AbzgZYn8n2G5M= eiO2Uw&n_m=3Dfreebsd-jail%40freebsd.org&lloc=3D2nd_cta =E6=9F=A5=E7=9C=8B=E9=80=9A=E7=9F=A5 https://www.facebook.com/n/?notifications&aref=3D1512049004670625&medium= =3Demail&mid=3D55f330e386bcfG45c0dbe8G55f3357ce6ea1G32b&bcode=3D2.15120490= 06.AbzgZYn8n2G5MeiO2Uw&n_m=3Dfreebsd-jail%40freebsd.org&lloc=3D1st_cta =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Zhang Elisa=EF=BC=8C=E4=BD=A0=E5=A5=BD=EF=BC=9A =E4=BD=A0=E4=B8=8A=E6=AC=A1=E7=99=BB=E5=BD=95 Facebook = =E4=BB=A5=E5=90=8E=E5=8F=88=E5=8F=91=E7=94=9F=E4=BA=86=E5=A5=BD=E5=A4=9A= =E6=96=B0=E9=B2=9C=E4=BA=8B=E3=80=82=E7=9C=8B=E7=9C=8B=E4=B8=8B=E9=9D=A2= =E8=BF=99=E4=BA=9B=E4=B8=8E=E5=A5=BD=E5=8F=8B=E6=9C=89=E5=85=B3=E7=9A=84= =E9=80=9A=E7=9F=A5=E5=90=A7=E3=80=82 "=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A01 = =E6=9D=A1=E6=96=B0=E9=80=9A=E7=9F=A5" =E8=B0=A2=E8=B0=A2=EF=BC=81 Facebook =E5=9B=A2=E9=98=9F =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =E6=AD=A4=E9=82=AE=E4=BB=B6=E5=8F=91=E7=BB=99 freebsd-jail@freebsd.org = =E3=80=82 = =E5=A6=82=E6=9E=9C=E4=B8=8D=E5=B8=8C=E6=9C=9B=E5=86=8D=E6=94=B6=E5=88=B0 = Facebook =E7=9A=84=E6=AD=A4=E7=B1=BB=E9=82=AE=E4=BB=B6=EF=BC=8C=E8=AF=B7= =E7=82=B9=E5=87=BB=E4=B8=8B=E6=96=B9=E9=93=BE=E6=8E=A5=E5=8D=B3=E5=8F=AF= =E9=80=80=E8=AE=A2=E3=80=82 https://www.facebook.com/o.php?k=3DAS2sISr7tC23Db1c&u=3D1170267112&mid=3D5= 5f330e386bcfG45c0dbe8G55f3357ce6ea1G32b Facebook, Inc., Attention: Community Support, 1 Hacker Way, Menlo Park, CA = 94025 From owner-freebsd-jail@freebsd.org Sat Dec 2 13:02:53 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CC7FEDFEAA3 for ; Sat, 2 Dec 2017 13:02:53 +0000 (UTC) (envelope-from notification+z=f_92yc@facebookmail.com) Received: from mx-out.facebook.com (66-220-155-144.outmail.facebook.com [66.220.155.144]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0F6266EFEB for ; Sat, 2 Dec 2017 13:02:52 +0000 (UTC) (envelope-from notification+z=f_92yc@facebookmail.com) Received: from facebook.com (i9fr0aW7KM4THLuAManyfv+B2xyGwOYGGpxmyjkIr+pTBvRfSzEGFSvKcxauqAtG 2401:db00:1030:5253:face:0000:0017:0000) by facebook.com with Thrift id 14655bead76111e79ebb000af7a307fc-5c1fb058; Sat, 02 Dec 2017 05:02:41 -0800 X-Facebook: from 2401:db00:2040:90bc:face:0:3d:0 ([MTI3LjAuMC4x]) by async.twshared3463.09.ash4.facebook.com with HTTP (ZuckMail); Date: Sat, 2 Dec 2017 05:02:41 -0800 To: Zhang Elisa Subject: =?UTF-8?B?WmhhbmcgRWxpc2HvvIzkvaDmnIkx?= =?UTF-8?B?IOadoeaWsOmAmuefpQ==?= X-Priority: 3 X-Mailer: ZuckMail [version 1.00] From: "Facebook" Reply-to: noreply Errors-To: notification+z=f_92yc@facebookmail.com X-Facebook-Notify: stale_notifications; mailid=55f5acff00c61G45c0dbe8G55f5b19860f33G32b Feedback-ID: 3182:stale_notifications:Facebook X-FACEBOOK-PRIORITY: 1 X-Auto-Response-Suppress: All Require-Recipient-Valid-Since: freebsd-jail@freebsd.org; Tuesday, 17 Mar 2009 14:58:38 +0000 Message-ID: <0d58cad325206109e2f35c76c1a9edbb@async.twshared3463.09.ash4.facebook.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Dec 2017 13:02:53 -0000 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =E5=89=8D=E5=BE=80 Facebook https://www.facebook.com/n/?aref=3D1512219758432051&medium=3Demail&mid=3D5= 5f5acff00c61G45c0dbe8G55f5b19860f33G32b&bcode=3D2.1512219760.AbzqWBHyEjcRt= lNlKNs&n_m=3Dfreebsd-jail%40freebsd.org&lloc=3D2nd_cta =E6=9F=A5=E7=9C=8B=E9=80=9A=E7=9F=A5 https://www.facebook.com/n/?notifications&aref=3D1512219758432051&medium= =3Demail&mid=3D55f5acff00c61G45c0dbe8G55f5b19860f33G32b&bcode=3D2.15122197= 60.AbzqWBHyEjcRtlNlKNs&n_m=3Dfreebsd-jail%40freebsd.org&lloc=3D1st_cta =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Zhang Elisa=EF=BC=8C=E4=BD=A0=E5=A5=BD=EF=BC=9A =E4=BD=A0=E4=B8=8A=E6=AC=A1=E7=99=BB=E5=BD=95 Facebook = =E4=BB=A5=E5=90=8E=E5=8F=88=E5=8F=91=E7=94=9F=E4=BA=86=E5=A5=BD=E5=A4=9A= =E6=96=B0=E9=B2=9C=E4=BA=8B=E3=80=82=E7=9C=8B=E7=9C=8B=E4=B8=8B=E9=9D=A2= =E8=BF=99=E4=BA=9B=E4=B8=8E=E5=A5=BD=E5=8F=8B=E6=9C=89=E5=85=B3=E7=9A=84= =E9=80=9A=E7=9F=A5=E5=90=A7=E3=80=82 "=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A01 = =E6=9D=A1=E6=96=B0=E9=80=9A=E7=9F=A5" =E8=B0=A2=E8=B0=A2=EF=BC=81 Facebook =E5=9B=A2=E9=98=9F =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =E6=AD=A4=E9=82=AE=E4=BB=B6=E5=8F=91=E7=BB=99 freebsd-jail@freebsd.org = =E3=80=82 = =E5=A6=82=E6=9E=9C=E4=B8=8D=E5=B8=8C=E6=9C=9B=E5=86=8D=E6=94=B6=E5=88=B0 = Facebook =E7=9A=84=E6=AD=A4=E7=B1=BB=E9=82=AE=E4=BB=B6=EF=BC=8C=E8=AF=B7= =E7=82=B9=E5=87=BB=E4=B8=8B=E6=96=B9=E9=93=BE=E6=8E=A5=E5=8D=B3=E5=8F=AF= =E9=80=80=E8=AE=A2=E3=80=82 https://www.facebook.com/o.php?k=3DAS3joBSuFZbTxSqz&u=3D1170267112&mid=3D5= 5f5acff00c61G45c0dbe8G55f5b19860f33G32b Facebook, Inc., Attention: Community Support, 1 Hacker Way, Menlo Park, CA = 94025