From owner-freebsd-virtualization@FreeBSD.ORG Mon Oct 18 20:55:04 2010 Return-Path: Delivered-To: virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2DF791065672; Mon, 18 Oct 2010 20:55:04 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 7B3B48FC1E; Mon, 18 Oct 2010 20:55:03 +0000 (UTC) Received: by bwz16 with SMTP id 16so76929bwz.13 for ; Mon, 18 Oct 2010 13:55:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:sender:received :in-reply-to:references:from:date:x-google-sender-auth:message-id :subject:to:cc:content-type:content-transfer-encoding; bh=xMSpL20gdMvMfYoj1IqyTO3A1bX3qO/kKubYLL2OJ8o=; b=xkqxmiBkLGxLkm2kzO5SnQbQWiPEIrnrGz7BZLgo/gRp8a6zHoLitw4rtRGt+XjGXy 4S/i/s6tDvZWT+pRFnjD6GpWh1SRpw2b/q0F/q9Pk7uTlQn9CwFpeFi/U3VaDEMRjYPV tJKnZbgx2xhipxZ7Aa2TxqiInMf8z8ruiLymM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; b=GKj1Jui0rNyflvj2uPwLbcAnUdn329p7uX09hCb4jenJaKutO/GuMEwjT5Wcbwyom/ +WktXQmmKSTMdMFg3J9MEGbIrebmO/INDfUlmjZ2YGRyccWmmwMz/B33W0+NCNgCn1TV ud+ords3tflR/I7UMMYiPVHQJGM3yoTULtMz4= Received: by 10.204.46.33 with SMTP id h33mr4958542bkf.95.1287433888392; Mon, 18 Oct 2010 13:31:28 -0700 (PDT) MIME-Version: 1.0 Sender: ermal.luci@gmail.com Received: by 10.204.35.68 with HTTP; Mon, 18 Oct 2010 13:31:07 -0700 (PDT) In-Reply-To: <4CBC986C.30205@freebsd.org> References: <4CBC986C.30205@freebsd.org> From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= Date: Mon, 18 Oct 2010 21:31:07 +0100 X-Google-Sender-Auth: G-6K6Rni5ge0nm-6sE9eeGQrOxA Message-ID: To: Julian Elischer Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: virtualization@freebsd.org Subject: Re: [PATCH] pf(4) patch from OpenBSD 4.5 X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Oct 2010 20:55:04 -0000 On Mon, Oct 18, 2010 at 7:56 PM, Julian Elischer wrote= : > =A0On 10/18/10 11:10 AM, Ermal Lu=E7i wrote: >> >> Hello, >> >> the link http://people.freebsd.org/~eri/pf45_1.diff has the patch for >> pf(4) as of OpenBSD 4.5 version. >> The patch is against HEAD. >> After OpenBSD 4.5 the syntax has changed and this is the reason for >> such an 'old' version patch. >> >> After importing this one the work will go on the newest version and >> decisions on it will than be done. >> >> Be aware that this patch has even support for VIMAGE/VNET. >> It will enable you to run pf(4) with[in] jails+vnets or just vnets >> themselves with separate rulesets >> and policies. >> pfsync(4) can be loaded as a module also with this patch. > > hooray! > > what to do with pfsync is hte question.. =A0we don't yet have devfs-per-j= ail > =A0but I think that's probably something we > should work on pretty soon. > I guess /dev/pfsync could only give you stuff from your own jail/vnet but= I > don't use it so I'm not sure how it works. AFAIK pfsync(4) is not a devfs consumer. Its just a wrapped up in-kernel packet generator glued to ifnet interface. So you should be able to run a failover scenario on 2 jails through pfsync(= 4). > >> Feedback is very welcome. >> >> Regards, > > --=20 Ermal