Date: Fri, 21 Jul 2017 11:25:00 +0200 From: "Kristof Provost" <kristof@sigsegv.be> To: "Nikos Vassiliadis" <nvass@gmx.com> Cc: "Panagiotes Mousikides" <paggas1@yandex.com>, "Alan Somers" <asomers@freebsd.org>, "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>, "FreeBSD Current" <freebsd-current@freebsd.org> Subject: Re: Attn: CI/Jenkins people; Run bhyve instance for testing pf Message-ID: <1DA23B47-AC65-450F-A643-55162D300638@sigsegv.be> In-Reply-To: <81ab7ffc-c89d-0a79-5736-32d555366f3f@gmx.com> References: <871d6043-0c56-2c9b-1e3e-5db33898c24a@yandex.com> <CAOtMX2g8T48p2jereubD46yeVpsOjmHNX_Bt7G6N0BP4kuZ%2Bdw@mail.gmail.com> <a7468a38-5288-9eb2-b354-ec797e46d39e@yandex.com> <81ab7ffc-c89d-0a79-5736-32d555366f3f@gmx.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20 Jul 2017, at 18:24, Nikos Vassiliadis wrote: > It would be great if you use vnet jails for that. I am not > sure regarding the per-vnet pf functionality but I have seen > many bug fixes hitting the tree since last year. You can ask > on freebsd-virtualization@freebsd.org or freebsd-pf@freebsd.org > to learn more about it. > It’s starting to become usable, yes. > Pf within a jail should behave more or less like the "normal" one. > Plus you will be testing per-vnet functionality, which the project > needs anyhow, in one go. > It *should* behave the same, but the fact is that a setup like that tests vnet pf, not just pf. Ideally we should have both setups, but the priority should be on the setup most people use today, which is not vnet enabled. Regards, Kristof From owner-freebsd-current@freebsd.org Fri Jul 21 10:34:32 2017 Return-Path: <owner-freebsd-current@freebsd.org> Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D780CDA37BF; Fri, 21 Jul 2017 10:34:32 +0000 (UTC) (envelope-from ohartmann@walstatt.org) Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E03786B39B; Fri, 21 Jul 2017 10:34:31 +0000 (UTC) (envelope-from ohartmann@walstatt.org) Received: from freyja.zeit4.iv.bundesimmobilien.de ([87.138.105.249]) by mail.gmx.com (mrgmx103 [212.227.17.168]) with ESMTPSA (Nemesis) id 0MWkZL-1d67hY0s6l-00XqNu; Fri, 21 Jul 2017 12:34:27 +0200 Date: Fri, 21 Jul 2017 12:34:19 +0200 From: "O. Hartmann" <ohartmann@walstatt.org> To: FreeBSD CURRENT <freebsd-current@freebsd.org> Cc: Sergey Zhmylove <Sergey.Zhmylove@elcom.spb.ru>, "O. Hartmann" <ohartmann@walstatt.org>, Frank Steinborn <steinex@nognu.de>, "Andrey V. Elsukov" <bu7cher@yandex.ru>, FreeBSD Questions <freebsd-questions@freebsd.org>, Stefan Esser <se@freebsd.org> Subject: [SOLVED] Re: Inter-VLAN routing on CURRENT: any known issues? Message-ID: <20170721123419.6dd6c26e@freyja.zeit4.iv.bundesimmobilien.de> In-Reply-To: <212825a3-ecc5-c9ab-d240-948dfaccb6b4@elcom.spb.ru> References: <20170712214334.4fc97335@thor.intern.walstatt.dynvpn.de> <c9679df1-e809-3d2b-9432-88664aae3b0a@yandex.ru> <20170713211004.13492aef@thor.intern.walstatt.dynvpn.de> <ca7a9e76-9ca3-33f9-c1ef-4c0afd0761ff@yandex.ru> <20170716230514.0c2e5c65@thor.intern.walstatt.dynvpn.de> <20170716211441.GA63054@krenn.local> <20170716233158.53f5d6e3@thor.intern.walstatt.dynvpn.de> <212825a3-ecc5-c9ab-d240-948dfaccb6b4@elcom.spb.ru> Organization: Walstatt MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K0:8m/RV4RSMzZeKJEd5HyAxnND6Zc623S/LrvIFDSfhPfgB4icV0L mssn6+EbX8je5PRMwhrA5q2HtzhKG3gbWEsPjBXcjP05btqNS6QLWOqU63mB9tHSrNExEG/ /v8cHEikjW2upwP9JL7tHhSu30OWMRaH+O9D9qutB8VsPvtVl1Pk5pxuWFBcaR4p+gH9NTT kJenZVGEgC1ngFIiC26XA== X-UI-Out-Filterresults: notjunk:1;V01:K0:Geax6i1zkCM=:E6mSkwBmexka654B7mS61N La3Q43tEgBY5xCq7uA//R4DOF7I3SMXXk84SMi3g/eHw/CETHRZIxGYHQb40muLCzXePeGmnN Og2NMIK5mH1weeYqP1GBWywHBBm1ebjq1cM+1Tvxw/pDOFZhvOk3BJaIbbtlIanuXXWk4NbVD H7OPWKt9lRcsuD/e/J617Q+xxRe7GcoXu28iZPJfn3pLiK0zYnZM+1uCkJZ2lPVq+XC1EqY3W GecUfuWm0YFTRFOfoAa2TstdBGgqsHxi+qV4D85TlJDPlXxdBanjQ1vCLgIsghsFXeVqb5/6C Q3rzwpun7ARYzz9I7pA5BLhUrpLH2wlWvTrVx7kx8zfEiwOrnvzItJWfAFLvRghPTWXK0QA7z iCE5K/hcmXpM8P9t6fV3DyPiz9jFA02IwFmr4L2fGKOh8G/30AhNYYJbFl7aTsPhaxc1CTUSS dPDJt0MUgDb2nj+T10CrNsmaKdjP3+RRbZeIr8tFPDbrZO1CjpWq1UXHVZQZ1XI3U8M46Kl3o VEjcOlilzrl6jc5biyrHukZFDsFbAw65fhsk4q+JM59xKL8/YrC92ALC/sCuS80wJ7yOBSBCQ 64bSHKuui5ahWsMIaC9+MvznDOZfA5MVLvmMy/6iND1KYrOYSTH6YBcM/CwA93rQOXKOZt7tw 0sdOmHYv6fWacXcXIMX+y9YpQOvLXBcjxw0TKKlmBeVxoYwBB/X0GqoIN3Fcs/f/lSENEv/A8 gOR1eXsuBnSz6zRBFeoue6xo7fD4ADhHZjhs6i2Zr+LzK/t/M22eQtnHQaAGfIGfAhrr3L+/3 9O4V4IEocH6pF36VO4UGW4Sw6ZF/5cpkmaal1K3H9++6lj61Ik= X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>; List-Post: <mailto:freebsd-current@freebsd.org> List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, <mailto:freebsd-current-request@freebsd.org?subject=subscribe> X-List-Received-Date: Fri, 21 Jul 2017 10:34:32 -0000 On Wed, 19 Jul 2017 16:44:16 +0300 Sergey Zhmylove <Sergey.Zhmylove@elcom.spb.ru> wrote: To make things short: Routing works as expected (even with the default route goinf via NAT). The reason for the problems was: some in-hardware vlan feature support of t= he i210/i350 chipset driver (or the chipset itself) seem to be broken. I did not iterate deeply over the feature list, but I will soon, this is wh= at works so far for me at the moment with i210: ifconfig_igbX=3D"-vlanhwtso -vlanhwcsum -vlanhwfilter -vlanhwtag up" Although I have disabled the feature "-vlanhwcsum" which the hardware obviously provides, checking via ifconfig reveals: igb1: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0= mtu 1500 options=3D6025ab<RXCSUM,TXCSUM,VLAN_MTU,JUMBO_MTU,VLAN_HWCSUM,TSO4,LRO,WOL_= MAGIC,RXCSUM_IPV6,TXCSUM_IPV6> But this couldn't then be the culprit. Some people mentioned earlier and suggested highly to disable those feature= s - I tried and put the minus-prepended disabling tag into rc.conf's "create_args_igbX=3D..." - obviously not correct in that context. Thank you very much for assisting! Kind regards, Oliver > Do you receive packets from 192.168.2.0/24 and 192.168.3.0/24 on igb1.2=20 > and igb1.3 respectively? > Do you really need NAT? As far as I can see, you're looking for basic=20 > static inter-VLAN routing. > Could you check the communication between 2.0/24 and 3.0/24 with=20 > unloaded ipfw module (just to exclude ipfw from the investigation)? >=20 > I have a lot of installations of such scheme on em(4) and re(4) devices=20 > -- no problems at all. Even maybe there was igb(4) devices too. >=20 > Sergey <KorG> Zhmylove > 17.07.2017 0:31, O. Hartmann =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > > Am Sun, 16 Jul 2017 23:14:41 +0200 > > Frank Steinborn <steinex@nognu.de> schrieb: > > =20 > >> O. Hartmann <ohartmann@walstatt.org> wrote: =20 > >>> I have not have any success on this and I must ask now, to not make a > >>> fool out of my self, whether the concept of having several vlan over = one > >>> single NIC is possible with FreeBSD (12-CURRENT, as of today, r321055. > >>> > >>> Since it is even not possible to "route" from a non-tagged igb1 to a > >>> tagged vlan igb1.2 or igb1.66 (for instance) on the same NIC, I have a > >>> faint suspect that I'm doing something terribly wrong. > >>> > >>> I think everyone working with vlan should have those problems, but si= nce > >>> I can not find anything on the list, I must do something wrong - my > >>> simple conclusion. > >>> > >>> What is it? =20 > >> Do you have enabled net.inet.ip.forwarding? > >> =20 > > Of course I have. As I stated earlier, ICMP pings from on VLAN to anoth= er > > over this router works, but any IP (UDP, TCP) is vanishing into thin ai= r. > > > > I don't have a FBSD-11-STABLE reference system at hand, so that I can c= heck > > with another revision/major release of the OS, but I work on that. > > =20 >=20 > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1DA23B47-AC65-450F-A643-55162D300638>