From owner-freebsd-arch@FreeBSD.ORG Sun Sep 15 16:35:40 2013 Return-Path: Delivered-To: arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 2A90AA52; Sun, 15 Sep 2013 16:35:40 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 991932A0E; Sun, 15 Sep 2013 16:35:39 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id A20B78723; Sun, 15 Sep 2013 16:35:38 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id AA8824B5EA; Sun, 15 Sep 2013 18:35:26 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: arch@freebsd.org Subject: jail configuration Date: Sun, 15 Sep 2013 18:35:26 +0200 Message-ID: <8661u2kppt.fsf@nine.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Cc: jamie@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Sep 2013 16:35:40 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable We've had jail.conf(5) for several years now, but no way to use it because the rc script doesn't support it. It is not perfect, but it is much cleaner and much more powerful than the old way of setting variables in rc.conf. I suggest that the attached patch (and the necessary changes to the documentation) is long overdue. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=jail-rc.diff Index: etc/rc.d/jail =================================================================== --- etc/rc.d/jail (revision 255598) +++ etc/rc.d/jail (working copy) @@ -19,743 +19,45 @@ name="jail" rcvar="jail_enable" -start_precmd="jail_prestart" start_cmd="jail_start" stop_cmd="jail_stop" +restart_cmd="jail_restart" +status_cmd="jail_status" -# init_variables _j -# Initialize the various jail variables for jail _j. -# -init_variables() -{ - _j="$1" +load_rc_config $name - if [ -z "$_j" ]; then - warn "init_variables: you must specify a jail" - return - fi +: ${jail_cmd:="/usr/sbin/jail"} +: ${jail_conf:="/etc/jail.conf"} - eval _rootdir=\"\$jail_${_j}_rootdir\" - _devdir="${_rootdir}/dev" - _fdescdir="${_devdir}/fd" - _procdir="${_rootdir}/proc" - eval _hostname=\"\$jail_${_j}_hostname\" - eval _ip=\"\$jail_${_j}_ip\" - eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\" - eval _exec=\"\$jail_${_j}_exec\" +cmd="$1" +shift +jails="$@" - i=0 - while : ; do - eval _exec_prestart${i}=\"\${jail_${_j}_exec_prestart${i}:-\${jail_exec_prestart${i}}}\" - [ -z "$(eval echo \"\$_exec_prestart${i}\")" ] && break - i=$((i + 1)) - done - - eval _exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\" - - i=1 - while : ; do - eval _exec_afterstart${i}=\"\${jail_${_j}_exec_afterstart${i}:-\${jail_exec_afterstart${i}}}\" - [ -z "$(eval echo \"\$_exec_afterstart${i}\")" ] && break - i=$((i + 1)) - done - - i=0 - while : ; do - eval _exec_poststart${i}=\"\${jail_${_j}_exec_poststart${i}:-\${jail_exec_poststart${i}}}\" - [ -z "$(eval echo \"\$_exec_poststart${i}\")" ] && break - i=$((i + 1)) - done - - i=0 - while : ; do - eval _exec_prestop${i}=\"\${jail_${_j}_exec_prestop${i}:-\${jail_exec_prestop${i}}}\" - [ -z "$(eval echo \"\$_exec_prestop${i}\")" ] && break - i=$((i + 1)) - done - - eval _exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\" - - i=0 - while : ; do - eval _exec_poststop${i}=\"\${jail_${_j}_exec_poststop${i}:-\${jail_exec_poststop${i}}}\" - [ -z "$(eval echo \"\$_exec_poststop${i}\")" ] && break - i=$((i + 1)) - done - - if [ -n "${_exec}" ]; then - # simple/backward-compatible execution - _exec_start="${_exec}" - _exec_stop="" +jail_do() { + local cmr="$1" + if [ -n "${jails}" ] ; then + for jail in ${jails} ; do + ${jail_cmd} ${cmr} "${jail}" + done else - # flexible execution - if [ -z "${_exec_start}" ]; then - _exec_start="/bin/sh /etc/rc" - if [ -z "${_exec_stop}" ]; then - _exec_stop="/bin/sh /etc/rc.shutdown" - fi - fi + ${jail_cmd} ${cmr} '*' fi - - # The default jail ruleset will be used by rc.subr if none is specified. - eval _ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\" - eval _devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\" - [ -z "${_devfs}" ] && _devfs="NO" - eval _fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\" - [ -z "${_fdescfs}" ] && _fdescfs="NO" - eval _procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\" - [ -z "${_procfs}" ] && _procfs="NO" - - eval _mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\" - [ -z "${_mount}" ] && _mount="NO" - # "/etc/fstab.${_j}" will be used for {,u}mount(8) if none is specified. - eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\" - [ -z "${_fstab}" ] && _fstab="/etc/fstab.${_j}" - eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\" - [ -z "${_flags}" ] && _flags="-l -U root" - eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\" - [ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log" - eval _parameters=\"\${jail_${_j}_parameters:-${jail_parameters}}\" - [ -z "${_parameters}" ] && _parameters="" - eval _fib=\"\${jail_${_j}_fib:-${jail_fib}}\" - - # Debugging aid - # - debug "$_j devfs enable: $_devfs" - debug "$_j fdescfs enable: $_fdescfs" - debug "$_j procfs enable: $_procfs" - debug "$_j mount enable: $_mount" - debug "$_j hostname: $_hostname" - debug "$_j ip: $_ip" - jail_show_addresses ${_j} - debug "$_j interface: $_interface" - debug "$_j fib: $_fib" - debug "$_j root: $_rootdir" - debug "$_j devdir: $_devdir" - debug "$_j fdescdir: $_fdescdir" - debug "$_j procdir: $_procdir" - debug "$_j ruleset: $_ruleset" - debug "$_j fstab: $_fstab" - - i=0 - while : ; do - eval out=\"\${_exec_prestart${i}:-''}\" - if [ -z "$out" ]; then - break - fi - debug "$_j exec pre-start #${i}: ${out}" - i=$((i + 1)) - done - - debug "$_j exec start: $_exec_start" - - i=1 - while : ; do - eval out=\"\${_exec_afterstart${i}:-''}\" - - if [ -z "$out" ]; then - break; - fi - - debug "$_j exec after start #${i}: ${out}" - i=$((i + 1)) - done - - i=0 - while : ; do - eval out=\"\${_exec_poststart${i}:-''}\" - if [ -z "$out" ]; then - break - fi - debug "$_j exec post-start #${i}: ${out}" - i=$((i + 1)) - done - - i=0 - while : ; do - eval out=\"\${_exec_prestop${i}:-''}\" - if [ -z "$out" ]; then - break - fi - debug "$_j exec pre-stop #${i}: ${out}" - i=$((i + 1)) - done - - debug "$_j exec stop: $_exec_stop" - - i=0 - while : ; do - eval out=\"\${_exec_poststop${i}:-''}\" - if [ -z "$out" ]; then - break - fi - debug "$_j exec post-stop #${i}: ${out}" - i=$((i + 1)) - done - - debug "$_j flags: $_flags" - debug "$_j consolelog: $_consolelog" - debug "$_j parameters: $_parameters" - - if [ -z "${_hostname}" ]; then - err 3 "$name: No hostname has been defined for ${_j}" - fi - if [ -z "${_rootdir}" ]; then - err 3 "$name: No root directory has been defined for ${_j}" - fi } -# set_sysctl rc_knob mib msg -# If the mib sysctl is set according to what rc_knob -# specifies, this function does nothing. However if -# rc_knob is set differently than mib, then the mib -# is set accordingly and msg is displayed followed by -# an '=" sign and the word 'YES' or 'NO'. -# -set_sysctl() -{ - _knob="$1" - _mib="$2" - _msg="$3" - - _current=`${SYSCTL} -n $_mib 2>/dev/null` - if checkyesno $_knob ; then - if [ "$_current" -ne 1 ]; then - echo -n " ${_msg}=YES" - ${SYSCTL} 1>/dev/null ${_mib}=1 - fi - else - if [ "$_current" -ne 0 ]; then - echo -n " ${_msg}=NO" - ${SYSCTL} 1>/dev/null ${_mib}=0 - fi - fi +jail_start() { + jail_do -c } -# is_current_mountpoint() -# Is the directory mount point for a currently mounted file -# system? -# -is_current_mountpoint() -{ - local _dir _dir2 - - _dir=$1 - - _dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'` - [ ! -d "${_dir}" ] && return 1 - _dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'` - [ "${_dir}" = "${_dir2}" ] - return $? +jail_stop() { + jail_do -r } -# is_symlinked_mountpoint() -# Is a mount point, or any of its parent directories, a symlink? -# -is_symlinked_mountpoint() -{ - local _dir - - _dir=$1 - - [ -L "$_dir" ] && return 0 - [ "$_dir" = "/" ] && return 1 - is_symlinked_mountpoint `dirname $_dir` - return $? +jail_restart() { + jail_do -rc } -# secure_umount -# Try to unmount a mount point without being vulnerable to -# symlink attacks. -# -secure_umount() -{ - local _dir - - _dir=$1 - - if is_current_mountpoint ${_dir}; then - umount -f ${_dir} >/dev/null 2>&1 - else - debug "Nothing mounted on ${_dir} - not unmounting" - fi +jail_status() { + echo "not yet implemented" } - -# jail_umount_fs -# This function unmounts certain special filesystems in the -# currently selected jail. The caller must call the init_variables() -# routine before calling this one. -# -jail_umount_fs() -{ - local _device _mountpt _rest - - if checkyesno _fdescfs; then - if [ -d "${_fdescdir}" ] ; then - secure_umount ${_fdescdir} - fi - fi - if checkyesno _devfs; then - if [ -d "${_devdir}" ] ; then - secure_umount ${_devdir} - fi - fi - if checkyesno _procfs; then - if [ -d "${_procdir}" ] ; then - secure_umount ${_procdir} - fi - fi - if checkyesno _mount; then - [ -f "${_fstab}" ] || warn "${_fstab} does not exist" - tail -r ${_fstab} | while read _device _mountpt _rest; do - case ":${_device}" in - :#* | :) - continue - ;; - esac - secure_umount ${_mountpt} - done - fi -} - -# jail_mount_fstab() -# Mount file systems from a per jail fstab while trying to -# secure against symlink attacks at the mount points. -# -# If we are certain we cannot secure against symlink attacks we -# do not mount all of the file systems (since we cannot just not -# mount the file system with the problematic mount point). -# -# The caller must call the init_variables() routine before -# calling this one. -# -jail_mount_fstab() -{ - local _device _mountpt _rest - - while read _device _mountpt _rest; do - case ":${_device}" in - :#* | :) - continue - ;; - esac - if is_symlinked_mountpoint ${_mountpt}; then - warn "${_mountpt} has symlink as parent - not mounting from ${_fstab}" - return - fi - done <${_fstab} - mount -a -F "${_fstab}" -} - -# jail_show_addresses jail -# Debug print the input for the given _multi aliases -# for a jail for init_variables(). -# -jail_show_addresses() -{ - local _j _type alias - _j="$1" - alias=0 - - if [ -z "${_j}" ]; then - warn "jail_show_addresses: you must specify a jail" - return - fi - - while : ; do - eval _addr=\"\$jail_${_j}_ip_multi${alias}\" - if [ -n "${_addr}" ]; then - debug "${_j} ip_multi${alias}: $_addr" - alias=$((${alias} + 1)) - else - break - fi - done -} - -# jail_extract_address argument -# The second argument is the string from one of the _ip -# or the _multi variables. In case of a comma separated list -# only one argument must be passed in at a time. -# The function alters the _type, _iface, _addr and _mask variables. -# -jail_extract_address() -{ - local _i - _i=$1 - - if [ -z "${_i}" ]; then - warn "jail_extract_address: called without input" - return - fi - - # Check if we have an interface prefix given and split into - # iFace and rest. - case "${_i}" in - *\|*) # ifN|.. prefix there - _iface=${_i%%|*} - _r=${_i##*|} - ;; - *) _iface="" - _r=${_i} - ;; - esac - - # In case the IP has no interface given, check if we have a global one. - _iface=${_iface:-${_interface}} - - # Set address, cut off any prefix/netmask/prefixlen. - _addr=${_r} - _addr=${_addr%%[/ ]*} - - # Theoretically we can return here if interface is not set, - # as we only care about the _mask if we call ifconfig. - # This is not done because we may want to santize IP addresses - # based on _type later, and optionally change the type as well. - - # Extract the prefix/netmask/prefixlen part by cutting off the address. - _mask=${_r} - _mask=`expr "${_mask}" : "${_addr}\(.*\)"` - - # Identify type {inet,inet6}. - case "${_addr}" in - *\.*\.*\.*) _type="inet" ;; - *:*) _type="inet6" ;; - *) warn "jail_extract_address: type not identified" - ;; - esac - - # Handle the special /netmask instead of /prefix or - # "netmask xxx" case for legacy IP. - # We do NOT support shortend class-full netmasks. - if [ "${_type}" = "inet" ]; then - case "${_mask}" in - /*\.*\.*\.*) _mask=" netmask ${_mask#/}" ;; - *) ;; - esac - - # In case _mask is still not set use /32. - _mask=${_mask:-/32} - - elif [ "${_type}" = "inet6" ]; then - # In case _maske is not set for IPv6, use /128. - _mask=${_mask:-/128} - fi -} - -# jail_handle_ips_option {add,del} input -# Handle a single argument imput which can be a comma separated -# list of addresses (theoretically with an option interface and -# prefix/netmask/prefixlen). -# -jail_handle_ips_option() -{ - local _x _action _type _i - _action=$1 - _x=$2 - - if [ -z "${_x}" ]; then - # No IP given. This can happen for the primary address - # of each address family. - return - fi - - # Loop, in case we find a comma separated list, we need to handle - # each argument on its own. - while [ ${#_x} -gt 0 ]; do - case "${_x}" in - *,*) # Extract the first argument and strip it off the list. - _i=`expr "${_x}" : '^\([^,]*\)'` - _x=`expr "${_x}" : "^[^,]*,\(.*\)"` - ;; - *) _i=${_x} - _x="" - ;; - esac - - _type="" - _iface="" - _addr="" - _mask="" - jail_extract_address "${_i}" - - # make sure we got an address. - case "${_addr}" in - "") continue ;; - *) ;; - esac - - # Append address to list of addresses for the jail command. - case "${_type}" in - inet) - case "${_addrl}" in - "") _addrl="${_addr}" ;; - *) _addrl="${_addrl},${_addr}" ;; - esac - ;; - inet6) - case "${_addr6l}" in - "") _addr6l="${_addr}" ;; - *) _addr6l="${_addr6l},${_addr}" ;; - esac - ;; - esac - - # Configure interface alias if requested by a given interface - # and if we could correctly parse everything. - case "${_iface}" in - "") continue ;; - esac - case "${_type}" in - inet) ;; - inet6) ipv6_address_count=$((ipv6_address_count + 1)) ;; - *) warn "Could not determine address family. Not going" \ - "to ${_action} address '${_addr}' for ${_jail}." - continue - ;; - esac - case "${_action}" in - add) ifconfig ${_iface} ${_type} ${_addr}${_mask} alias - ;; - del) # When removing the IP, ignore the _mask. - ifconfig ${_iface} ${_type} ${_addr} -alias - ;; - esac - done -} - -# jail_ips {add,del} -# Extract the comma separated list of addresses and return them -# for the jail command. -# Handle more than one address via the _multi option as well. -# If an interface is given also add/remove an alias for the -# address with an optional netmask. -# -jail_ips() -{ - local _action - _action=$1 - - case "${_action}" in - add) ;; - del) ;; - *) warn "jail_ips: invalid action '${_action}'" - return - ;; - esac - - # Handle addresses. - ipv6_address_count=0 - jail_handle_ips_option ${_action} "${_ip}" - # Handle jail_xxx_ip_multi - alias=0 - while : ; do - eval _x=\"\$jail_${_jail}_ip_multi${alias}\" - case "${_x}" in - "") break ;; - *) jail_handle_ips_option ${_action} "${_x}" - alias=$((${alias} + 1)) - ;; - esac - done - case ${ipv6_address_count} in - 0) ;; - *) # Sleep 1 second to let DAD complete before starting services. - sleep 1 - ;; - esac -} - -jail_prestart() -{ - if checkyesno jail_parallel_start; then - command_args='&' - fi -} - -jail_start() -{ - echo -n 'Configuring jails:' - set_sysctl jail_set_hostname_allow security.jail.set_hostname_allowed \ - set_hostname_allow - set_sysctl jail_socket_unixiproute_only \ - security.jail.socket_unixiproute_only unixiproute_only - set_sysctl jail_sysvipc_allow security.jail.sysvipc_allowed \ - sysvipc_allow - echo '.' - - echo -n 'Starting jails:' - _tmp_dir=`mktemp -d /tmp/jail.XXXXXXXX` || \ - err 3 "$name: Can't create temp dir, exiting..." - for _jail in ${jail_list} - do - init_variables $_jail - if [ -f /var/run/jail_${_jail}.id ]; then - echo -n " [${_hostname} already running (/var/run/jail_${_jail}.id exists)]" - continue; - fi - _addrl="" - _addr6l="" - jail_ips "add" - if [ -n "${_fib}" ]; then - _setfib="setfib -F '${_fib}'" - else - _setfib="" - fi - if checkyesno _mount; then - info "Mounting fstab for jail ${_jail} (${_fstab})" - if [ ! -f "${_fstab}" ]; then - err 3 "$name: ${_fstab} does not exist" - fi - jail_mount_fstab - fi - if checkyesno _devfs; then - # If devfs is already mounted here, skip it. - df -t devfs "${_devdir}" >/dev/null - if [ $? -ne 0 ]; then - if is_symlinked_mountpoint ${_devdir}; then - warn "${_devdir} has symlink as parent - not starting jail ${_jail}" - continue - fi - info "Mounting devfs on ${_devdir}" - devfs_mount_jail "${_devdir}" ${_ruleset} - # Transitional symlink for old binaries - if [ ! -L "${_devdir}/log" ]; then - ln -sf ../var/run/log "${_devdir}/log" - fi - fi - - # XXX - It seems symlinks don't work when there - # is a devfs(5) device of the same name. - # Jail console output - # __pwd="`pwd`" - # cd "${_devdir}" - # ln -sf ../var/log/console console - # cd "$__pwd" - fi - if checkyesno _fdescfs; then - if is_symlinked_mountpoint ${_fdescdir}; then - warn "${_fdescdir} has symlink as parent, not mounting" - else - info "Mounting fdescfs on ${_fdescdir}" - mount -t fdescfs fdesc "${_fdescdir}" - fi - fi - if checkyesno _procfs; then - if is_symlinked_mountpoint ${_procdir}; then - warn "${_procdir} has symlink as parent, not mounting" - else - info "Mounting procfs onto ${_procdir}" - if [ -d "${_procdir}" ] ; then - mount -t procfs proc "${_procdir}" - fi - fi - fi - _tmp_jail=${_tmp_dir}/jail.$$ - - i=0 - while : ; do - eval out=\"\${_exec_prestart${i}:-''}\" - [ -z "$out" ] && break - ${out} - i=$((i + 1)) - done - - eval ${_setfib} jail -n ${_jail} ${_flags} -i -c path=${_rootdir} host.hostname=${_hostname} \ - ${_addrl:+ip4.addr=\"${_addrl}\"} ${_addr6l:+ip6.addr=\"${_addr6l}\"} \ - ${_parameters} command=${_exec_start} > ${_tmp_jail} 2>&1 \ - ${_consolelog} - echo ${_jail_id} > /var/run/jail_${_jail}.id - - i=0 - while : ; do - eval out=\"\${_exec_poststart${i}:-''}\" - [ -z "$out" ] && break - ${out} - i=$((i + 1)) - done - else - jail_umount_fs - jail_ips "del" - echo " cannot start jail \"${_jail}\": " - tail +2 ${_tmp_jail} - fi - rm -f ${_tmp_jail} - done - rmdir ${_tmp_dir} - echo '.' -} - -jail_stop() -{ - echo -n 'Stopping jails:' - for _jail in ${jail_list} - do - if [ -f "/var/run/jail_${_jail}.id" ]; then - _jail_id=$(cat /var/run/jail_${_jail}.id) - if [ ! -z "${_jail_id}" ]; then - init_variables $_jail - - i=0 - while : ; do - eval out=\"\${_exec_prestop${i}:-''}\" - [ -z "$out" ] && break - ${out} - i=$((i + 1)) - done - - if [ -n "${_exec_stop}" ]; then - eval env -i /usr/sbin/jexec ${_jail_id} ${_exec_stop} \ - >> ${_consolelog} 2>&1 - fi - killall -j ${_jail_id} -TERM > /dev/null 2>&1 - sleep 1 - killall -j ${_jail_id} -KILL > /dev/null 2>&1 - jail_umount_fs - echo -n " $_hostname" - - i=0 - while : ; do - eval out=\"\${_exec_poststop${i}:-''}\" - [ -z "$out" ] && break - ${out} - i=$((i + 1)) - done - fi - jail_ips "del" - rm /var/run/jail_${_jail}.id - else - echo " cannot stop jail ${_jail}. No jail id in /var/run" - fi - done - echo '.' -} - -load_rc_config $name -cmd="$1" -if [ $# -gt 0 ]; then - shift -fi -if [ -n "$*" ]; then - jail_list="$*" -fi - run_rc_command "${cmd}" --=-=-=-- From owner-freebsd-arch@FreeBSD.ORG Mon Sep 16 04:58:20 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id ADF9C399 for ; Mon, 16 Sep 2013 04:58:20 +0000 (UTC) (envelope-from lars.engels@0x20.net) Received: from mail.0x20.net (mail.0x20.net [IPv6:2001:aa8:fffb:1::3]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 745D02B05 for ; Mon, 16 Sep 2013 04:58:20 +0000 (UTC) Received: from 0x20.net (0x20.net [217.69.76.212]) (Authenticated sender: lala) by mail.0x20.net (Postfix) with ESMTPA id 797556A6004 for ; Mon, 16 Sep 2013 06:58:18 +0200 (CEST) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Mon, 16 Sep 2013 06:58:18 +0200 From: Lars Engels To: freebsd-arch@freebsd.org Subject: Re: jail configuration In-Reply-To: <8661u2kppt.fsf@nine.des.no> References: <8661u2kppt.fsf@nine.des.no> Message-ID: <886ba45e7a448d5a5eb57e7c42ff52ab@mail.0x20.net> X-Sender: lars.engels@0x20.net User-Agent: Roundcube Webmail/0.7 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2013 04:58:20 -0000 Am 15.09.2013 18:35, schrieb Dag-Erling Smørgrav: > We've had jail.conf(5) for several years now, but no way to use it > because the rc script doesn't support it. > > It is not perfect, but it is much cleaner and much more powerful than > the old way of setting variables in rc.conf. > > I suggest that the attached patch (and the necessary changes to the > documentation) is long overdue. There's also sysutils/jail2 which parses jail.conf(5). This, yours or a merge of both should be considered for commiting. From owner-freebsd-arch@FreeBSD.ORG Mon Sep 16 05:24:07 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 315B1888; Mon, 16 Sep 2013 05:24:07 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 01EA82C6D; Mon, 16 Sep 2013 05:24:05 +0000 (UTC) Received: from Julian-MBP3.local (ppp121-45-245-177.lns20.per2.internode.on.net [121.45.245.177]) (authenticated bits=0) by vps1.elischer.org (8.14.6/8.14.6) with ESMTP id r8G5Nfvg096467 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sun, 15 Sep 2013 22:23:53 -0700 (PDT) (envelope-from julian@freebsd.org) Message-ID: <523695D8.7010201@freebsd.org> Date: Mon, 16 Sep 2013 13:23:36 +0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: Warner Losh Subject: Re: IFNAMSIZ/IF_NAMESIZE change proposal References: <9527D72E-5871-4C5E-B2AB-A3BECA4925D4@juniper.net> <19C0CA7F-2857-4533-B5E7-29E1085DE072@bsdimp.com> In-Reply-To: <19C0CA7F-2857-4533-B5E7-29E1085DE072@bsdimp.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "freebsd-net@freebsd.org" , Anuranjan Shukla , Marcel Moolenaar , "freebsd-arch@freebsd.org" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2013 05:24:07 -0000 On 9/15/13 12:21 AM, Warner Losh wrote: > On Sep 14, 2013, at 2:44 AM, Anuranjan Shukla wrote: >> At Juniper Networks, interface name size was needed to be longer than what FreeBSD has. We're trying to reduce our local changes to FreeBSD to allow us an easier time upgrading to newer FreeBSD releases, and support the modularization of the network stack we'd proposed earlier. I'm sending this out to propose changing IFNAMSIZ from 16 to 60 (this is the size we use) in FreeBSD. We don't see any downside (other than increasing the ifreq structure size for one) to doing this, as allowing longer interface names can be handy for vendors. I'd like to hear if there's a strong objection to this. If not, we'd like to get this into to the FreeBSD codebase. Any thoughts/objections highly appreciated. Divert already has a problem with 16, since it tries (or fails if > 8 ) to pack the interface name into the 'unused' bytes of a sockaddr. 60 just makes things worse, but since it already fails at 16 I can't really object. but it would be nice if we could think of a better mechanism for divert reinjection. > 56 or 64 would be better for alignment, wouldn't it? > > Warner > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-arch@FreeBSD.ORG Mon Sep 16 05:26:37 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 6B539A85; Mon, 16 Sep 2013 05:26:37 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 21E7B2CAC; Mon, 16 Sep 2013 05:26:36 +0000 (UTC) Received: from Julian-MBP3.local (ppp121-45-245-177.lns20.per2.internode.on.net [121.45.245.177]) (authenticated bits=0) by vps1.elischer.org (8.14.6/8.14.6) with ESMTP id r8G5QTx1096482 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sun, 15 Sep 2013 22:26:31 -0700 (PDT) (envelope-from julian@freebsd.org) Message-ID: <5236967F.9080901@freebsd.org> Date: Mon, 16 Sep 2013 13:26:23 +0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: Warner Losh Subject: Re: IFNAMSIZ/IF_NAMESIZE change proposal References: <9527D72E-5871-4C5E-B2AB-A3BECA4925D4@juniper.net> <19C0CA7F-2857-4533-B5E7-29E1085DE072@bsdimp.com> <523695D8.7010201@freebsd.org> In-Reply-To: <523695D8.7010201@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "freebsd-net@freebsd.org" , Anuranjan Shukla , Marcel Moolenaar , "freebsd-arch@freebsd.org" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2013 05:26:37 -0000 On 9/16/13 1:23 PM, Julian Elischer wrote: > On 9/15/13 12:21 AM, Warner Losh wrote: >> On Sep 14, 2013, at 2:44 AM, Anuranjan Shukla wrote: >>> At Juniper Networks, interface name size was needed to be longer >>> than what FreeBSD has. We're trying to reduce our local changes to >>> FreeBSD to allow us an easier time upgrading to newer FreeBSD >>> releases, and support the modularization of the network stack we'd >>> proposed earlier. I'm sending this out to propose changing >>> IFNAMSIZ from 16 to 60 (this is the size we use) in FreeBSD. We >>> don't see any downside (other than increasing the ifreq structure >>> size for one) to doing this, as allowing longer interface names >>> can be handy for vendors. I'd like to hear if there's a strong >>> objection to this. If not, we'd like to get this into to the >>> FreeBSD codebase. Any thoughts/objections highly appreciated. > > Divert already has a problem with 16, since it tries (or fails if > > 8 ) to pack the interface name into the 'unused' > bytes of a sockaddr. > 60 just makes things worse, but since it already fails at 16 I can't > really object. > but it would be nice if we could think of a better mechanism for > divert reinjection. having said that I guess divert could just define a different sockaddr_divert to use instead, sinc eit is a different family. > >> 56 or 64 would be better for alignment, wouldn't it? >> >> Warner >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > > _______________________________________________ > freebsd-arch@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" > > From owner-freebsd-arch@FreeBSD.ORG Mon Sep 16 13:03:40 2013 Return-Path: Delivered-To: arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 967EFF65; Mon, 16 Sep 2013 13:03:40 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) by mx1.freebsd.org (Postfix) with ESMTP id 513862BD0; Mon, 16 Sep 2013 13:03:40 +0000 (UTC) Received: from slw by zxy.spb.ru with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1VLYUp-000JdE-Du; Mon, 16 Sep 2013 17:05:43 +0400 Date: Mon, 16 Sep 2013 17:05:43 +0400 From: Slawa Olhovchenkov To: Dag-Erling Sm??rgrav Subject: Re: jail configuration Message-ID: <20130916130543.GA73887@zxy.spb.ru> References: <8661u2kppt.fsf@nine.des.no> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8661u2kppt.fsf@nine.des.no> User-Agent: Mutt/1.5.21 (2010-09-15) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false Cc: arch@freebsd.org, jamie@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2013 13:03:40 -0000 On Sun, Sep 15, 2013 at 06:35:26PM +0200, Dag-Erling Sm??rgrav wrote: > We've had jail.conf(5) for several years now, but no way to use it > because the rc script doesn't support it. > > It is not perfect, but it is much cleaner and much more powerful than > the old way of setting variables in rc.conf. > > I suggest that the attached patch (and the necessary changes to the > documentation) is long overdue. This break existing configuration, yes? Can you adding (not replace) new way? From owner-freebsd-arch@FreeBSD.ORG Mon Sep 16 13:32:43 2013 Return-Path: Delivered-To: arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 33956698; Mon, 16 Sep 2013 13:32:43 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id EC1432D9A; Mon, 16 Sep 2013 13:32:42 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id C26B76036; Mon, 16 Sep 2013 13:32:41 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id 0732B122D; Mon, 16 Sep 2013 15:32:29 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Slawa Olhovchenkov Subject: Re: jail configuration References: <8661u2kppt.fsf@nine.des.no> <20130916130543.GA73887@zxy.spb.ru> Date: Mon, 16 Sep 2013 15:32:29 +0200 In-Reply-To: <20130916130543.GA73887@zxy.spb.ru> (Slawa Olhovchenkov's message of "Mon, 16 Sep 2013 17:05:43 +0400") Message-ID: <86k3igki36.fsf@nine.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: arch@freebsd.org, jamie@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2013 13:32:43 -0000 Slawa Olhovchenkov writes: > This break existing configuration, yes? Yes. > Can you adding (not replace) new way? Did you look at the patch? The old script is a monster. It would probably be easier to write a script that generates jail.conf from an existing old-style configuration. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-arch@FreeBSD.ORG Mon Sep 16 14:04:39 2013 Return-Path: Delivered-To: arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 619B57FA for ; Mon, 16 Sep 2013 14:04:39 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from m2.gritton.org (gritton.org [199.192.164.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 153A62FA1 for ; Mon, 16 Sep 2013 14:04:37 +0000 (UTC) Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by m2.gritton.org (8.14.5/8.14.5) with ESMTP id r8GDgmJA008475; Mon, 16 Sep 2013 07:42:48 -0600 (MDT) (envelope-from jamie@FreeBSD.org) Message-ID: <52370AD3.2060909@FreeBSD.org> Date: Mon, 16 Sep 2013 07:42:43 -0600 From: Jamie Gritton User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130807 Thunderbird/17.0.7 MIME-Version: 1.0 To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= Subject: Re: jail configuration References: <8661u2kppt.fsf@nine.des.no> <20130916130543.GA73887@zxy.spb.ru> <86k3igki36.fsf@nine.des.no> In-Reply-To: <86k3igki36.fsf@nine.des.no> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Cc: arch@FreeBSD.org, Slawa Olhovchenkov X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2013 14:04:39 -0000 On 09/16/13 07:32, Dag-Erling Smørgrav wrote: > Slawa Olhovchenkov writes: >> This break existing configuration, yes? > > Yes. > >> Can you adding (not replace) new way? > > Did you look at the patch? The old script is a monster. It would > probably be easier to write a script that generates jail.conf from an > existing old-style configuration. Another option would be to keep the old script if jails are enabled but jail.conf doesn't exist. It seems cleaner in the long run to offer a script to convert rc options to a jail.conf file, run as part of mergemaster. I just worry about POLA. Yes, I've let jail startup go for too long - I really meant to put it in for 10.0 but the recent slush kind of surprised me (which means I'm just not keeping up). After 10 splits off, it's time to just do it. - Jamie From owner-freebsd-arch@FreeBSD.ORG Mon Sep 16 14:27:34 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 859EA204; Mon, 16 Sep 2013 14:27:34 +0000 (UTC) (envelope-from Devin.Teske@fisglobal.com) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 4FA712183; Mon, 16 Sep 2013 14:27:34 +0000 (UTC) Received: from smtp.fisglobal.com ([10.132.206.16]) by ltcfislmsgpa05.fnfis.com (8.14.5/8.14.5) with ESMTP id r8GERGgs019873 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 16 Sep 2013 09:27:22 -0500 Received: from LTCFISWMSGMB21.FNFIS.com ([169.254.1.202]) by LTCFISWMSGHT05.FNFIS.com ([10.132.206.16]) with mapi id 14.02.0309.002; Mon, 16 Sep 2013 09:27:18 -0500 From: "Teske, Devin" To: Lars Engels Subject: Re: jail configuration Thread-Topic: jail configuration Thread-Index: AQHOsujYi5v9g74/DUKG4v+K2pdx5w== Date: Mon, 16 Sep 2013 14:27:17 +0000 Message-ID: <13CA24D6AB415D428143D44749F57D720FBC9636@LTCFISWMSGMB21.FNFIS.com> References: <8661u2kppt.fsf@nine.des.no> <886ba45e7a448d5a5eb57e7c42ff52ab@mail.0x20.net> In-Reply-To: <886ba45e7a448d5a5eb57e7c42ff52ab@mail.0x20.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.132.253.126] Content-Type: text/plain; charset="iso-8859-1" Content-ID: <1A16B4FF20CF5F4A905EA30CC9B23D58@fisglobal.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8794, 1.0.431, 0.0.0000 definitions=2013-09-16_03:2013-09-16,2013-09-15,1970-01-01 signatures=0 Cc: Devin Teske , Dag-Erling Smorgrav , "freebsd-arch@freebsd.org" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Devin Teske List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2013 14:27:34 -0000 On Sep 15, 2013, at 9:58 PM, Lars Engels wrote: > Am 15.09.2013 18:35, schrieb Dag-Erling Sm=F8rgrav: >> We've had jail.conf(5) for several years now, but no way to use it >> because the rc script doesn't support it. >> It is not perfect, but it is much cleaner and much more powerful than >> the old way of setting variables in rc.conf. >> I suggest that the attached patch (and the necessary changes to the >> documentation) is long overdue. >=20 >=20 > There's also sysutils/jail2 which parses jail.conf(5). > This, yours or a merge of both should be considered for commiting. I've reviewed DES's patch. Looks good, except for the YTB status functionality. --=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you. From owner-freebsd-arch@FreeBSD.ORG Mon Sep 16 14:38:51 2013 Return-Path: Delivered-To: arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id F00DA72B; Mon, 16 Sep 2013 14:38:50 +0000 (UTC) (envelope-from Devin.Teske@fisglobal.com) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 91D322258; Mon, 16 Sep 2013 14:38:50 +0000 (UTC) Received: from smtp.fisglobal.com ([10.132.206.15]) by ltcfislmsgpa04.fnfis.com (8.14.5/8.14.5) with ESMTP id r8GEcg6M017079 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 16 Sep 2013 09:38:43 -0500 Received: from LTCFISWMSGMB21.FNFIS.com ([169.254.1.202]) by LTCFISWMSGHT04.FNFIS.com ([10.132.206.15]) with mapi id 14.02.0309.002; Mon, 16 Sep 2013 09:38:41 -0500 From: "Teske, Devin" To: =?iso-8859-1?Q?Dag-Erling_Sm=F8rgrav?= Subject: Re: jail configuration Thread-Topic: jail configuration Thread-Index: AQHOsupvi5v9g74/DUKG4v+K2pdx5w== Date: Mon, 16 Sep 2013 14:38:41 +0000 Message-ID: <13CA24D6AB415D428143D44749F57D720FBCA6EB@LTCFISWMSGMB21.FNFIS.com> References: <8661u2kppt.fsf@nine.des.no> <20130916130543.GA73887@zxy.spb.ru> <86k3igki36.fsf@nine.des.no> In-Reply-To: <86k3igki36.fsf@nine.des.no> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.132.253.126] Content-Type: text/plain; charset="iso-8859-1" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8794, 1.0.431, 0.0.0000 definitions=2013-09-16_04:2013-09-16,2013-09-15,1970-01-01 signatures=0 Cc: "arch@freebsd.org" , Devin Teske , Jamie Gritton , Slawa Olhovchenkov X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Devin Teske List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2013 14:38:51 -0000 On Sep 16, 2013, at 6:32 AM, Dag-Erling Sm=F8rgrav wrote: > Slawa Olhovchenkov writes: >> This break existing configuration, yes? >=20 > Yes. >=20 >> Can you adding (not replace) new way? >=20 > Did you look at the patch? The old script is a monster. It would > probably be easier to write a script that generates jail.conf from an > existing old-style configuration. >=20 I've been thinking about maybe writing a tool (or 2). Options on the table: 1. Tool like sysrc that allows you to modify/maintain jail.conf from CLI? 2. Tool to migrate from rc.conf to jail.conf? 3. Both? Warranted? Some people have poked me in the past about maybe writing such a tool, but need more input first. --=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you. From owner-freebsd-arch@FreeBSD.ORG Mon Sep 16 17:32:38 2013 Return-Path: Delivered-To: arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 5A509290; Mon, 16 Sep 2013 17:32:38 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 1B5102E8D; Mon, 16 Sep 2013 17:32:37 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id 7970762C6; Mon, 16 Sep 2013 17:32:31 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id 1CE84148E; Mon, 16 Sep 2013 19:32:20 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Devin Teske Subject: Re: jail configuration References: <8661u2kppt.fsf@nine.des.no> <20130916130543.GA73887@zxy.spb.ru> <86k3igki36.fsf@nine.des.no> <13CA24D6AB415D428143D44749F57D720FBCA6EB@LTCFISWMSGMB21.FNFIS.com> Date: Mon, 16 Sep 2013 19:32:20 +0200 In-Reply-To: <13CA24D6AB415D428143D44749F57D720FBCA6EB@LTCFISWMSGMB21.FNFIS.com> (Devin Teske's message of "Mon, 16 Sep 2013 14:38:41 +0000") Message-ID: <86d2o8k6zf.fsf@nine.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: "arch@freebsd.org" , Jamie Gritton , Slawa Olhovchenkov X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2013 17:32:38 -0000 "Teske, Devin" writes: > I've been thinking about maybe writing a tool (or 2). Options on the tabl= e: > > 1. Tool like sysrc that allows you to modify/maintain jail.conf from CLI? > 2. Tool to migrate from rc.conf to jail.conf? > 3. Both? A shell script that does 2. should be sufficient, IMHO. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-arch@FreeBSD.ORG Mon Sep 16 17:33:16 2013 Return-Path: Delivered-To: arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 104123E0; Mon, 16 Sep 2013 17:33:16 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id C5A5F2EA8; Mon, 16 Sep 2013 17:33:15 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id 2C51862D3; Mon, 16 Sep 2013 17:33:15 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id C8DC61493; Mon, 16 Sep 2013 19:33:03 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Jamie Gritton Subject: Re: jail configuration References: <8661u2kppt.fsf@nine.des.no> <20130916130543.GA73887@zxy.spb.ru> <86k3igki36.fsf@nine.des.no> <52370AD3.2060909@FreeBSD.org> Date: Mon, 16 Sep 2013 19:33:03 +0200 In-Reply-To: <52370AD3.2060909@FreeBSD.org> (Jamie Gritton's message of "Mon, 16 Sep 2013 07:42:43 -0600") Message-ID: <868uywk6y8.fsf@nine.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: arch@FreeBSD.org, Slawa Olhovchenkov X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2013 17:33:16 -0000 Jamie Gritton writes: > Yes, I've let jail startup go for too long - I really meant to put it in > for 10.0 but the recent slush kind of surprised me (which means I'm just > not keeping up). After 10 splits off, it's time to just do it. How about we just ask agree on a patch, then ask re@? DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-arch@FreeBSD.ORG Mon Sep 16 18:54:11 2013 Return-Path: Delivered-To: arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 337DA341 for ; Mon, 16 Sep 2013 18:54:11 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from m2.gritton.org (gritton.org [199.192.164.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 13EE824D7 for ; Mon, 16 Sep 2013 18:54:10 +0000 (UTC) Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by m2.gritton.org (8.14.5/8.14.5) with ESMTP id r8GIs6GQ011049; Mon, 16 Sep 2013 12:54:07 -0600 (MDT) (envelope-from jamie@FreeBSD.org) Message-ID: <523753C9.9070302@FreeBSD.org> Date: Mon, 16 Sep 2013 12:54:01 -0600 From: Jamie Gritton User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130807 Thunderbird/17.0.7 MIME-Version: 1.0 To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= Subject: Re: jail configuration References: <8661u2kppt.fsf@nine.des.no> <20130916130543.GA73887@zxy.spb.ru> <86k3igki36.fsf@nine.des.no> <52370AD3.2060909@FreeBSD.org> <868uywk6y8.fsf@nine.des.no> In-Reply-To: <868uywk6y8.fsf@nine.des.no> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Cc: arch@FreeBSD.org, Slawa Olhovchenkov X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2013 18:54:11 -0000 On 09/16/13 11:33, Dag-Erling Smørgrav wrote: > Jamie Gritton writes: >> Yes, I've let jail startup go for too long - I really meant to put it in >> for 10.0 but the recent slush kind of surprised me (which means I'm just >> not keeping up). After 10 splits off, it's time to just do it. > > How about we just ask agree on a patch, then ask re@? If they're good for it, I am. But if it's to go in for 10, I'd think that update script would need to be a part of it. On the rc script itself, jail(8) has the ability to take multiple jails on the command line and start them all. I'd prefer to go that route rather than looping through the jails in the shell, since it allows for jail's support of dependencies and parallel startup. - Jamie From owner-freebsd-arch@FreeBSD.ORG Mon Sep 16 18:59:43 2013 Return-Path: Delivered-To: arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 406EF46D; Mon, 16 Sep 2013 18:59:43 +0000 (UTC) (envelope-from Devin.Teske@fisglobal.com) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 07D41251F; Mon, 16 Sep 2013 18:59:42 +0000 (UTC) Received: from smtp.fisglobal.com ([10.132.206.15]) by ltcfislmsgpa07.fnfis.com (8.14.5/8.14.5) with ESMTP id r8GIxBml023399 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 16 Sep 2013 13:59:35 -0500 Received: from LTCFISWMSGMB21.FNFIS.com ([169.254.1.202]) by LTCFISWMSGHT04.FNFIS.com ([10.132.206.15]) with mapi id 14.02.0309.002; Mon, 16 Sep 2013 13:59:18 -0500 From: "Teske, Devin" To: Jamie Gritton Subject: Re: jail configuration Thread-Topic: jail configuration Thread-Index: AQHOsw7Yi5v9g74/DUKG4v+K2pdx5w== Date: Mon, 16 Sep 2013 18:59:18 +0000 Message-ID: <13CA24D6AB415D428143D44749F57D720FBCB529@LTCFISWMSGMB21.FNFIS.com> References: <8661u2kppt.fsf@nine.des.no> <20130916130543.GA73887@zxy.spb.ru> <86k3igki36.fsf@nine.des.no> <52370AD3.2060909@FreeBSD.org> <868uywk6y8.fsf@nine.des.no> <523753C9.9070302@FreeBSD.org> In-Reply-To: <523753C9.9070302@FreeBSD.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.132.253.126] Content-Type: text/plain; charset="iso-8859-1" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8794, 1.0.431, 0.0.0000 definitions=2013-09-16_05:2013-09-16,2013-09-16,1970-01-01 signatures=0 Cc: =?iso-8859-1?Q?Dag-Erling_Sm=F8rgrav?= , Devin Teske , Slawa Olhovchenkov , "arch@FreeBSD.org" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Devin Teske List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2013 18:59:43 -0000 On Sep 16, 2013, at 11:54 AM, Jamie Gritton wrote: > On 09/16/13 11:33, Dag-Erling Sm=F8rgrav wrote: >> Jamie Gritton writes: >>> Yes, I've let jail startup go for too long - I really meant to put it in >>> for 10.0 but the recent slush kind of surprised me (which means I'm just >>> not keeping up). After 10 splits off, it's time to just do it. >>=20 >> How about we just ask agree on a patch, then ask re@? >=20 > If they're good for it, I am. But if it's to go in for 10, I'd think > that update script would need to be a part of it. >=20 > On the rc script itself, jail(8) has the ability to take multiple jails > on the command line and start them all. I'd prefer to go that route > rather than looping through the jails in the shell, since it allows for > jail's support of dependencies and parallel startup. >=20 In the patch DES submitted, I don't see why one couldn't use an fnmatch(3) expression as the jail name. In fact, his start routine uses a default jail name of '*' --=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you. From owner-freebsd-arch@FreeBSD.ORG Mon Sep 16 19:48:53 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 55B82375; Mon, 16 Sep 2013 19:48:53 +0000 (UTC) (envelope-from melifaro@FreeBSD.org) Received: from mail.ipfw.ru (mail.ipfw.ru [IPv6:2a01:4f8:120:6141::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 14AA32887; Mon, 16 Sep 2013 19:48:53 +0000 (UTC) Received: from v6.mpls.in ([2a02:978:2::5] helo=ws.su29.net) by mail.ipfw.ru with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76 (FreeBSD)) (envelope-from ) id 1VLb1Z-000Lx2-Kn; Mon, 16 Sep 2013 19:47:41 +0400 Message-ID: <52376097.6080406@FreeBSD.org> Date: Mon, 16 Sep 2013 23:48:39 +0400 From: "Alexander V. Chernikov" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130728 Thunderbird/17.0.7 MIME-Version: 1.0 To: Anuranjan Shukla Subject: Re: IFNAMSIZ/IF_NAMESIZE change proposal References: <9527D72E-5871-4C5E-B2AB-A3BECA4925D4@juniper.net> In-Reply-To: <9527D72E-5871-4C5E-B2AB-A3BECA4925D4@juniper.net> X-Enigmail-Version: 1.5.1 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="----enig2THIBILQCFMGUTJMNMUDS" Cc: "freebsd-net@freebsd.org" , Marcel Moolenaar , "freebsd-arch@freebsd.org" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Sep 2013 19:48:53 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2THIBILQCFMGUTJMNMUDS Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 14.09.2013 12:44, Anuranjan Shukla wrote: > Hi, > At Juniper Networks, interface name size was needed to be longer than w= hat FreeBSD has. We're trying to reduce our local changes to FreeBSD to a= llow us an easier time upgrading to newer FreeBSD releases, and support t= he modularization of the network stack we'd proposed earlier. I'm sending= this out to propose changing IFNAMSIZ from 16 to 60 (this is the size w= e use) in FreeBSD. We don't see any downside (other than increasing the i= freq structure size for one) to doing this, as allowing longer interface = names can be handy for vendors. I'd like to hear if there's a strong obje= ction to this. If not, we'd like to get this into to the FreeBSD codebase= =2E Any thoughts/objections highly appreciated. Changing this will break route socket (if_announcemsghdr). We definitely need some rtsock changes in many areas so maybe we can consider bumping rtsock version for 10.0, however it needs to be discussed (maybe at Malta?) >=20 > Thanks, > Anu > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >=20 ------enig2THIBILQCFMGUTJMNMUDS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlI3YJsACgkQwcJ4iSZ1q2lPewCgktgO8IwRZt9JDyeKpSORxy3B Pl4AoJIgtWENYy84EASGGxIH6lD/rTj3 =bbTb -----END PGP SIGNATURE----- ------enig2THIBILQCFMGUTJMNMUDS-- From owner-freebsd-arch@FreeBSD.ORG Wed Sep 18 17:57:41 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 39673EB0 for ; Wed, 18 Sep 2013 17:57:41 +0000 (UTC) (envelope-from bounces+1118583.103798399.388224@icpbounce.com) Received: from drone084.ral.icpbounce.com (drone084.ral.icpbounce.com [216.27.86.141]) by mx1.freebsd.org (Postfix) with ESMTP id BE1772AE0 for ; Wed, 18 Sep 2013 17:57:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=icontactmail1.com; h=Mime-Version:From:To:Date:Subject:List-Unsubscribe:Content-Type:Message-ID; bh=gJDIkOC9Gpr7615TSZnchJB5ofM=; b=gu0/2pgWo81awFr+h7CVFoADju5P4mj7rC2ZX3Ei5Wl3C65RYMuyY4fATPP5VWgHtfi3PIimJX+x ggsQN2Y+Op3Etn/v0SiyGJqYQPg9u5pAYN8584/H18tyYFAzBtdiZMk7HomzIyfN/2hC8RtgABWG RPzbfsJeGBw7SnVVuDM= Mime-Version: 1.0 From: "Scott Brown" To: Date: Wed, 18 Sep 2013 13:37:16 -0400 Subject: Purchase Order & Working Capital Errors-To: bounces+1118583.103798399.388224@icpbounce.com X-List-Unsubscribe: X-Unsubscribe-Web: X-ICPINFO: X-Return-Path-Hint: bounces+1118583.103798399.388224@icpbounce.com Message-ID: <0.1.177.641.1CEB495B7B0D2E6.0@drone084.ral.icpbounce.com> Content-Type: text/plain; charset = "utf-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Sep 2013 17:57:41 -0000 * I've recently been blessed to be able to help several banks , CPA's and= =0Alending institutions with their clients cash flow needs where the clien= t was=0Anot yet bankable or the bank needed an exit strategy from existing = revolvers.=0A=0AFeel fee to call me or email if I can answer any questions.= =0A=0AScott=0A=0ACreative Working Capital Factoring=0A=0APurchase Order Fin= ancing=0A=0A[1]www.MidlandAmericanCapital.com=0A=0AScott P Brown = 11175 Cicero Dr ~ Ste 100=0A=0A(770) 880-9208 = Alpharetta, GA=0A30022=0A=0Asbrown@= midlandamericancapital.com=0A=0A(3) Recent Purchase Order Transactions=0A= =0ABelow are just a few examples of recent Purchase Order financings we hav= e=0Acompleted. If you or someone you know needs Working Capital, or Funding= for a=0Asingle or multiple ongoing Purchase Orders - give me a call at (77= 0) 880-9208.=0ABest - Scott.=0A=0AAmmunition Manufacturer=0A=0APurchase Ord= er=0A=0A&=0A=0AAccounts Receivable=0A=0A$ 500,000=0A=0ACompany in the Carol= inas manufacturers custom and branded ammunition in various=0Acalibers. The= y sell to major chain Athletic stores, U.S. Government, and Gun=0AStores th= roughout the U.S.=0A=0AMain Concerns Solved:=0A* Purchase or Brass and GunP= owder QUICKLY when it becomes available=0A* Speed of reacting to incoming o= rders=0A* Unique Product=0A* Regulations=0A=0AI.T. Sales & Service Company= =0A=0APurchase Order=0A=0A&=0A=0AAccounts Receivable=0A=0A$ 900,000=0A=0APr= ovided a Purchase Order facility offering 100% funding of all purchase cost= s=0Aof computers to fill orders, using an Int'l Letter of Credit to supplie= r.=0ACompany was able to fill orders quickly, and with security having not = forwarded=0Acash overseas.=0A=0AMain Concerns Solved:=0A* Funding 100% of c= osts to supplier - not the 70% our competitors offer=0A* Sending deposits a= nd final payment overseas without goods being inspected=0A=0ABoiler Repair = & Installation Service Company=0A=0AAccounts Receivable=0A=0A$500,000=0A=0A= Provided a Working Capital line so that upon invocing at completion of serv= ice,=0Athe company could draw on it's Accounts Receivable for Payroll and o= ther costs=0Aalong the way before payments would be received from Net 30 bi= lling.=0A=0AMain Concerns Solved:=0A* Payroll - on time - Weekly=0A* Vendor= s and Supply Chain paid timely for parts=0A* Payroll Taxes=0A* Maintain Ove= rhaed payments timely=0A=0AIf you or your client needs Purchase Order Finan= cing, or Non-Invasive Factoring=0Aplease don't hesitate to contact me. I am= always enthusiastic to help.=0A=0ARegards,=0A=0AScott Brown=0A=0A(770) 880= -9208=0A=0Asbrown@midlandamericancapital.com=0A=0Awww.MidlandAmericanCapita= l.com=0A=0AWhat makes us Different?=0A=0AA Lot ! We are different from othe= r providers in that we remove all the barriers=0Ato great service, and neve= r require our clients to sign a term commitment or pay=0Aexit fees.=0A=0ACo= mpetitors Midland=0A=0A[2]=0A=0AJoin me on Linked=0A=0Awww.MidlandA= mericanCapital.com=0A=0APhone: 770-880-9208 SBrown@mindlandAmericanCapita= l.com=0A=0AReferences=0A=0A1. http://www.MidlandAmericanCapital.com/=0A2. h= ttp://www.linkedin.com/in/scottprestonbrown/=0A=0AThis message was sent to freebsd-arch@freebsd.org from: Midland American Capital | 6470 Ga Hwy 400 S.E. Financial Center | Cumming, GA 30028=0A=0AUnsubscribe:=0Ahttp://app.icontact.com/icp/mmail-mprofile.pl?r=3D103798399&l=3D10242&s=3DQKNV&m=3D388224&c=3D1118583=0A=0A=0A From owner-freebsd-arch@FreeBSD.ORG Thu Sep 19 19:57:16 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 949326AC; Thu, 19 Sep 2013 19:57:16 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from vps.hungerhost.com (vps.hungerhost.com [216.38.53.176]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 5E91F25E2; Thu, 19 Sep 2013 19:57:16 +0000 (UTC) Received: from [209.249.190.124] (port=62392 helo=gnnmac.hudson-trading.com) by vps.hungerhost.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80.1) (envelope-from ) id 1VMkLg-0005US-Sg; Thu, 19 Sep 2013 15:57:13 -0400 Content-Type: multipart/signed; boundary="Apple-Mail=_C4650C93-33A2-491F-AF25-1F753C6C0524"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) Subject: Re: Network stack changes From: George Neville-Neil In-Reply-To: Date: Thu, 19 Sep 2013 15:57:14 -0400 Message-Id: References: <521E41CB.30700@yandex-team.ru> <6BDA4619-783C-433E-9819-A7EAA0BD3299@neville-neil.com> <20130914142802.GC71010@onelab2.iet.unipi.it> To: Luigi Rizzo X-Mailer: Apple Mail (2.1510) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vps.hungerhost.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - neville-neil.com X-Get-Message-Sender-Via: vps.hungerhost.com: authenticated_id: gnn@neville-neil.com Cc: freebsd-hackers@freebsd.org, Luigi Rizzo , FreeBSD Net , "freebsd-arch@freebsd.org Arch" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Sep 2013 19:57:16 -0000 --Apple-Mail=_C4650C93-33A2-491F-AF25-1F753C6C0524 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 On Sep 14, 2013, at 15:24 , Luigi Rizzo wrote: > On Saturday, September 14, 2013, Olivier Cochard-Labb=E9 = > wrote: >> On Sat, Sep 14, 2013 at 4:28 PM, Luigi Rizzo = wrote: >>>=20 >>> IXIA ? For the timescales we need to address we don't need an IXIA, >>> a netmap sender is more than enough >>>=20 >>=20 >> The great netmap generates only one IP flow (same src/dst IP and same >> src/dst port). >=20 > True the sample app generates only one flow but it is trivial to = modify it > to generate multiple flows. My point was, we have the ability to = generate > high rate traffic, as long as we do tolerate a .1-1us jitter. Beyond = that, > you do need some ixia-like solution. >=20 On the bandwidth side, can a modern sender with netmap really do a full = 10G? I hate the cost of an IXIA but I have not been able to destroy our stack as effectively with = anything else. Best, George --Apple-Mail=_C4650C93-33A2-491F-AF25-1F753C6C0524 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAlI7VxoACgkQYdh2wUQKM9Jk1wCfdVVHR42PXLlq/dg73BvFzzMz hakAn33mXvpLXemWDwab+2RZo1M0Fdmw =CKz7 -----END PGP SIGNATURE----- --Apple-Mail=_C4650C93-33A2-491F-AF25-1F753C6C0524-- From owner-freebsd-arch@FreeBSD.ORG Thu Sep 19 19:54:37 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 052ED5D9; Thu, 19 Sep 2013 19:54:37 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from vps.hungerhost.com (vps.hungerhost.com [216.38.53.176]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id BD57625BE; Thu, 19 Sep 2013 19:54:36 +0000 (UTC) Received: from [209.249.190.124] (port=62368 helo=gnnmac.hudson-trading.com) by vps.hungerhost.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80.1) (envelope-from ) id 1VMkJ7-0004tj-4j; Thu, 19 Sep 2013 15:54:33 -0400 Content-Type: multipart/signed; boundary="Apple-Mail=_74256DC7-A77D-4FAF-AD38-ED07937269E7"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) Subject: Re: Network stack changes From: George Neville-Neil In-Reply-To: Date: Thu, 19 Sep 2013 15:54:34 -0400 Message-Id: <6ACABEE8-2C0F-435C-8766-7010A8E13042@neville-neil.com> References: <521E41CB.30700@yandex-team.ru> <6BDA4619-783C-433E-9819-A7EAA0BD3299@neville-neil.com> <20130914142802.GC71010@onelab2.iet.unipi.it> To: Luigi Rizzo X-Mailer: Apple Mail (2.1510) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vps.hungerhost.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - neville-neil.com X-Get-Message-Sender-Via: vps.hungerhost.com: authenticated_id: gnn@neville-neil.com X-Mailman-Approved-At: Thu, 19 Sep 2013 20:29:31 +0000 Cc: "Alexander V. Chernikov" , Adrian Chadd , Andre Oppermann , "freebsd-hackers@freebsd.org" , "freebsd-arch@freebsd.org" , Luigi Rizzo , "Andrey V. Elsukov" , Gleb Smirnoff , FreeBSD Net , =?iso-8859-1?Q?Olivier_Cochard-Labb=E9?= X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Sep 2013 19:54:37 -0000 --Apple-Mail=_74256DC7-A77D-4FAF-AD38-ED07937269E7 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 On Sep 14, 2013, at 15:24 , Luigi Rizzo wrote: >=20 >=20 > On Saturday, September 14, 2013, Olivier Cochard-Labb=E9 = wrote: > > On Sat, Sep 14, 2013 at 4:28 PM, Luigi Rizzo = wrote: > >> > >> IXIA ? For the timescales we need to address we don't need an IXIA, > >> a netmap sender is more than enough > >> > > > > The great netmap generates only one IP flow (same src/dst IP and = same > > src/dst port). >=20 > True the sample app generates only one flow but it is trivial to = modify it to generate multiple flows. My point was, we have the ability = to generate high rate traffic, as long as we do tolerate a .1-1us = jitter. Beyond that, you do need some ixia-like solution. >=20 On the bandwidth side, can a modern sender with netmap really do a full = 10G? I hate the cost of an IXIA but I have not been able to destroy our stack as effectively with = anything else. Best, George --Apple-Mail=_74256DC7-A77D-4FAF-AD38-ED07937269E7 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAlI7VnoACgkQYdh2wUQKM9JwnACfY/BgMc+68oW3u/1O5QAee5XK b5AAn1CgRTscID/9hbZd32Uz4L6V8Zoj =UieT -----END PGP SIGNATURE----- --Apple-Mail=_74256DC7-A77D-4FAF-AD38-ED07937269E7-- From owner-freebsd-arch@FreeBSD.ORG Thu Sep 19 20:03:39 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 8347D89E; Thu, 19 Sep 2013 20:03:39 +0000 (UTC) (envelope-from luigi@onelab2.iet.unipi.it) Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238]) by mx1.freebsd.org (Postfix) with ESMTP id 3712B265C; Thu, 19 Sep 2013 20:03:39 +0000 (UTC) Received: by onelab2.iet.unipi.it (Postfix, from userid 275) id 99B4E7300A; Thu, 19 Sep 2013 22:08:59 +0200 (CEST) Date: Thu, 19 Sep 2013 22:08:59 +0200 From: Luigi Rizzo To: George Neville-Neil Subject: Re: Network stack changes Message-ID: <20130919200859.GA68598@onelab2.iet.unipi.it> References: <521E41CB.30700@yandex-team.ru> <6BDA4619-783C-433E-9819-A7EAA0BD3299@neville-neil.com> <20130914142802.GC71010@onelab2.iet.unipi.it> <6ACABEE8-2C0F-435C-8766-7010A8E13042@neville-neil.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <6ACABEE8-2C0F-435C-8766-7010A8E13042@neville-neil.com> User-Agent: Mutt/1.5.20 (2009-06-14) X-Mailman-Approved-At: Thu, 19 Sep 2013 20:58:32 +0000 Cc: "Alexander V. Chernikov" , Adrian Chadd , Andre Oppermann , "freebsd-hackers@freebsd.org" , "freebsd-arch@freebsd.org" , Luigi Rizzo , "Andrey V. Elsukov" , Gleb Smirnoff , FreeBSD Net , Olivier Cochard-Labb? X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Sep 2013 20:03:39 -0000 On Thu, Sep 19, 2013 at 03:54:34PM -0400, George Neville-Neil wrote: >=20 > On Sep 14, 2013, at 15:24 , Luigi Rizzo wrote: >=20 > >=20 > >=20 > > On Saturday, September 14, 2013, Olivier Cochard-Labb? wrote: > > > On Sat, Sep 14, 2013 at 4:28 PM, Luigi Rizzo wro= te: > > >> > > >> IXIA ? For the timescales we need to address we don't need an IXIA, > > >> a netmap sender is more than enough > > >> > > > > > > The great netmap generates only one IP flow (same src/dst IP and same > > > src/dst port). > >=20 > > True the sample app generates only one flow but it is trivial to modify= it to generate multiple flows. My point was, we have the ability to genera= te high rate traffic, as long as we do tolerate a .1-1us jitter. Beyond tha= t, you do need some ixia-like solution. > >=20 >=20 > On the bandwidth side, can a modern sender with netmap really do a full 1= 0G? I hate the cost of an > IXIA but I have not been able to destroy our stack as effectively with an= ything else. yes george, you can download the picobsd image http://info.iet.unipi.it/~luigi/netmap/20120618-netmap-picobsd-head-amd64.b= in and try for yourself. Granted this does not have all the knobs of an ixia but it can surely blast the full 14.88 Mpps to the link, and it only takes a bit of userspace programming to generate reasonably arbitrary streams of packets. A netmap sender/receiver is not CPU bound even with 1 core. cheers luigi =7F > Best, > George From owner-freebsd-arch@FreeBSD.ORG Fri Sep 20 21:16:00 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 29B18AEF; Fri, 20 Sep 2013 21:16:00 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from vps.hungerhost.com (vps.hungerhost.com [216.38.53.176]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id E400F224C; Fri, 20 Sep 2013 21:15:59 +0000 (UTC) Received: from [209.249.190.124] (port=56602 helo=gnnmac.hudson-trading.com) by vps.hungerhost.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80.1) (envelope-from ) id 1VN83Q-0005Ei-1G; Fri, 20 Sep 2013 17:15:56 -0400 Content-Type: multipart/signed; boundary="Apple-Mail=_29BA3DEA-E25B-4508-A37B-5E1B8A859AA6"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) Subject: Re: Network stack changes From: George Neville-Neil In-Reply-To: <20130919200859.GA68598@onelab2.iet.unipi.it> Date: Fri, 20 Sep 2013 17:15:55 -0400 Message-Id: <21E37353-EC5A-45FE-89CD-DD3E5B8C4E86@neville-neil.com> References: <521E41CB.30700@yandex-team.ru> <6BDA4619-783C-433E-9819-A7EAA0BD3299@neville-neil.com> <20130914142802.GC71010@onelab2.iet.unipi.it> <6ACABEE8-2C0F-435C-8766-7010A8E13042@neville-neil.com> <20130919200859.GA68598@onelab2.iet.unipi.it> To: Luigi Rizzo X-Mailer: Apple Mail (2.1510) X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vps.hungerhost.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - neville-neil.com X-Get-Message-Sender-Via: vps.hungerhost.com: authenticated_id: gnn@neville-neil.com X-Mailman-Approved-At: Fri, 20 Sep 2013 22:57:26 +0000 Cc: "Alexander V. Chernikov" , Adrian Chadd , Andre Oppermann , "freebsd-hackers@freebsd.org" , "freebsd-arch@freebsd.org" , Luigi Rizzo , "Andrey V. Elsukov" , Gleb Smirnoff , FreeBSD Net , Olivier Cochard-Labb? X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Sep 2013 21:16:00 -0000 --Apple-Mail=_29BA3DEA-E25B-4508-A37B-5E1B8A859AA6 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On Sep 19, 2013, at 16:08 , Luigi Rizzo wrote: > On Thu, Sep 19, 2013 at 03:54:34PM -0400, George Neville-Neil wrote: >>=20 >> On Sep 14, 2013, at 15:24 , Luigi Rizzo wrote: >>=20 >>>=20 >>>=20 >>> On Saturday, September 14, 2013, Olivier Cochard-Labb? = wrote: >>>> On Sat, Sep 14, 2013 at 4:28 PM, Luigi Rizzo = wrote: >>>>>=20 >>>>> IXIA ? For the timescales we need to address we don't need an = IXIA, >>>>> a netmap sender is more than enough >>>>>=20 >>>>=20 >>>> The great netmap generates only one IP flow (same src/dst IP and = same >>>> src/dst port). >>>=20 >>> True the sample app generates only one flow but it is trivial to = modify it to generate multiple flows. My point was, we have the ability = to generate high rate traffic, as long as we do tolerate a .1-1us = jitter. Beyond that, you do need some ixia-like solution. >>>=20 >>=20 >> On the bandwidth side, can a modern sender with netmap really do a = full 10G? I hate the cost of an >> IXIA but I have not been able to destroy our stack as effectively = with anything else. >=20 > yes george, you can download the picobsd image >=20 > = http://info.iet.unipi.it/~luigi/netmap/20120618-netmap-picobsd-head-amd64.= bin >=20 > and try for yourself. >=20 > Granted this does not have all the knobs of an ixia but it can > surely blast the full 14.88 Mpps to the link, and it only takes a > bit of userspace programming to generate reasonably arbitrary streams > of packets. A netmap sender/receiver is not CPU bound even with 1 = core. >=20 Interesting. It's on my todo. Best, George --Apple-Mail=_29BA3DEA-E25B-4508-A37B-5E1B8A859AA6 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAlI8uwwACgkQYdh2wUQKM9JIWACgpOJvsdpta8LeagEQjmfUqK6A 3UgAn3Gtxy5iTWaOG3Fm795QRtdlskbC =nLsl -----END PGP SIGNATURE----- --Apple-Mail=_29BA3DEA-E25B-4508-A37B-5E1B8A859AA6--