Re: Filtering outbound traffic for private address jails?

Sent from my iPhone On 25 Jun 2016, at 23:10, "org.freebsd.secur...@io7m.com" mailto:org.freebsd.secur...@io7m.com>> wrote: Hello. I have been searching for the best part of a day for a solution to this problem and quite frankly cannot believe that I've

Re: ifconfig: BRDGADD lo1: invalid argument

On Sat, Jun 25, 2016 at 4:05 PM, wrote: > Hello! > > On 2016-06-25T23:46:36 +0200 > Marko Zec wrote: >> >> if_bridge(4) works only with ethernet interfaces, and lo(4) isn't such a >> thing. > > Has this always been the case? I'm almost certain that I set up jails > with extra loopback devices th

Re: ifconfig: BRDGADD lo1: invalid argument

Hello! On 2016-06-25T23:46:36 +0200 Marko Zec wrote: > > if_bridge(4) works only with ethernet interfaces, and lo(4) isn't such a > thing. Has this always been the case? I'm almost certain that I set up jails with extra loopback devices that communicated over bridges back in the FreeBSD 6 days.

Re: Filtering outbound traffic for private address jails?

On Sat, Jun 25, 2016 at 4:01 PM, wrote: > Hello. > > I have been searching for the best part of a day for a solution to this > problem and quite frankly cannot believe that I've spent this long on > something that appears to be so simple and that used to be fairly easy > to achieve. Many years ag

Filtering outbound traffic for private address jails?

Hello. I have been searching for the best part of a day for a solution to this problem and quite frankly cannot believe that I've spent this long on something that appears to be so simple and that used to be fairly easy to achieve. Many years ago, I solved this problem on FreeBSD 6, but the way I

Re: ifconfig: BRDGADD lo1: invalid argument

On Sat, 25 Jun 2016 16:42:40 + wrote: > Hello. > > I'm trying to create a bridge interface to isolate some jails on > private addresses. I'm on a near-pristine install of 10.3, updated to > 10.3-p5 via freebsd-update. > > The virtual interface to which the jails will be bound: > > # ifconf

Re: ifconfig: BRDGADD lo1: invalid argument

On 2016-06-25T19:16:06 + Marie Helene Kvello-Aune wrote: > Check that lo1 has same MTU as bridge0. > > Regards, > Marie Helene Hello! Yes, I checked that (as one of the responses from the original thread suggested). Both lo1 and em0 (the real network adapter) have an MTU of 1500. M _

Re: ifconfig: BRDGADD lo1: invalid argument

Check that lo1 has same MTU as bridge0. Regards, Marie Helene On Sat, Jun 25, 2016 at 8:38 PM wrote: > Hello. > > I'm trying to create a bridge interface to isolate some jails on > private addresses. I'm on a near-pristine install of 10.3, updated to > 10.3-p5 via freebsd-update. > > The virtua

ifconfig: BRDGADD lo1: invalid argument

Hello. I'm trying to create a bridge interface to isolate some jails on private addresses. I'm on a near-pristine install of 10.3, updated to 10.3-p5 via freebsd-update. The virtual interface to which the jails will be bound: # ifconfig lo1 create The bridge: # ifconfig bridge create bridge0 #

Re: panic with tcp timers

Ok Lets try this again with my source changed to my @freebsd.net :-) Now I am also attaching a patch for you Gleb, this will take some poking to get in to your NF-head since it incorporates some changes we made earlier. I think this will fix the problem.. i.e. dealing with two locks in the callo

Re: panic with tcp timers

So All of our timers in TCP do something like - INFO-LOCK INP_WLOCK if (inp needs to be dropped) { drop-it } do other work UNLOCK-INP UNLOCK-INFO -- And generally the path “inp needs to be dropped” is rarely taken. So why don’t we change the procedure to