On Tue, Sep 29, 2020 at 05:36:15PM -0400, Shawn Webb wrote: > On Tue, Sep 29, 2020 at 11:20:44PM +0200, Kristof Provost wrote: > > > > > > On 28 Sep 2020, at 16:44, Alexander Leidinger wrote: > > > > > Quoting Kristof Provost <kp_at_freebsd.org> (from Mon, 28 Sep 2020 13:53:16 > > > +0200): > > > > > > > On 28 Sep 2020, at 12:45, Alexander Leidinger wrote: > > > > > Quoting Kristof Provost <kp_at_freebsd.org> (from Sun, 27 Sep 2020 > > > > > 17:51:32 +0200): > > > > > > Here???s an early version of a task queue based approach: http://people.freebsd.org/~kp/0001-bridge-Cope-with-if_ioctl-s-that-sleep.patch > > > > > > > > > > > > That still needs to be cleaned up, but this should resolve > > > > > > the sleep issue and the LOR. > > > > > > > > > > There are some issues... seems like inside a jail I can't ping > > > > > systems outside of the hardware. > > > > > > > > > > Bridge setup: > > > > > - member jail A > > > > > - member jail B > > > > > - member external_if of host > > > > > > > > > > If I ping the router from the host, it works. If I ping from one > > > > > jail to another, it works. If I ping from the jail to the IP of > > > > > the external_if, it works. If I ping from a jail to the router, > > > > > I do not get a response. > > > > > > > > > Can you check for 'failed ifpromisc' error messages in dmesg? And > > > > verify that all bridge member interfaces are in promiscuous mode? > > > > > > I have a panic for you...: > > > - startup still in progress = 22 jails in startup, somewhere after a > > > few jails started the panic happened > > > - tcpdump was running on the external interface > > > - a ping to a jail IP from another system was running, the first ping > > > went through, then it paniced > > > > > > First regarding your questions about promisc mode: no error, but the > > > promisc mode is directly disabled again on all interfaces. > > > > > I think I see why you had issues with the promiscuous setting. I???ve > > updated the patch to be even more horrific than it was before. > > > > I can???t explain the panic, and the backtrace also doesn???t appear to be > > directly related to this patch. Not sure what???s going on with that. > > I should have time to test the new patch this weekend. ${LIFE} is > keeping me busy the past few weeks. I'm gonna add an event in my > calendar to remind me to test the patch. heh. Sorry for the delay. I rebuilt with the new patch this morning. Looking good on all fronts, including LORs. Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:25 UTC