pf NAT and VNET Jails
Shawn Webb
shawn.webb at hardenedbsd.org
Tue Nov 10 22:33:30 UTC 2015
On Tue, Nov 10, 2015 at 01:45:21PM -0800, NGie Cooper wrote:
> On Tue, Nov 10, 2015 at 1:28 PM, Kristof Provost <kp at freebsd.org> wrote:
> > On 2015-11-09 21:47:01 (-0500), Shawn Webb <shawn.webb at hardenedbsd.org> wrote:
> >> I found the problem: it seems that the new Intel Haswell graphics
> >> support (which I've been running with) is at odds somehow with pf NAT.
> >> Removing Haswell graphics support means working pf NAT.
> >>
> > That's ... very strange.
> >
> > I've built the drm-i915-update-38 branch of http:////github.com/freebsd/freebsd-base-graphics.git,
> > but still haven't managed to reproduce the problem.
> > It is if course entirely possible that it would only manifest if the
> > haswell graphics are actually in use. In that case there's little I can
> > do as I don't have haswell hardware I could test on.
>
> 1. Add memguard(9) support to kernel.
> 2. Set the descriptions for the zones (as noted in the manpage) to
> catch panics when either driver tries to touch eachothers' space.
> Cheers,
> -NGie
I think I might've been between some major pf commits or had some sort
of stale file. I updated to latest HEAD with the new haswell stuff
merged in and all is well.
Thanks for the help in troubleshooting this. I'll keep an eye on it.
Thanks,
--
Shawn Webb
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20151110/bab0782f/attachment.bin>
More information about the freebsd-current
mailing list