kern/178482: [ipfw] logging problem from vnet jail

Ian Smith smithi at nimnet.asn.au
Thu May 23 11:50:01 UTC 2013


The following reply was made to PR kern/178482; it has been noted by GNATS.

From: Ian Smith <smithi at nimnet.asn.au>
To: Joe <fbsd8 at a1poweruser.com>
Cc: bug-followup at FreeBSD.org
Subject: Re: kern/178482: [ipfw] logging problem from vnet jail
Date: Thu, 23 May 2013 21:45:24 +1000 (EST)

  > You have the incorrect conclusion. Let me reword what was stated in the
  > original pr to give a clearer picture of the pr. IPFW log messages coming
  > from a IPFW process running inside of a jail(8) vnet jail are being written
  > to the hosts /etc/log/security file and not to the vnet jail's
  > /etc/log/security file.
 
 Exactly so; if rewording what I said assists comprehension, fine.
 
  > If the host is also running ipfw, it's logging
  > messages are intermingled with those coming from the vnet jail ipfw process.
  > And yes Anders Hagman did confirm this per the link you provided.
 
 Again, exactly so.  Anders used different rule numbers on host and jail
 which made following the log easier, but your example log is followable.
 
  > > Since you set verbose_limit=0, you shouldn't expect to see anything from
  > > ipfw in /var/log/messages, on either host or jail.
  > 
  > I don't know how you can to that conclusion. verbose_limit is not mentioned
  > in this pr. You are incorrect. verbose_limit is not set for this pr test.
 
 Sigh.  Paragraphs 4 and 5 of _this_ PR:
 
 # ran on the host
 # /root >sysctl net.inet.ip.fw.verbose
 net.inet.ip.fw.verbose: 1
 
 # /root >sysctl net.inet.ip.fw.verbose_limit
 net.inet.ip.fw.verbose_limit: 0
 
  > > Strange that there were not even normal bootup messages on the host?
  > 
  > Thats because I deleted all content before running this test to make the
  > output simple. What purpose would showing boot messages serve?
 
 You may find tail(1) useful.
 
 Ian


More information about the freebsd-ipfw mailing list