pflog0 showing up in my vnet jails
R. Tyler Croy
rtyler at brokenco.de
Wed Feb 3 06:12:05 UTC 2021
I noticed this evening that pflog0 is propagated into my vnet-based jails
(12.2-RELEASE) and I'm somewhat surprised to see it there.
My host's /etc/rc.conf simply has `pflog_enable="YES"`, so nothing too
esoteric. My /etc/jail.conf doesn't do anything with pflog0 for the jails, so
the fact that it shows up _feels_ like a bug, from within a jail:
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=0<> metric 0 mtu 33160
groups: pflog
epair2b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:c4:52:c8:47:0b
inet 10.0.1.4 netmask 0xffffff00 broadcast 10.0.1.255
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
#
Fortunately, when I tcpdump that device from within the jail, it has none of
the host pflog0's entries being reported.
Regardless, should I file this as a bug?
Cheers
--
GitHub: https://github.com/rtyler
GPG Key ID: 0F2298A980EE31ACCA0A7825E5C92681BEF6CEA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 839 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20210203/b09efe31/attachment.sig>
More information about the freebsd-pf
mailing list