On 07/18/2017 02:55 AM, Panagiotes Mousikides wrote:
Den 2017-07-16 kl. 21:11, skrev Alan Somers:
On Sun, Jul 16, 2017 at 2:44 PM, Panagiotes Mousikides
I am working on adding tests to the FreeBSD test suite for testing
network packet filter.
These tests need at least two machines running and connected to each
with one machine generating network traffic and the other running pf and
filtering the traffic. I am looking for a way to fire off a bhyve
to serve as the second machine, the first being the actual machine I am
running the tests on. This should be done completely automatically, with
scripts to configure all network interfaces and to preferably also
set up an
SSH server on the bhyve instance.
This bhyve instance could start off as running the latest stable
FreeBSD, or it could be configured to run a snapshot of the development
tree. The aim is to have the desired version of FreeBSD that we want to
test running on it. Ideally this would be done in such a way that we
reuse the machine for further tests, instead of rebuilding everything
scratch for each test.
What I am looking for is the best way to do this, preferably so that
be easily integrated into the CI work being done at Jenkins. What do
think? Any input is welcome!
All the best,
It's possible to setup CI systems that involve multiple machines
networked together. I've done it. But it's complicated, fragile, and
slow. I advise you to consider very carefully whether you truly need
multiple VMs. What about creating an epair(4)? You could run pf on
epair0b and generate traffic from epair0a. That would be faster than
spinning up VMs, and would be very easy to integrate into any other CI
system. Would that work?
Thank you for the tip about epair(4), it sounds really like an
interesting approach to my problem. I will look into it!
It would be great if you use vnet jails for that. I am not
sure regarding the per-vnet pf functionality but I have seen
many bug fixes hitting the tree since last year. You can ask
on freebsd-virtualizat...@freebsd.org or freebsd...@freebsd.org
to learn more about it.
Pf within a jail should behave more or less like the "normal" one.
Plus you will be testing per-vnet functionality, which the project
needs anyhow, in one go.
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"