On 2017-11-29 06:05, Kristof Provost wrote:
On 29 Nov 2017, at 13:42, Matthias Meyser wrote:
Am 29.11.2017 um 12:40 schrieb Kristof Provost:
I stand by my initial assessment that VNET is not sufficiently stable
in stable/11 to encourage its use there.
There are still issues with IPSec, even in head. See
https://reviews.freebsd.org/D13017 for some more information on that.
Those issues are being addressed in head, but I do not expect VNET to
ever become robust in 11.
I could not find any bug report about those problems.
The issue discussed in D13017 was discovered by the new tests. There’s
no bug report yet, and there probably won’t be one as it’ll likely get
fixed in the next couple of days.
As there are test (your link) that are failing I would expect some
sort of bug report.
They’re new tests. The tests haven’t been committed yet.
If VNET support in /etc/rc.d/ipsec is too "encouraging users" why is
it in /etc/rc.d/[routing|netif|ipfw]. I just don't get it.
You’d have to ask jamie@, but I’d speculate that as this was done
earlier in the development of vnet so the issues that cause my
hesitation now may not have been considered then.
Also, routing is a more common code path than IPSec, thus more likely
to be tested and less likely to explode. (Although that wouldn’t apply
to ipfw.)
I'm afraid I'm no more a vnet expert than anyone else around here.
While I did the bit that put vnet under the auspices of jails, I didn't
have anything to do with the actual networking side of things. On such
esoteric things as how safe is 11 vs Current, I really have no idea.
- Jamie
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[email protected]"
