Re: ssl accelerator cards and jail?
On Wed, 2009-07-08 at 16:45 -0400, Michael Scheidell wrote: has anyone done any work with hardware ssl accelerator cards and freebsd? I'm pretty sure. Because it is a;; one kernel, the userland-kernel sysctls just fall through to the host. I've been meaning to try the VMWare ESXi 4.0 PCI card passthrough feature. Let me pass my Sun Crypto 1000 (BCM5921/23) through to a Jailhost FreeBSD 7.2, then try it within a jail. Should be quite a head trip. ~BAS specifically, freebsd 7.1 amd64? and, is it transparent in 'jail' so all jailed servers can use the one card? ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: ssl accelerator cards and jail?
On Fri, 2009-07-24 at 12:11 -0400, Michael Scheidell wrote: thanks. maybe I'll look into one of those and give it a try on 7.1 (worries me that 7.2 has a shorted lifespan than 7.1...) That's by design per the releng document. Hey, my ESXi 4.0 machine is PCI-Express only. My Broadcom cards are 32bit PCI-X. I had a PCI-E but had to return it as a demo. Give me a few days to hack some testing together. ~BAS ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
bind()/sendto() behavior in RELENG_7
All: Did the behavior of bind()/sendto() functions WRT jails change in proximity to the RELENG_7_2 branch? I just spent 1.5 days chasing, what I thought was a bug in Courier-MTA's IPv6 socket selection code within Jails, to realize a paradox of a configuration scenario: My ESTMP client libraries in Courier were programed to explicitly bind() to a specific source address. The system in question was RELENG_7 from last month; but was upgraded to 7.2-R last week, when this problem was observed. After which, I began to receive: Can't assign requested address, as expected. Unfortunately, we also enabled IPv6 on the system at the same time, complicating troubleshooting. The configuration for Courier in the jail is being rsync(1)'d every hour from a production environment (where explicit binding for System-Service abstraction is a security policy requirement) to a DRP system within a Jail. So as far as I know, the explicit bind was always present in the DRP jail and in theory, should never have worked. I hypothesize that after 7.2-R was installed, the correct behavior of bind() began to occur, and that prior to that, it was gracefully allowing Courier to bind() to an IP that wasn't present in the jail. Unfortunately, I don't have any records of what the RELENG_7 build date was of the original jail environment to test this hypothesis. ~BAS ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: anyone using ssl accellorator cards in jail?
On Tue, 2009-03-31 at 07:38 -0700, Michael Scheidell wrote: trying to speed things up. I suspect that syscalls that support acceleration will simply fall right through the jail into the host kernel. I'll be testing that some time next week -- so I'll let you know. I don't think file handle access to /dev/crypto is required for Engine support. Again, I'll let you know ~BAS ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: HEADS UP: r185435 multi-IPv4/v6/no-IP jails in HEAD
On Tue, 2008-12-02 at 21:00 -0500, alexus wrote: as far as I understood HEAD is 8.0-CURRENT The trick is to bribe the right people to get it RFP'd into 7.2R. :) ~BAS -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc. signature.asc Description: This is a digitally signed message part
Re: HEADS UP: r185435 multi-IPv4/v6/no-IP jails in HEAD
On Fri, 2008-12-05 at 20:47 +0100, Dag-Erling Smørgrav wrote: The question is, does it change existing behavior, or just add new functionality? The syntax semantics should be backward compatible, so likely the latter. -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc. signature.asc Description: This is a digitally signed message part
Re: Multiple IPS - Freebsd 7.1
On Wed, 2008-10-01 at 12:39 +, Bjoern A. Zeeb wrote: thoughts on MFCing it to 7-STABLE so it could be in 7.2-R. I cannot Someone might be encouraged by the idea of a nice 21 year scotch under the Christmas tree. Although I'm not holding my breath (Bjoern -- I have to talk to you about that FAST_IPSEC NAT-T patch for FreeBSD), I'm just glad that this wont involve / require a full pullup of Julian Elischer's Vimage and FIB+Multi-Routing-Table changes. Chances of those making way into 7.x are low like Skylab. -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc. IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to [EMAIL PROTECTED]
