VImage - unresolved items
This a loose and unsorted list of possible things the need a proper solution or might want to be virtualized:
resolve ABI constraints for container structs (DONE)
- Step-by-step file-by-file walk through to review the list of virtualized variables.
virtualize flowtable (DONE)
virtualize pf (planned after next pf import if ever going to happen) (pfsense people?, someone is going to update pf again, http://svn.f.o/ser/eri/pf45/head/)
- virtualize ipfilter (mail darrenr)
- virtualize IPX (really?)
- virtualize appletalk (really?)
Fix SCTP (rrs, tuexen, bz) (DONE during EuroBSDCon 2009)
- make NFS work for root mounts as well as normal mounts in base or inside vimage (partially done mz+bz, root mounts work)
- help bms with multicast mld6 / nd6 + V_ (this needs review and cleanup)
get if_epair int o HEAD (bz)
- correctly handle IPsec/if_enc(4) interactions per stack.
- get rid of explicit panic()s introduced where possible
remove VIMAGE_GLOBALS only shortly before the release if at all? First consolidate the variables (externs or more) in the same places as the constainer structs and defines are. Are we going to keep VIMAGE_GLOBALS or can we remove them for 8.x? (Chnaged by different per-vnet linker implementation)
if_indextoname is broken. (bz, zec comitted r196504)
ifindex + if name collisions + if_* related discussions + /dev/net/* removal? + devd per image (long term)
- VIMAGE kernel in addition to GENERIC like we had GENERIC and SMP before. (bz has the patch, we have LINT-VIMAGE)
Documentation: man pages Jamie handled jail*, handbook, porting guide , ..
Benchmarking (kris + gnn) kris, cache locality of container struts, latency -- container structs are gone
teach netstat etc. about vnet* for core file operations (new world order - kvm needs teaching actually, rwatson and bz)
- AUDIT support for jail names
remove legacy VIMAGE/VPROGC API (DONE)
sysctl to find out how the kernel was compiled Image/KernelOptions (Kind of obsolete in new world order)
Implement Peter's suggestions around the kernel linker and linker sets to get away with the ABI problems for modules. ("new world order" - more like dpcpu)
- How to make sure that non-virtualized things cannot be controlled from within a prison?
lle not properly virtualized; arp -a inside a vnet(n+1) sees everything; ndp -a does not work properly (bz, redone during EuroBSDCon 2009 as sample by mz)
kldload ipfw with a running vnet instance panics (ipfw only half-virtualized - has this been fixed?)
- teach vi_if_move about IFAN enventhandlers
- make interface eventhandlers per-vnet? done already?
[WIP] Better ddb gdb support (ddb partly done by rwatson already)
Changing sysctls not permitted on a vnet inside a jail. (kind of done with a hack that doesn't scale, r196176)
Fix vnet list locking (rwatson)
Use VNET_SYSINIT/VNET_SYSUNINIT rather than vnet_modinfo (rwatson)
Possibly merge kern_vimage.c/vimage.h -> vnet.c/vnet.h
vnet allocator -> vstorage allocator to support !vnet subsystems
- When IPv6 packet flows, it cause short time lockup.
Add your name if you want to pick an item. Add an item if there is more.