VIMAGE
Open (Bugzilla) Issues
VIMAGE: Action items before enabling VIMAGE by default in GENERIC kernel
Merge memory leak fixes from BjoernZeeb : http://p4db.freebsd.org/depotTreeBrowser.cgi?FSPC=//depot/user/bz/vimage/src/%E2%80%A6
Merge PF fixes from MartinMatuska : https://svnweb.freebsd.org/base/projects/pf/head/
Some are already in, such as https://svnweb.freebsd.org/base?view=revision&revision=264689
Measure performance: NetworkingPerformanceProject
Olivier Cochard-Labbé has provided some performance test results: https://lists.freebsd.org/pipermail/freebsd-net/2014-October/040091.html
Test ipfw with VIMAGE enabled (DONE)
Test ipfilter with VIMAGE enabled (DONE)
- Test removable USB Ethernet with VIMAGE enabled
- Test Bluetooth with VIMAGE enabled
- Confirm that reported bugs are fixed (see above)
VImage - unresolved items
This a loose and unsorted list of possible things the need a proper solution or might want to be virtualized:
resolve ABI constraints for container structs (DONE)
- Step-by-step file-by-file walk through to review the list of virtualized variables.
virtualize flowtable (DONE)
virtualize pf r276746 (DONE)
virtualize ipfilter r302298 (DONE)
virtualize IPX (really?) (removed in r263152 discussion)
virtualize appletalk (really?) (removed in r263140 discussion)
Fix SCTP (rrs, tuexen, bz) (DONE during EuroBSDCon 2009)
- make NFS work for root mounts as well as normal mounts in base or inside vimage (partially done mz+bz, root mounts work)
- help bms with multicast mld6 / nd6 + V_ (this needs review and cleanup)
get if_epair int o HEAD (bz)
- correctly handle IPsec/if_enc(4) interactions per stack.
- get rid of explicit panic()s introduced where possible
remove VIMAGE_GLOBALS only shortly before the release if at all? First consolidate the variables (externs or more) in the same places as the constainer structs and defines are. Are we going to keep VIMAGE_GLOBALS or can we remove them for 8.x? (Chnaged by different per-vnet linker implementation)
if_indextoname is broken. (bz, zec comitted r196504)
ifindex + if name collisions + if_* related discussions + /dev/net/* removal? + devd per image (long term)
- VIMAGE kernel in addition to GENERIC like we had GENERIC and SMP before. (bz has the patch, we have LINT-VIMAGE)
Documentation: vnet.9 man page Jamie handled jail*, handbook, VIMAGE porting guide, ..
- Benchmarking:
teach netstat etc. about vnet* for core file operations (new world order - kvm needs teaching actually, rwatson and bz)
- AUDIT support for jail names
remove legacy VIMAGE/VPROGC API (DONE)
sysctl to find out how the kernel was compiled Image/KernelOptions (Kind of obsolete in new world order)
Implement Peter's suggestions around the kernel linker and linker sets to get away with the ABI problems for modules. ("new world order" - more like dpcpu)
- How to make sure that non-virtualized things cannot be controlled from within a prison?
lle not properly virtualized; arp -a inside a vnet(n+1) sees everything; ndp -a does not work properly (bz, redone during EuroBSDCon 2009 as sample by mz)
kldload ipfw with a running vnet instance panics (ipfw only half-virtualized - has this been fixed?)
- teach vi_if_move about IFAN enventhandlers
- make interface eventhandlers per-vnet? done already?
[WIP] Better ddb gdb support (ddb partly done by rwatson already)
Changing sysctls not permitted on a vnet inside a jail. (kind of done with a hack that doesn't scale, r196176)
Fix vnet list locking (rwatson)
Use VNET_SYSINIT/VNET_SYSUNINIT rather than vnet_modinfo (rwatson)
Possibly merge kern_vimage.c/vimage.h -> vnet.c/vnet.h
vnet allocator -> vstorage allocator to support !vnet subsystems
- When IPv6 packet flows, it cause short time lockup.
- ..
Add your name if you want to pick an item. Add an item if there is more.