woodsb02
commented
2 years ago It’s worth noting that the behaviour of bridge has changed in FreeBSD 14 that resolves this, but it’s not going to be backported to FreeBSD 13, so may still be worth fixing in jib/bastille.
Refer to the follow FreeBSD source changes in CURRENT.
if_bridge: allow MTU changes https://cgit.freebsd.org/src/commit/sys/net/if_bridge.c?id=33306493825b291a308c0d37396e82de458f6cfe
if_bridge: change MTU for new members https://cgit.freebsd.org/src/commit/sys/net/if_bridge.c?id=1865ebfb12ddaf3d0ff1458e6152b3cb1f1bdee8
[MANDATORY] Describe the bug [MANDATORY] The script
/usr/local/bin/jibdoes not create epair(4) devices with the correct MTU. If the external interface and bridge are using mtu 9001 (for jumbo frames), the epair(4) devices attempt to get created with a default MTU of 1500 which results in an error:[MANDATORY] Bastille and FreeBSD version (paste
bastille -v && freebsd-version -kruoutput) 0.9.20220216 13.1-RELEASE 13.1-RELEASE 13.1-RELEASE[MANDATORY] How did you install bastille? (port/pkg/git) pkg
[optional] Steps to reproduce? Set MTU of external network interface to 9001 and attempt to create a VNET jail. It will fail and leave epair* devices lying around.
[optional] Expected behavior The epair(4) devices MTU must match that of the bridge, and the VNET jail will be created correctly.
[optional] Screenshots No screenshots available
[optional] Additional context The original
/usr/share/examples/jails/jib(on 13.1-RELEASE) line 309:I was able to workaround it by changing the line to:
However, this was just a quick fix for my use case. It would be better for the script to query the mtu of the bridge and set the mtu accordingly. Something like: