Extra Properties in resource net show as not valid

[Makr91]

Hello All,

After getting pfSense to work in CARP using the e1000 interfaces using zonecfg, I generally use zadm noVNC or zlogin or zadm to access the zone. When I use zadm I am getting this warning:

I was told this is how I should configure these settings in zonecfg for promiscuous, mac spoofing and other flags:

Warning:

example zonecfg:

zonename: 1014--firewall-04.dc-01.m4kr.net
zonepath: /Array-0/zones/1014--firewall-04.dc-01.m4kr.net/path
brand: bhyve
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: exclusive
hostid:
fs-allowed:
net:
        address not specified
        allowed-address not specified
        defrouter not specified
        global-nic not specified
        mac-addr not specified
        physical: vnice3_1014_0
        vlan-id not specified
        property: (name=promiscphys,value="on")
        property: (name=allow_ip_spoofing,value="true")
        property: (name=allow_mac_spoofing,value="true")
net:
        address not specified
        allowed-address not specified
        defrouter not specified
        global-nic not specified
        mac-addr not specified
        physical: vnici3_1014_0
        vlan-id not specified
        property: (name=promiscphys,value="on")
        property: (name=allow_ip_spoofing,value="true")
        property: (name=allow_mac_spoofing,value="true")
net:
        address not specified
        allowed-address not specified
        defrouter not specified
        global-nic not specified
        mac-addr not specified
        physical: vnicc3_1014_0
        vlan-id not specified
device:
        match: /dev/zvol/rdsk/Array-0/zones/1014--firewall-04.dc-01.m4kr.net/boot
attr:
        name: acpi
        type: string
        value: true
attr:
        name: ram
        type: string
        value: 8G
attr:
        name: bootrom
        type: string
        value: BHYVE_RELEASE
attr:
        name: hostbridge
        type: string
        value: i440fx
attr:
        name: diskif
        type: string
        value: virtio-blk
attr:
        name: bootdisk
        type: string
        value: Array-0/zones/1014--firewall-04.dc-01.m4kr.net/boot
attr:
        name: type
        type: string
        value: generic
attr:
        name: vcpus
        type: string
        value: 4
attr:
        name: vnc
        type: string
        value: on
attr:
        name: netif
        type: string
        value: e1000

[hadfl]

Hi @Makr91,

you are seeing the warnings because neither allow_ip_spoofing nor allow_mac_spoofing properties for net resources are supported by OmniOS zone brands (iirc they are supported by SmartOS zone brands).

On OmniOS you have to show/set the vnic properties with dladm:

hadfl@nemesis:~$ dladm show-linkprop -p protection lx0
LINK         PROPERTY        PERM VALUE          DEFAULT        POSSIBLE
lx0          protection      rw   --             --             mac-nospoof,
                                                                restricted,
                                                                ip-nospoof,
                                                                dhcp-nospoof

[Makr91]

Oh, I must have been confused by this Issue then:

https://github.com/omniosorg/illumos-omnios/issues/1039#issuecomment-1037241914

Can you clarify further?

[Makr91]

Also, do you think that is why this works for me on E1000 netif configurations and not virtio because the setting is not actually applying this way?

So these possible values are a little confusing, I want to enable spoofing, these options name seem to indicate to disable it. Can you also confirm the command to enable mac and ip spoofing?

[hadfl]

Oh, I must have been confused by this Issue then:

omniosorg/illumos-omnios#1039 (comment)

Can you clarify further?

The promiscphys net property is supported by the OmniOS bhyve brand, it's just allow_ip_spoofing and allow_mac_spoofing which are not.

[Makr91]

Thanks, Ill close this