I noticed this evening that pflog0 is propagated into my vnet-based jails (12.2-RELEASE) and I'm somewhat surprised to see it there.
My host's /etc/rc.conf simply has `pflog_enable="YES"`, so nothing too esoteric. My /etc/jail.conf doesn't do anything with pflog0 for the jails, so the fact that it shows up _feels_ like a bug, from within a jail: # ifconfig lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 inet 127.0.0.1 netmask 0xff000000 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> pflog0: flags=0<> metric 0 mtu 33160 groups: pflog epair2b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8<VLAN_MTU> ether 02:c4:52:c8:47:0b inet 10.0.1.4 netmask 0xffffff00 broadcast 10.0.1.255 groups: epair media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>) status: active nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> # Fortunately, when I tcpdump that device from within the jail, it has none of the host pflog0's entries being reported. Regardless, should I file this as a bug? Cheers -- GitHub: https://github.com/rtyler GPG Key ID: 0F2298A980EE31ACCA0A7825E5C92681BEF6CEA2
signature.asc
Description: OpenPGP digital signature