Про qemu и протокол 802.1p
Выпускаю первую ВМ. По сети не пингуется. Локально с гипервизора — всё ок. Лезу на консоль, запускаю что-то типа "tcpdump -nvvvi any" (по-умолчанию выставляется promisc-режим) — ping побежал. Выключаю tcpdump — опять глухо. При запуске с ключом "-p" (запретить неразборчивый режим) tcpdump вообще ничего не видит. Прохождение квеста
https://habr.com/ru/articles/853062/
#8021p #8021q #qemu #UCS #netmap #networkscripts #ingress #tc_qdisc #tc_filter #tc_class
#iptables' #NETMAP target can alter the source IP range exclusive or the destination IP range.
Which it does is dependent on where you use the NETMAP target.
If you use the NETMAP target in the PREROUTING chain of the mangle table, it alters the destination ip range.
If you use the NETMAP target in the POSTROUTING chain of the mangle table, it alters the source IP range.
It has been zero days since #iptables solved a problem I shouldn't have to solve. Specifically the #NETMAP target.
iptables -t mangle -A PREROUTING -s 192.0.2.0/24 -d 198.51.100.0/24 -i eth1 -j MARK --set-xmark 0xdeadbeef/0xffffffff
iptables -t nat -A PREROUTING -s 192.0.2.0/24 -d 198.51.100.0/24 -i eth1 -m mark --mark 0xdeadbeef -j NETMAP --to 192.0.2.0/24
iptables -t nat -A POSTROUTING -s 192.0.2.0/24 -d 192.0.2.0/24 -o eth1 -m mark --mark 0xdeadbeef -j NETMAP --to 198.51.100.0/24
#FastNetMon runs just fine in #FreeBSD jail. The ability to access network interfaces through the #netmap[1] can be easily granted, though the number of threads created exceeds the number of RSS queues available on the NICs. So there is still room for testing, maybe it is worth preparing flame graphs too.
#Tor project intern dev idea: integrate with the new in-kernel TLS feature on #FreeBSD, with NIC TLS offload.
That, and/or #netmap integration.
These kinds of features will drastically increase performance of FreeBSD-based (and #HardenedBSD-based) relays.
Marek Zarychta 
Habr
DrScriptt
Shawn Webb
Queer Supervillainess