09:09:36 The first one is a surprise, we should look at that, thanks. 09:10:12 pkgdepend now needs one to set PKG_CROSS_DEPEND if you're doing cross dependency resolution (and of course you need a recent pkgdepend). 13:38:45 i'm trying to build a custom bloody iso again, and the build fails in net-snmp. is this a known problem? 13:39:35 oddly enough, it's net-snmp 5.9.4, but the build process extracts 5.7.3 13:57:40 No, it isn't a known problem. The end up building a few different net-snmp versions because we need to ship the old ABI libraries too 14:00:26 i see 14:06:31 There are parallelism problems building some of the older versions, but we build them in series IIRC. 14:07:07 i'm running build.sh manually now in build/net-snmp, maybe that'll make a difference 14:07:24 the errors i saw in the log didn't make much sense and where inconsistent, too 15:28:07 andyf: are there any version requirements for the build host for building omnios-bloody? 18:38:27 hi folks. I'm still wet behind the ears when it comes to illumos & co. i have a strange issue and have spent hours trying to solve it to no avail 18:39:03 i have both ipv4 and ipv6 working perfectly with routes and such, ipf, nat, no issues, when using bhyve branded zones. 18:39:49 when using illumos zones ipv4 'just works', but ipv6 (configured identically) does not seem to, and i'm scratching my head 18:40:53 https://gist.github.com/dspearson/946f87fca8956a93912a85ddffb7307a - here's the relevant information (zonecfg dumps from nonfunctioning illumos zone, the same from functioning bhyve, and view of the interfaces in the illumos zone) 18:42:32 the ipv6 interface is 'down' when bringing up the zone, with no configuration set for the address, despite me using allowed-address with the exclusive ip-type as required. 18:44:31 I may not be understanding how this stuff works - it's just odd that all works fine under bhyve, maybe there's some limitation i'm unaware of, or something i need to set. I'm a real newcomer to this ecosystem. any help appreciated! 18:46:02 dsp-: Do you have the ndp service running? 18:48:15 probably not :) just googling it now 18:48:35 That's required for IPv6. 18:49:49 my understanding (maybe from incorrect/outdated stuff) was that autoconfiguration doesn't work with allowed-address, since there's one per interf. I probably misunderstood or read outdated info 18:50:20 will configure it and test. 18:50:35 So, allowed-address doesn't mean that gets configured. 18:50:41 That means the guest is allowed to use it. 18:51:18 You still need to specify if you want a static address (which, if that's the same as what you want for allowed-address, you don't need allowed-address) or dynamic address (addrconf). 18:51:54 An allowed-address is one that the guest is allowed to configure and use on its own, but will not necessarily use. 18:52:45 It's often specified in the case of something like vrrp/carp/anycast where the instance has it's own dedicated primary address, but that's a supplemental address that may or may not be in use at any particular time. 19:01:12 well, allowed-address auto conf'd the ipv4 value, which is why i assumed the same behaviour with ipv6 19:01:42 but even without that i thought i'd at least be able to do ipadm create-addr -T addrconf & static set, but i guess no 19:01:58 still cutting my teeth on v6 tbh :) 19:02:39 Hmm. Yeah... 19:03:34 I have to admit, I don't really know how all of that is plumbed on OmniOS. I most often use SmartOS, but I do make heavy use of IPv6. 19:06:11 in the global zone i have igb0 as the external, theni have a bunch of etherstubs, all those have addrconf (linklocal) & static (globally routable) manually created using ipadm (a ${zone}gw0 vnic), then bhyve zones on the etherstub, and the zone can reach the internet using the gw0 vnic as an ipv6 gateway, without me having touched ndp 19:06:42 but yeah i'll see if i can understand how to get this working and see if it solves my problem. 19:07:42 Yeah, and that's all very different than how it's done on SmartOS, so...idk, maybe you can do without ndp in that case. 19:12:44 On Tribblix, I have to disable allowed-address in order to get IPv6 to work 19:13:40 My recollection is that the problem is that allowed-address is only a single address (unlike S11 where you can give a list), but you need to allow both the static one and the addrconf one 19:15:56 yes, though that doesn't mesh with how i can do the same successfully in a bhyve zone also using the same thing 19:16:03 also the following seems bizarre: 19:18:03 For bhyve, it might work because the restrictions are imposed on the vnic but you're actually manipulating the interface inside the VM, so the addrconf address won't actaully be able to talk to the outside world but can be brought up? 19:18:07 https://gist.github.com/dspearson/83b69921529d41a05d395757f607ea7c 19:18:21 perhaps you're right there yes 19:20:06 allowed-address is really useful with my multi-tenant setup so that people don't go impersonating each other, not sure i can really do without it. but if it really only allows one per vnic, it makes it not useful in this case i guess 19:22:38 allowed-address is also a mandatory property for ip-type=exclusive i think - at least i had errors when omitting it 19:28:18 I guess I could manually restrict routing of addresses via ipf6 but still not sure how i'd even disable allowed-address for exclusive ip type on illumos brand. 19:33:12 dsp-: You can just enforce ip-nospoof 19:41:55 ah, I'll have to look into that. and I managed to get ipv6 config working in my zone with some creativity. 19:43:14 the net config (omitting both allowed-address and defrouter (which makes allowed-address mandatory): add net; set physical="auth1"; set global-nic="mgmt0"; end 19:45:35 manual config of the addrconf, static ipv6, and setting the route through the etherstub ipv6gw (route -p add -inet6 default 2a01:4f9:5a:20a5::4320 -ifp auth1) 19:47:07 so i guess i'll look into the ip-nospoof, and can probably also limit addresses using ipf6 if needed. thanks for the pointers folks. 20:02:01 yep, all works perfectly now. super :)