Current problem reports assigned to freebsd-jail@FreeBSD.org
Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description p bin/165515 jail [jail][patch] jail: unknown parameter: allow.nomount p bin/161957 jail jls(8): jls -v doesn't show anything if system compile o kern/159918 jail [jail] inter-jail communication failure o kern/156111 jail [jail] procstat -b not supported in jail o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin o conf/149050 jail [jail] rcorder ``nojail'' too coarse for Jail+VNET s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] Bad address with smbfs inside a jail o bin/99566jail [jail] [patch] fstat(1) according to specified jid o bin/32828jail [jail] w(1) incorrectly handles stale utmp slots with 13 problems total. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: Jail source address selection broken, patch for ping
Mark, you can just run a jail with the setfib utility so you don't need to modify all your scripts. # First you need to setup the routing table for each fib # /etc/rc.local setfib 1 route add default 10.1.1.1 setfib 1 route del 192.168.1.0/24 setfib 2 route add default 192.168.1.1 setfib 2 route del 10.1.1.0/24 # For each jail config define a fib id # /etc/rc.conf ... jail_NAME1_ip=10.1.1.2/24 jail_NAME1_fib=1 ... jail_NAME2_ip=192.168.1.2/24 jail_NAME2_fib=2 # Then just exec your jail with the setfib setfib 1 jexec 1 bash Regards - Original Message - From: Mark Felder f...@feld.me To: freebsd-jail@freebsd.org Sent: Monday, April 9, 2012 2:07:14 PM Subject: Re: Jail source address selection broken, patch for ping On Mon, 09 Apr 2012 11:50:35 -0500, Juan F. Díaz y Díaz j...@mrecic.gov.ar wrote: Mark, did you tried using the setfib utility? No, and even if that could have helped I would probably have to modify our monitoring software (Xymon/Hobbit/BigBrother) in undesirable ways to have it launch every child process with setfib. This would certainly be a nasty hack and honestly networking should just work from within a jail; utilities shouldn't have to be tricked into working with a jail's network stack. Here's the results of trying setfib, though: root@xymon:/# setfib 0 fping 192.168.xxx.1 (censored for our privacy) setfib: setfib: Function not implemented Do you have to set some sysctl to get setfib to work in a jail, or does it just not work in jails period? ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org -- Juan F. Diaz y Diaz MRECIC Esmeralda 1212 Piso 3 - Bs As, Argentina +54 (11) 4819 7261 PGP ID 0x27911364 (http://pgp.mit.edu) ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: Jail source address selection broken, patch for ping
On Mon, 09 Apr 2012 14:16:47 -0500, Juan F. Díaz y Díaz j...@mrecic.gov.ar wrote: Mark, you can just run a jail with the setfib utility so you don't need to modify all your scripts. I don't think anyone here is understanding the issue and forcing a routing table will not help. root@jailhost:/# jls -v JID Hostname Path Name State CPUSetID IP Address(es) 3 xymon.xx.net/usr/jails/xymon.xx.net 3 ACTIVE 2 66.xxx.xxx.xxx 192.168.89.xxx -- different vlans for each 192.168.93.xxx 192.168.94.xxx 192.168.95.xxx 192.168.96.xxx 192.168.97.xxx root@jailhost:/# ifconfig (edited output) vlan989: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=103RXCSUM,TXCSUM,TSO4 ether d4:ae:52:6a:ec:d9 inet 192.168.89.xxx netmask 0xff00 broadcast 192.168.89.255 inet6 fe80::d6ae:52ff:fe6a:ecd9%vlan989 prefixlen 64 scopeid 0x6 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL media: Ethernet autoselect (1000baseT full-duplex) status: active vlan: 989 parent interface: bce1 vlan993: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=103RXCSUM,TXCSUM,TSO4 ether d4:ae:52:6a:ec:d9 inet 192.168.93.xxx netmask 0xff00 broadcast 192.168.93.255 inet6 fe80::d6ae:52ff:fe6a:ecd9%vlan993 prefixlen 64 scopeid 0x7 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL media: Ethernet autoselect (1000baseT full-duplex) status: active vlan: 993 parent interface: bce1 vlan994: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=103RXCSUM,TXCSUM,TSO4 ether d4:ae:52:6a:ec:d9 inet 192.168.94.xxx netmask 0xff00 broadcast 192.168.94.255 inet6 fe80::d6ae:52ff:fe6a:ecd9%vlan994 prefixlen 64 scopeid 0x8 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL media: Ethernet autoselect (1000baseT full-duplex) status: active vlan: 994 parent interface: bce1 vlan996: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=103RXCSUM,TXCSUM,TSO4 ether d4:ae:52:6a:ec:d9 inet 192.168.96.xxx netmask 0xff00 broadcast 192.168.96.255 inet6 fe80::d6ae:52ff:fe6a:ecd9%vlan996 prefixlen 64 scopeid 0x9 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL media: Ethernet autoselect (1000baseT full-duplex) status: active vlan: 996 parent interface: bce1 vlan997: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=103RXCSUM,TXCSUM,TSO4 ether d4:ae:52:6a:ec:d9 inet 192.168.97.xxx netmask 0xff00 broadcast 192.168.97.255 inet6 fe80::d6ae:52ff:fe6a:ecd9%vlan997 prefixlen 64 scopeid 0xa nd6 options=21PERFORMNUD,AUTO_LINKLOCAL media: Ethernet autoselect (1000baseT full-duplex) status: active vlan: 997 parent interface: bce1 All of these vlan interfaces go into a SINGLE jail. Setting the fib will not help; the jail already has the default routing table. The problem is that you can't access these different VLANs with many network utilities because it sets your source IP in the packet as the first IP the jail has bound to it: 66.xxx.xxx.xxx ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: Jail source address selection broken, patch for ping
On 9. Apr 2012, at 16:20 , Mark Felder wrote: Hi Mark, thanks a lot for posting the summary. By pure chance I was able to contact bz@ and he provided me with a patch for ping based on his recent work on a similar issue with traceroute. This solved my problem with the system ping utility, but my tests with fping and the ping utility included with our monitoring software still exhibited the same issue. bz informed me that he believes he knows where the bug is in the kernel -- I believe he pointed me to the area of sys/netinet/ip_raw.c around line 461. Jails are getting the first IP as a source no matter what. And maybe to confirm - yes I have told a lot of people in the past to try telnet or similar thing as ping was special, as it's raw sockets etc. In case you have a PR open about this issue please email me the PR number directly (not Cc:ing the list) or ask some FreeBSD committer to assign it to me. As I had originally left the comment there when committed the multi-IP jail source code (or follow-up) and the grief this seems to regularly cause, I will try to get it fixed soon: http://svnweb.freebsd.org/base/head/sys/netinet/raw_ip.c?annotate=229265#l461 Anyway, attached is the patch he asked me to post to the mailing list for those that need a workaround for ping. I'm sure fixing this in the kernel will probably require further discussion among those with actual programming skills :-) It's also available here but it's considered a work-around and prove of concept that this really was the issue: http://people.freebsd.org/~bz/20120407-01-ping-source-addr.diff /bz -- Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do! ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
