From owner-freebsd-jail@FreeBSD.ORG Sun Nov 16 04:27:50 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BC017106567E for ; Sun, 16 Nov 2008 04:27:50 +0000 (UTC) (envelope-from lopez.on.the.lists@yellowspace.net) Received: from mail.yellowspace.net (mail.yellowspace.net [80.190.200.164]) by mx1.freebsd.org (Postfix) with ESMTP id 3A7C88FC1A for ; Sun, 16 Nov 2008 04:27:49 +0000 (UTC) (envelope-from lopez.on.the.lists@yellowspace.net) Received: from five.intranet ([88.217.92.107]) (AUTH: LOGIN lopez.on.the.lists@yellowspace.net) by mail.yellowspace.net with esmtp; Sun, 16 Nov 2008 05:27:48 +0100 id 0035E839.00000000491FA144.00004019 Message-Id: <2192B50F-16AE-4BC8-ACEC-6C5B99804DA0@yellowspace.net> From: Lorenzo Perone To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v929.2) Date: Sun, 16 Nov 2008 05:27:47 +0100 X-Mailer: Apple Mail (2.929.2) Subject: problem possibly related to multi-ip jail patch? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Nov 2008 04:27:50 -0000 Hi all, I've been experiencing problems with one of the machines running FreeBSD 7.1-PRERELEASE #2: Thu Oct 16 20:23:09 CEST 2008 with the multi-ip patch bz_jail7-20080920-01-at150161.diff, and I'm wondering if it possibly related to the patch - in any case, any advice would be very welcome. It happens that mysql (tried both 4.0 and 5.1, in 2 separate jails), at some time stop responding to connections, and mysql gets stuck in sbwait state. It is only killable with kill -9 each of the two mysqlds is running in a jail on one private IP, serving connections to a webserver nearby - the latter having one public and one private IP, communicating with the other jail via the private network. I also experienced two complete system hangs (which must not be necessarily related to the mysql problem) both during a shutdown -r now. one was a panic, in another case the machine was still pingable but did not shut down completely. I could only reset it over the DRAC. here's a screenshot I made over the Dell RAC: http://lorenzo.yellowspace.net/stuck.png Since I'm also using zfs there and the kernel has been built with the DTRACE options. any advice (also about which more details that I should/could provide) would be very welcome... thanx && regards, Lorenzo From owner-freebsd-jail@FreeBSD.ORG Sun Nov 16 10:15:10 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D20741065670 for ; Sun, 16 Nov 2008 10:15:10 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 88D5D8FC18 for ; Sun, 16 Nov 2008 10:15:10 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 3489841C670; Sun, 16 Nov 2008 11:15:08 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id 1RBfjLyiE+q9; Sun, 16 Nov 2008 11:15:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 89FEA41C66F; Sun, 16 Nov 2008 11:15:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 0E3BF444888; Sun, 16 Nov 2008 10:12:39 +0000 (UTC) Date: Sun, 16 Nov 2008 10:12:39 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Ruben van Staveren In-Reply-To: Message-ID: <20081116101126.T61259@maildrop.int.zabbadoz.net> References: X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org Subject: Re: can jail use 2 NICS? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Nov 2008 10:15:10 -0000 On Fri, 14 Nov 2008, Ruben van Staveren wrote: Hi, > I ran into this issue myself, and repatched /etc/rc.d/jail to work with this > > jail_erg_ipv6="net0|2001:980:fff:96::c0a8:181" # Jail's IP > number > jail_erg_ip="192.168.1.129" # Jail's IP number > jail_erg_interface="lo0" > > So default for everything is lo0, but you can override stuff by prefixing and > address with | > > Have fun at http://ruben.is.verweg.com/stuff/jail > of course, YMMV would that work as well with multiple IPs (per address family)? I kind of lost track. An are you also supporting the netmask feature from ru@? -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From owner-freebsd-jail@FreeBSD.ORG Sun Nov 16 10:15:10 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D50551065672; Sun, 16 Nov 2008 10:15:10 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 88E6D8FC19; Sun, 16 Nov 2008 10:15:10 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 2861A41C650; Sun, 16 Nov 2008 11:15:08 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id hw6Sj9eZNrJC; Sun, 16 Nov 2008 11:15:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 8491341C65F; Sun, 16 Nov 2008 11:15:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 21622444888; Sun, 16 Nov 2008 10:10:37 +0000 (UTC) Date: Sun, 16 Nov 2008 10:10:36 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Lorenzo Perone In-Reply-To: <2192B50F-16AE-4BC8-ACEC-6C5B99804DA0@yellowspace.net> Message-ID: <20081116100529.Y61259@maildrop.int.zabbadoz.net> References: <2192B50F-16AE-4BC8-ACEC-6C5B99804DA0@yellowspace.net> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org, freebsd-stable@freebsd.org Subject: Re: hangs for 7.1-PRE [was: problem possibly related to multi-ip jail patch?] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-stable@freebsd.org List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Nov 2008 10:15:11 -0000 On Sun, 16 Nov 2008, Lorenzo Perone wrote: Hi, > I've been experiencing problems with one of the machines running FreeBSD > 7.1-PRERELEASE #2: Thu Oct 16 20:23:09 CEST 2008 with the multi-ip patch > bz_jail7-20080920-01-at150161.diff, and I'm wondering if it possibly related > to the patch - in any case, any advice would be very welcome. bottom line is that most of this looks less likely to be a jail problem. > It happens that mysql (tried both 4.0 and 5.1, in 2 separate jails), at some > time stop responding to connections, and mysql gets stuck in sbwait state. It > is only killable with kill -9 Yeah, I had been seeing mysql hang or go to 99% CPU for years once in a while; it's been more rare the last months. I have seen it in- and outside of jails, with or without patches. You could try to see if you can get backtraces of those processes. > each of the two mysqlds is running in a jail on one private IP, serving > connections to a webserver nearby - the latter having one public and one > private IP, communicating with the other jail via the private network. > > I also experienced two complete system hangs (which must not be necessarily > related to the mysql problem) both during a shutdown -r now. one was a panic, > in another case the machine was still pingable but did not shut down > completely. I could only reset it over the DRAC. here's a screenshot I made > over the Dell RAC: http://lorenzo.yellowspace.net/stuck.png Looking at your image I see more problems before the shutdown so this as well is most likely not a jail problem. > Since I'm also using zfs there and the kernel has been built with the DTRACE > options. > > any advice (also about which more details that I should/could provide) would > be very welcome... I am Cc:ing the answer to stable@ and setting reply-to: to move the discussion there. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From owner-freebsd-jail@FreeBSD.ORG Sun Nov 16 12:21:46 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D3176106567F for ; Sun, 16 Nov 2008 12:21:46 +0000 (UTC) (envelope-from ruben@verweg.com) Received: from erg.verweg.com (unknown [IPv6:2001:980:fff:96::c0a8:181]) by mx1.freebsd.org (Postfix) with ESMTP id 605C38FC12 for ; Sun, 16 Nov 2008 12:21:46 +0000 (UTC) (envelope-from ruben@verweg.com) Received: from neon.niet.verweg.com (helium.xs4all.nl [194.109.251.55]) (authenticated bits=0) by erg.verweg.com (8.14.3/8.14.3) with ESMTP id mAGCLIgg093907 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Sun, 16 Nov 2008 12:21:19 GMT (envelope-from ruben@verweg.com) X-Authentication-Warning: erg.verweg.com: Host helium.xs4all.nl [194.109.251.55] claimed to be neon.niet.verweg.com Message-Id: From: Ruben van Staveren To: "Bjoern A. Zeeb" In-Reply-To: <20081116101126.T61259@maildrop.int.zabbadoz.net> Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-9--577208708" Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v929.2) Date: Sun, 16 Nov 2008 13:21:34 +0100 References: <20081116101126.T61259@maildrop.int.zabbadoz.net> X-Pgp-Agent: GPGMail d52 (v52, Leopard) X-Mailer: Apple Mail (2.929.2) X-Spam-Status: No, score=3.9 required=5.0 tests=DATE_IN_FUTURE_96_XX, SPF_PASS autolearn=no version=3.2.5 X-Spam-Level: *** X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on erg.verweg.com X-Virus-Scanned: ClamAV 0.94.1/8636/Sat Nov 15 05:05:47 2008 on erg.verweg.com X-Virus-Status: Clean X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1 (erg.verweg.com [192.168.1.129]); Sun, 16 Nov 2008 12:21:24 +0000 (UTC) Cc: freebsd-jail@freebsd.org Subject: Re: can jail use 2 NICS? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Nov 2008 12:21:46 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-9--577208708 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit On 16 Nov 2008, at 11:12, Bjoern A. Zeeb wrote: > On Fri, 14 Nov 2008, Ruben van Staveren wrote: > > Hi, > >> I ran into this issue myself, and repatched /etc/rc.d/jail to work >> with this >> >> jail_erg_ipv6="net0|2001:980:fff:96::c0a8:181" # >> Jail's IP number >> jail_erg_ip="192.168.1.129" # Jail's IP number >> jail_erg_interface="lo0" >> >> So default for everything is lo0, but you can override stuff by >> prefixing and address with | >> >> Have fun at http://ruben.is.verweg.com/stuff/jail >> of course, YMMV > > would that work as well with multiple IPs (per address family)? I kind you mean like jail__ip="net0|addr1 net1|addr2" ? it does. > of lost track. An are you also supporting the netmask feature from > ru@? It doesn't do netmask/prefix length but that should be easy to add. btw I am working only against RELENG_7 so I don't know of any new network features in HEAD. Should get a new macbook soon so I can run vmware fusion to check that out ;) > > > -- > Bjoern A. Zeeb Stop bit received. Insert coin for new > game. Cheers, Ruben --Apple-Mail-9--577208708 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) iD8DBQFJIBBPZ88+mcQxRw0RAlURAJ96rSwQpEXomK9dnX/c/qjOeJQpAgCfcKEY /qIV/cyVp8iAaq2gUjhwCbo= =gl+0 -----END PGP SIGNATURE----- --Apple-Mail-9--577208708-- From owner-freebsd-jail@FreeBSD.ORG Sun Nov 16 14:15:08 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2A29F1065670 for ; Sun, 16 Nov 2008 14:15:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id C8B638FC08 for ; Sun, 16 Nov 2008 14:15:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 4456141C65E; Sun, 16 Nov 2008 15:15:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id jYiltSs8QU-k; Sun, 16 Nov 2008 15:15:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 9B63141C650; Sun, 16 Nov 2008 15:15:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id B1CCB444888; Sun, 16 Nov 2008 14:10:35 +0000 (UTC) Date: Sun, 16 Nov 2008 14:10:35 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Ruben van Staveren In-Reply-To: Message-ID: <20081116135929.S61259@maildrop.int.zabbadoz.net> References: <20081116101126.T61259@maildrop.int.zabbadoz.net> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org, Ruslan Ermilov Subject: Re: can jail use 2 NICS? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Nov 2008 14:15:08 -0000 On Sun, 16 Nov 2008, Ruben van Staveren wrote: > > On 16 Nov 2008, at 11:12, Bjoern A. Zeeb wrote: > >> On Fri, 14 Nov 2008, Ruben van Staveren wrote: >> >> Hi, >> >>> I ran into this issue myself, and repatched /etc/rc.d/jail to work with >>> this >>> >>> jail_erg_ipv6="net0|2001:980:fff:96::c0a8:181" # Jail's >>> IP number >>> jail_erg_ip="192.168.1.129" # Jail's IP number >>> jail_erg_interface="lo0" >>> >>> So default for everything is lo0, but you can override stuff by prefixing >>> and address with | >>> >>> Have fun at http://ruben.is.verweg.com/stuff/jail >>> of course, YMMV >> >> would that work as well with multiple IPs (per address family)? I kind > > you mean like jail__ip="net0|addr1 net1|addr2" ? it does. >> of lost track. An are you also supporting the netmask feature from >> ru@? > > It doesn't do netmask/prefix length but that should be easy to add. btw I am > working only against RELENG_7 so I don't know of any new network features in > HEAD. Should get a new macbook soon so I can run vmware fusion to check that > out ;) Having that working as well would be a good thing, and I'd prefer that in constrast to "netmask 255.255.255.255". Only going with prefix notation (which usually would be /32 or /128) instead of having an extra jail__netmask would be something I'd be fine with even though this seems to end up in a long and complicated list of options. See http://svn.freebsd.org/viewvc/base?view=revision&revision=183325 for Ruslan's commit to HEAD which had been discussed here before. So the basic idea could be to only have jail__ip="" jail__ip6="" and each of them would have a format like: [iface|]address[/prefix] where iface and prefix are optional and prefix only makes sense if iface is given? If iface is given it means configure the address with prefix to the given interface; if prefix is not given the default would be /32 for ipv4 and /128 for ipv6. So now this would give really long and complicated lines in rc.conf. Do you think we could have something like the _alias for interface addresses so that it would be like: jail__ip="" # default jail__ip_multi0="" # second IP of the jail jail__ip_multi1="" # third IP of the jail jail__ip_multi2="" # 4th IP of the jail and similar for IPv6? (multi might not be the best suffix) Something along those lines? Ruslan, what do you think about something like that? We could have that for HEAD and 7 just now and add the _multi support with the multi-IP jail patches? Could you and Ruben work together to build this? Regards, Bjoern -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From owner-freebsd-jail@FreeBSD.ORG Mon Nov 17 11:06:52 2008 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B85B5106567B for ; Mon, 17 Nov 2008 11:06:52 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id A7BAB8FC17 for ; Mon, 17 Nov 2008 11:06:52 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mAHB6qwu082568 for ; Mon, 17 Nov 2008 11:06:52 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mAHB6q2D082564 for freebsd-jail@FreeBSD.org; Mon, 17 Nov 2008 11:06:52 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 17 Nov 2008 11:06:52 GMT Message-Id: <200811171106.mAHB6q2D082564@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2008 11:06:52 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/126368 jail [jail] Running ktrace/kdump in jail leads to stale jai o kern/120753 jail [jail] Zombie jails (jailed child process exits while o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o kern/97071 jail [jail] [patch] add security.jail.jid sysctl o kern/89989 jail [jail] [patch] Add option -I (ASCII 73) PID to specif s kern/89528 jail [jail] [patch] impossible to kill a jail o kern/84215 jail [jail] [patch] wildcard ip (INADDR_ANY) should not bin o kern/74314 jail [resolver] [jail] DNS resolver broken under certain ja o kern/72498 jail [libc] [jail] timestamp code on jailed SMP machine gen o kern/68192 jail [quotas] [jail] Cannot use quotas on jailed systems o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 12 problems total. From owner-freebsd-jail@FreeBSD.ORG Mon Nov 17 22:42:12 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9B9C81065670 for ; Mon, 17 Nov 2008 22:42:12 +0000 (UTC) (envelope-from lopez.on.the.lists@yellowspace.net) Received: from mail.yellowspace.net (mail.yellowspace.net [80.190.200.164]) by mx1.freebsd.org (Postfix) with ESMTP id 2E0168FC08 for ; Mon, 17 Nov 2008 22:42:11 +0000 (UTC) (envelope-from lopez.on.the.lists@yellowspace.net) Received: from five.intranet ([88.217.92.107]) (AUTH: LOGIN lopez.on.the.lists@yellowspace.net) by mail.yellowspace.net with esmtp; Mon, 17 Nov 2008 23:42:10 +0100 id 0035E8E7.000000004921F342.0001517B Message-Id: <3C37B5AC-FC79-4C05-A87C-7B4341DED32D@yellowspace.net> From: Lorenzo Perone To: Lorenzo Perone In-Reply-To: <2192B50F-16AE-4BC8-ACEC-6C5B99804DA0@yellowspace.net> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v929.2) Date: Mon, 17 Nov 2008 23:42:09 +0100 References: <2192B50F-16AE-4BC8-ACEC-6C5B99804DA0@yellowspace.net> X-Mailer: Apple Mail (2.929.2) Cc: freebsd-jail@freebsd.org Subject: Re: problem possibly related to multi-ip jail patch? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2008 22:42:12 -0000 sorry for posting that crap - turns out I forgot vfs.zfs.prefetch_disable="1" in loader.conf and that had the fatal consequences, which were related to zfs rather than to Bjoern's patch. the jails patch works as expected so far and turned out to be unrelated to the problems described. Regards and apologies, Lorenzo On 16.11.2008, at 05:27, Lorenzo Perone wrote: > Hi all, > > I've been experiencing problems with one of the machines running > FreeBSD 7.1-PRERELEASE #2: Thu Oct 16 20:23:09 CEST 2008 with the > multi-ip patch bz_jail7-20080920-01-at150161.diff, and I'm wondering > if it possibly related to the patch - in any case, any advice would > be very welcome. > > It happens that mysql (tried both 4.0 and 5.1, in 2 separate jails), > at some time stop responding to connections, and mysql gets stuck in > sbwait state. It is only killable with kill -9 > > each of the two mysqlds is running in a jail on one private IP, > serving connections to a webserver nearby - the latter having one > public and one private IP, communicating with the other jail via the > private network. > > I also experienced two complete system hangs (which must not be > necessarily related to the mysql problem) both during a shutdown -r > now. one was a panic, in another case the machine was still pingable > but did not shut down completely. I could only reset it over the > DRAC. here's a screenshot I made over the Dell RAC: http://lorenzo.yellowspace.net/stuck.png > > Since I'm also using zfs there and the kernel has been built with > the DTRACE options. > > any advice (also about which more details that I should/could > provide) would be very welcome... > > thanx && regards, > > > Lorenzo > > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail- > unsubscribe@freebsd.org" From owner-freebsd-jail@FreeBSD.ORG Thu Nov 20 18:25:07 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0517B106567C for ; Thu, 20 Nov 2008 18:25:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id A8C538FC0C for ; Thu, 20 Nov 2008 18:25:06 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id CF7BC41C65F; Thu, 20 Nov 2008 19:25:05 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id x4y4zJSOYNPy; Thu, 20 Nov 2008 19:25:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 71FED41C65E; Thu, 20 Nov 2008 19:25:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 7E0844448DD; Thu, 20 Nov 2008 18:23:57 +0000 (UTC) Date: Thu, 20 Nov 2008 18:23:56 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Eugene Grosbein In-Reply-To: <20081120161440.GA3537@grosbein.pp.ru> Message-ID: <20081120182035.H61259@maildrop.int.zabbadoz.net> References: <20081120161440.GA3537@grosbein.pp.ru> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org, net@freebsd.org Subject: Re: jail translates destination IP? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-jail@freebsd.org List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Nov 2008 18:25:07 -0000 On Thu, 20 Nov 2008, Eugene Grosbein wrote: Hi, freebsd-jail@ is a good place to ask jail questiosn as well. > For some strange reason, RAW sockets (when allowed) and TCP beheave > very differently in jail (7.1-PRERELEASE). In host's rc.conf: > > jail_enable="YES" > jail_list="test" > jail_devfs_enable="YES" > jail_test_rootdir="/mnt/big/jail/test" > jail_test_hostname="myname.ru" > jail_test_ip="192.168.0.1" > jail_test_interface="lo0" > > "/etc/rc.d/jail start" does all right and I may rlogin into jail. > > In host environment I run tcpdump -np -i lo0. > Inside jail I ping 127.0.0.1, it succeedes and tcpdump shows that requests > go from 192.168.0.1 to 127.0.0.1 really. But when I try to telnet 127.0.0.1 25 > from jail, tcpdump shows that TCP SYN are sent to 192.168.0.1, so telnet fails. > > There is no NAT here. It it a bug? What happens with TCP is the expected behaviour. I wonder more about the raw socket case and am not sure this is correct. jails try to "simulate" the non-existing loopback by re-writing the IPs to the jail-IP, which obviously has other implications. You should never be able to connect from inside the jail to the base systems 127.0.0.1 loopback IP. This is a known "feature" (limitation) of jails. Full network stack virtualization will no longer have that problem. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From owner-freebsd-jail@FreeBSD.ORG Fri Nov 21 12:46:41 2008 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8733C1065673; Fri, 21 Nov 2008 12:46:41 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from redbull.bpaserver.net (redbullneu.bpaserver.net [213.198.78.217]) by mx1.freebsd.org (Postfix) with ESMTP id E02F08FC0C; Fri, 21 Nov 2008 12:46:40 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (pD9E2CD96.dip.t-dialin.net [217.226.205.150]) by redbull.bpaserver.net (Postfix) with ESMTP id 67CDB2E35C; Fri, 21 Nov 2008 13:31:07 +0100 (CET) Received: from webmail.leidinger.net (webmail.leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id 8F3241364A9; Fri, 21 Nov 2008 13:31:03 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1227270663; bh=ymZYQpo5RFFM+X4zsNj/CwMcG54rHcYZI q6DBbcsX7k=; h=Message-ID:Date:From:To:Cc:Subject:MIME-Version: Content-Type:Content-Transfer-Encoding; b=MdV7gO1GJCxhAF7l3pYSa+aT Of0EBCBut7wiFf4+7SCJt5N2ZvTkXvhPSpbfG9eKBgkK8fQNnSyT8L2UEvYH2Y3A1Oy 3azFcELkmppmBdtrZ6R+TF5vADcJa7mk9V0XSvvTCJ1/Adm883ZMYy/gVJi23I26qx2 /DOcf+QZNasMyMzX1P64eOO9xjyvWw0LpLoGpELJkesxMr95pn+zQj244cXf6wagGd1 0w4f5OFtz5UuKqb/FRL/G9ikbzMb5qPxsHUus4T/weUu7DB03x36/IwQLs9mQvxLJSw IA+46MgYeQGFaqZx4maPmvPELSEHkHUV0Jvtkdb3dGcyFGsakA== Received: (from www@localhost) by webmail.leidinger.net (8.14.2/8.13.8/Submit) id mALCV31n071577; Fri, 21 Nov 2008 13:31:03 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde Framework) with HTTP; Fri, 21 Nov 2008 13:31:03 +0100 Message-ID: <20081121133103.123166twjls14360@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Fri, 21 Nov 2008 13:31:03 +0100 From: Alexander Leidinger To: jail@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (4.3) / FreeBSD-8.0 X-BPAnet-MailScanner-Information: Please contact the ISP for more information X-MailScanner-ID: 67CDB2E35C.2B6B7 X-BPAnet-MailScanner: Found to be clean X-BPAnet-MailScanner-SpamCheck: not spam, ORDB-RBL, SpamAssassin (not cached, score=-14.823, required 6, BAYES_00 -15.00, DKIM_SIGNED 0.00, DKIM_VERIFIED -0.00, RDNS_DYNAMIC 0.10, TW_FC 0.08) X-BPAnet-MailScanner-From: alexander@leidinger.net X-Spam-Status: No Cc: rpaulo@FreeBSD.org Subject: Jails & multicast? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2008 12:46:41 -0000 Hi, does someone know if multicast is supposed to work in a jail? I'm playing around with avahi (mDNS / DNS-SD) in a jail. Now that I =20 defined a lot of service descriptions for all my jails, I wanted to =20 test this and tried to browse the service descriptions via mDNS. But =20 somehow I get no output. The avahi server is in the same jail as the avahi browser. In the =20 server output I see connections from the browser, but the browser =20 hangs and does not return (-> ctrl+c to abort =3D last line in the =20 following output): ---snip--- dbus-protocol.c: interface=3Dorg.freedesktop.Avahi.Server, path=3D/, =20 member=3DGetAPIVersion dbus-protocol.c: interface=3Dorg.freedesktop.Avahi.Server, path=3D/, =20 member=3DGetState dbus-protocol.c: interface=3Dorg.freedesktop.Avahi.Server, path=3D/, =20 member=3DDomainBrowserNew dbus-protocol.c: client :1.51 vanished. ---snip--- And here some info from ifmcstat. In the jail: ---snip--- # ifmcstat dc0: inet 0.0.0.0 inet 0.0.0.0 inet 0.0.0.0 inet 0.0.0.0 inet 0.0.0.0 inet 0.0.0.0 inet 0.0.0.0 inet 0.0.0.0 inet 0.0.0.0 inet 0.0.0.0 inet 0.0.0.0 inet 0.0.0.0 inet 0.0.0.0 inet 0.0.0.0 group 224.0.0.251 igmpv2 mcast-macaddr 01:00:5e:00:00:fb refcnt 1 group 224.0.0.1 mcast-macaddr 01:00:5e:00:00:01 refcnt 1 lo0: inet 0.0.0.0 group 224.0.0.1 inet6 ::1:0:0 inet6 ::1:0:0 group ff02::202%lo0 refcnt 1 group ff01::1%lo0 refcnt 2 group ff02::2:82d1:3fc1%lo0 refcnt 2 group ff02::1%lo0 refcnt 2 group ff02::1:ff00:1%lo0 refcnt 2 ---snip--- And outside the jail: ---snip--- # ifmcstat dc0: inet 192.168.1.2 inet 192.168.1.100 inet 192.168.1.101 inet 192.168.1.102 inet 192.168.1.103 inet 192.168.1.104 inet 192.168.1.105 inet 192.168.1.106 inet 192.168.1.107 inet 192.168.1.108 inet 192.168.1.110 inet 192.168.1.111 inet 192.168.1.113 inet 192.168.1.114 group 224.0.0.251 igmpv2 mcast-macaddr 01:00:5e:00:00:fb refcnt 1 group 224.0.0.1 mcast-macaddr 01:00:5e:00:00:01 refcnt 1 lo0: inet 127.0.0.1 group 224.0.0.1 inet6 fe80::1%lo0 inet6 ::1 group ff02::202%lo0 refcnt 1 group ff01::1%lo0 refcnt 2 group ff02::2:82d1:3fc1%lo0 refcnt 2 group ff02::1%lo0 refcnt 2 group ff02::1:ff00:1%lo0 refcnt 2 ---snip--- It's the first time I play around with multicast, any hints how to =20 debug this further are welcome. Anything I need to setup so that this =20 works? I have options MROUTING in the kernel, but that's all I did =20 related to multicast. Bye, Alexander. --=20 The light at the end of the tunnel can be a helluva nuisance, especially if you're using the tunnel as a darkroom. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137 From owner-freebsd-jail@FreeBSD.ORG Fri Nov 21 20:49:00 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3F6E61065673 for ; Fri, 21 Nov 2008 20:49:00 +0000 (UTC) (envelope-from ru@freebsd.org) Received: from mail.vega.ru (infra.dev.vega.ru [90.156.167.14]) by mx1.freebsd.org (Postfix) with ESMTP id F0F9C8FC13 for ; Fri, 21 Nov 2008 20:48:59 +0000 (UTC) (envelope-from ru@freebsd.org) Received: from gw1.masterhost.ru ([87.242.97.4]:63400 helo=edoofus.dev.vega.ru) by mail.vega.ru with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1L3cY6-0009TU-CD; Fri, 21 Nov 2008 23:24:18 +0300 Date: Fri, 21 Nov 2008 23:23:17 +0300 From: Ruslan Ermilov To: "Bjoern A. Zeeb" Message-ID: <20081121202316.GB28339@edoofus.dev.vega.ru> References: <20081116101126.T61259@maildrop.int.zabbadoz.net> <20081116135929.S61259@maildrop.int.zabbadoz.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20081116135929.S61259@maildrop.int.zabbadoz.net> Cc: freebsd-jail@freebsd.org, Ruben van Staveren Subject: Re: can jail use 2 NICS? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2008 20:49:00 -0000 Hi, Have been traveling, hence long "no reply"... On Sun, Nov 16, 2008 at 02:10:35PM +0000, Bjoern A. Zeeb wrote: > So the basic idea could be to only have > jail__ip="" > jail__ip6="" > > and each of them would have a format like: > > [iface|]address[/prefix] I'd suggest [iface:] instead. > where iface and prefix are optional and prefix only makes sense if > iface is given? > > If iface is given it means configure the address with prefix to the > given interface; if prefix is not given the default would be /32 for > ipv4 and /128 for ipv6. > > So now this would give really long and complicated lines in rc.conf. > Do you think we could have something like the _alias for interface > addresses so that it would be like: > > jail__ip="" # default > jail__ip_multi0="" # second IP of the jail > jail__ip_multi1="" # third IP of the jail > jail__ip_multi2="" # 4th IP of the jail > > and similar for IPv6? > > (multi might not be the best suffix) > > Something along those lines? > > Ruslan, what do you think about something like that? We could have > that for HEAD and 7 just now and add the _multi support with the > multi-IP jail patches? Could you and Ruben work together to build > this? > I think this is a good idea. My workaround with routes I mentioned doesn't actually work, so currently we use a version from HEAD on our production servers, and the modified version of ezjail port that supports netmasks. Cheers, -- Ruslan Ermilov ru@FreeBSD.org FreeBSD committer From owner-freebsd-jail@FreeBSD.ORG Fri Nov 21 22:40:06 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5FC3A1065670; Fri, 21 Nov 2008 22:40:06 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id 13BB38FC18; Fri, 21 Nov 2008 22:40:05 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 3898541C670; Fri, 21 Nov 2008 23:40:05 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id yjYsm6eATW-7; Fri, 21 Nov 2008 23:40:04 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id BDB3541C679; Fri, 21 Nov 2008 23:40:04 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id BA3A64448DD; Fri, 21 Nov 2008 22:37:15 +0000 (UTC) Date: Fri, 21 Nov 2008 22:37:15 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Ruslan Ermilov In-Reply-To: <20081121202316.GB28339@edoofus.dev.vega.ru> Message-ID: <20081121223541.H61259@maildrop.int.zabbadoz.net> References: <20081116101126.T61259@maildrop.int.zabbadoz.net> <20081116135929.S61259@maildrop.int.zabbadoz.net> <20081121202316.GB28339@edoofus.dev.vega.ru> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@freebsd.org, Ruben van Staveren Subject: Re: can jail use 2 NICS? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2008 22:40:06 -0000 On Fri, 21 Nov 2008, Ruslan Ermilov wrote: Hi, > Have been traveling, hence long "no reply"... > > On Sun, Nov 16, 2008 at 02:10:35PM +0000, Bjoern A. Zeeb wrote: >> So the basic idea could be to only have >> jail__ip="" >> jail__ip6="" >> >> and each of them would have a format like: >> >> [iface|]address[/prefix] > > I'd suggest [iface:] instead. be aware that : might be problematic to parse from shell with IPv6 addresses as it would either be: bge0:2001:db8::1 or just 2001:db8::1 >> where iface and prefix are optional and prefix only makes sense if >> iface is given? >> >> If iface is given it means configure the address with prefix to the >> given interface; if prefix is not given the default would be /32 for >> ipv4 and /128 for ipv6. >> >> So now this would give really long and complicated lines in rc.conf. >> Do you think we could have something like the _alias for interface >> addresses so that it would be like: >> >> jail__ip="" # default >> jail__ip_multi0="" # second IP of the jail >> jail__ip_multi1="" # third IP of the jail >> jail__ip_multi2="" # 4th IP of the jail >> >> and similar for IPv6? >> >> (multi might not be the best suffix) >> >> Something along those lines? >> >> Ruslan, what do you think about something like that? We could have >> that for HEAD and 7 just now and add the _multi support with the >> multi-IP jail patches? Could you and Ruben work together to build >> this? >> > I think this is a good idea. My workaround with routes > I mentioned doesn't actually work, so currently we use > a version from HEAD on our production servers, and the > modified version of ezjail port that supports netmasks. Sounds like a plan then. Thanks a lot. /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. From owner-freebsd-jail@FreeBSD.ORG Sat Nov 22 01:24:32 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1FB0A1065670; Sat, 22 Nov 2008 01:24:32 +0000 (UTC) (envelope-from ruben@verweg.com) Received: from erg.verweg.com (unknown [IPv6:2001:980:fff:96::c0a8:181]) by mx1.freebsd.org (Postfix) with ESMTP id 86AB08FC14; Sat, 22 Nov 2008 01:24:31 +0000 (UTC) (envelope-from ruben@verweg.com) Received: from neon.niet.verweg.com (helium.xs4all.nl [194.109.251.55]) (authenticated bits=0) by erg.verweg.com (8.14.3/8.14.3) with ESMTP id mAM1O0pb050222 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Sat, 22 Nov 2008 01:24:01 GMT (envelope-from ruben@verweg.com) X-Authentication-Warning: erg.verweg.com: Host helium.xs4all.nl [194.109.251.55] claimed to be neon.niet.verweg.com Message-Id: <7CE62E42-B1C2-4D4E-860B-C4F2F5849ABE@verweg.com> From: Ruben van Staveren To: Ruslan Ermilov In-Reply-To: <20081121202316.GB28339@edoofus.dev.vega.ru> Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-27--98242926" Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v929.2) Date: Sat, 22 Nov 2008 02:24:19 +0100 References: <20081116101126.T61259@maildrop.int.zabbadoz.net> <20081116135929.S61259@maildrop.int.zabbadoz.net> <20081121202316.GB28339@edoofus.dev.vega.ru> X-Pgp-Agent: GPGMail d52 (v52, Leopard) X-Mailer: Apple Mail (2.929.2) X-Spam-Status: No, score=3.9 required=5.0 tests=DATE_IN_FUTURE_96_XX, SPF_PASS autolearn=no version=3.2.5 X-Spam-Level: *** X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on erg.verweg.com X-Virus-Scanned: ClamAV 0.94.1/8661/Fri Nov 21 15:39:30 2008 on erg.verweg.com X-Virus-Status: Clean X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1 (erg.verweg.com [192.168.1.129]); Sat, 22 Nov 2008 01:24:06 +0000 (UTC) Cc: "Bjoern A. Zeeb" , freebsd-jail@freebsd.org Subject: Re: can jail use 2 NICS? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2008 01:24:32 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-27--98242926 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Hi, On 21 Nov 2008, at 21:23, Ruslan Ermilov wrote: > Hi, > > Have been traveling, hence long "no reply"... > > On Sun, Nov 16, 2008 at 02:10:35PM +0000, Bjoern A. Zeeb wrote: >> So the basic idea could be to only have >> jail__ip="" >> jail__ip6="" >> >> and each of them would have a format like: >> >> [iface|]address[/prefix] > > I'd suggest [iface:] instead. This will get a bit ambiguous when IPv6 addresses are used... >> where iface and prefix are optional and prefix only makes sense if >> iface is given? >> >> If iface is given it means configure the address with prefix to the >> given interface; if prefix is not given the default would be /32 for >> ipv4 and /128 for ipv6. Yes, and I prefer the prefix notation above the subnet mask one. Related, I still need to look at ifconfig canonicalizing stuff like 2001:888:1029::192.168.1.129 before operating on the interface structure. This helps in ifconfig delete 2001:888:1029::192.168.1.129 currently this does not work because on ifconfig up the value is converted to 2001:888:1029::c0a8:181 >> So now this would give really long and complicated lines in rc.conf. >> Do you think we could have something like the _alias for interface >> addresses so that it would be like: >> >> jail__ip="" # default >> jail__ip_multi0="" # second IP of the jail >> jail__ip_multi1="" # third IP of the jail >> jail__ip_multi2="" # 4th IP of the jail >> >> and similar for IPv6? >> >> (multi might not be the best suffix) >> >> Something along those lines? From a user point of view, it will make a messy configuration. it might be more preferable then to have something in the order of jail "" { iface prefix addr [] [/] addr [] [/] ... } For Bjoern I think something like this in an /etc/jail.conf will mark a clear separation between rc.conf and jail management ? >> Ruslan, what do you think about something like that? We could have >> that for HEAD and 7 just now and add the _multi support with the >> multi-IP jail patches? Could you and Ruben work together to build >> this? >> > I think this is a good idea. My workaround with routes > I mentioned doesn't actually work, so currently we use > a version from HEAD on our production servers, and the > modified version of ezjail port that supports netmasks. The route thing, is that the setfib configuration from HEAD ? > > Cheers, > -- > Ruslan Ermilov > ru@FreeBSD.org > FreeBSD committer Regards, Ruben --Apple-Mail-27--98242926 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) iD8DBQFJJ19EZ88+mcQxRw0RAvuIAJ0ak9RtTpZF4Tx0QTpGLJE4QJ8rqwCeO2yJ SDpUKkbItqVrG2OGDBPAUdM= =MoUk -----END PGP SIGNATURE----- --Apple-Mail-27--98242926--