From owner-freebsd-jail@freebsd.org Wed May 18 18:29:09 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BDD39B40421 for ; Wed, 18 May 2016 18:29:09 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5390816BF for ; Wed, 18 May 2016 18:29:08 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 3EA1128416; Wed, 18 May 2016 20:29:00 +0200 (CEST) Received: from illbsd.quip.test (ip-86-49-16-209.net.upcbroadband.cz [86.49.16.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id C0D4A28412; Wed, 18 May 2016 20:28:58 +0200 (CEST) Message-ID: <573CB46A.6040308@quip.cz> Date: Wed, 18 May 2016 20:28:58 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:35.0) Gecko/20100101 Firefox/35.0 SeaMonkey/2.32 MIME-Version: 1.0 To: Grzegorz Junka , freebsd-jail@freebsd.org Subject: Re: netstat -rn in jail doesn't work References: <87302b92-dcae-0ed2-92e2-0c29779c0fd3@gjunka.com> In-Reply-To: <87302b92-dcae-0ed2-92e2-0c29779c0fd3@gjunka.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2016 18:29:09 -0000 Grzegorz Junka wrote on 05/18/2016 18:37: > What may be the reason that netstat -rn works in one jail and doesn't in > another? > > root@app2:/ # netstat -rn > Routing tables > > Internet: > Destination Gateway Flags Netif Expire > 192.168.1.76 link#4 UHS lo0 > > > root@pjp1:/ # netstat -rn > netstat: kvm not available: /dev/mem: No such file or directory > Routing tables > rt_tables: symbol not in namelist I don't know the reason but I can confirm this behavior. I know about this for a long time. Netstat complains about /dev/mem for some other params too even if it outputs correct values for example for opened tcp connections: /# netstat -s -p tcp netstat: kvm not available: /dev/mem: No such file or directory tcp: 1517892073 packets sent 1453939900 data packets (2274781047202 bytes) 759536 data packets (929141944 bytes) retransmitted 59175 data packets unnecessarily retransmitted 0 resends initiated by MTU discovery 51907865 ack-only packets (26667901 delayed) 0 URG only packets 267 window probe packets 795506 window update packets 10493883 control packets 1487401217 packets received 1417951529 acks (for 2273802396874 bytes) 7502860 duplicate acks 38600 acks for unsent data 1368386110 packets (2153255668968 bytes) received in-sequence 222423 completely duplicate packets (39239815 bytes) 11980 old duplicate packets 221 packets with some dup. data (94160 bytes duped) 35171 out-of-order packets (15770219 bytes) 21 packets (11 bytes) of data after window 11 window probes 1863690 window update packets 1642030 packets received after close 281 discarded for bad checksums 0 discarded for bad header offset fields 0 discarded because packet too short 87 discarded due to memory problems 2448384 connection requests 7800552 connection accepts 0 bad connection attempts 109 listen queue overflows 339306 ignored RSTs in the windows 10221160 connections established (including accepts) 10554092 connections closed (including 1990441 drops) 5674590 connections updated cached RTT on close 5677848 connections updated cached RTT variance on close 1583021 connections updated cached ssthresh on close 10125 embryonic connections dropped 1405786035 segments updated rtt (of 1374995187 attempts) 404689 retransmit timeouts 1681 connections dropped by rexmit timeout 608 persist timeouts 0 connections dropped by persist timeout 0 Connections (fin_wait_2) dropped because of timeout 12388 keepalive timeouts 11896 keepalive probes sent 492 connections dropped by keepalive 38184853 correct ACK header predictions 46419366 correct data packet header predictions 7826351 syncache entries added 45759 retransmitted 55797 dupsyn 84 dropped 7800552 completed 40 bucket overflow 0 cache overflow 19220 reset 7941 stale 109 aborted 0 badack 230 unreach 0 zone failures 7826435 cookies sent 1784 cookies received 212203 hostcache entries added 28 bucket overflow 104273 SACK recovery episodes 242234 segment rexmits in SACK recovery episodes 303575028 byte rexmits in SACK recovery episodes 1538523 SACK options (SACK blocks) received 12421 SACK options (SACK blocks) sent 114 SACK scoreboard overflow 0 packets with ECN CE bit set 0 packets with ECN ECT(0) bit set 0 packets with ECN ECT(1) bit set 0 successful ECN handshakes 0 times ECN reduced the congestion window 0 packets with valid tcp-md5 signature received 0 packets with invalid tcp-md5 signature received 0 packets with tcp-md5 signature mismatch 0 packets with unexpected tcp-md5 signature received 0 packets without expected tcp-md5 signature received I tried netstat -rn in all 8 jails on our test machine. 4 of them works, the other 4 don't work. netstat -rn doesn't work in those jail which are older than host environment netstat -s -p tcp prints error message even in the newest jails: netstat: kvm not available: /dev/mem: No such file or directory Miroslav Lachman