From owner-freebsd-jail@freebsd.org Wed May 18 18:38:50 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C0FB9B40737 for ; Wed, 18 May 2016 18:38:50 +0000 (UTC) (envelope-from list1@gjunka.com) Received: from msa1.earth.yoonka.com (yoonka.com [185.24.122.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "msa1.earth.yoonka.com", Issuer "msa1.earth.yoonka.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 777F11CD3 for ; Wed, 18 May 2016 18:38:49 +0000 (UTC) (envelope-from list1@gjunka.com) Received: from crayon2.yoonka.com (crayon2.yoonka.com [192.168.1.20]) (authenticated bits=0) by msa1.earth.yoonka.com (8.15.2/8.15.2) with ESMTPSA id u4IIclvf043323 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Wed, 18 May 2016 18:38:47 GMT (envelope-from list1@gjunka.com) Subject: Re: netstat -rn in jail doesn't work To: freebsd-jail@freebsd.org References: <87302b92-dcae-0ed2-92e2-0c29779c0fd3@gjunka.com> <573CB46A.6040308@quip.cz> From: Grzegorz Junka Message-ID: Date: Wed, 18 May 2016 18:38:47 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 MIME-Version: 1.0 In-Reply-To: <573CB46A.6040308@quip.cz> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2016 18:38:50 -0000 OK, thanks, so it looks like it doesn't prevent the jail from working correctly, it's just the reporting that's broken. Grzegorz On 18/05/2016 18:28, Miroslav Lachman wrote: > Grzegorz Junka wrote on 05/18/2016 18:37: >> What may be the reason that netstat -rn works in one jail and doesn't in >> another? >> >> root@app2:/ # netstat -rn >> Routing tables >> >> Internet: >> Destination Gateway Flags Netif Expire >> 192.168.1.76 link#4 UHS lo0 >> >> >> root@pjp1:/ # netstat -rn >> netstat: kvm not available: /dev/mem: No such file or directory >> Routing tables >> rt_tables: symbol not in namelist > > I don't know the reason but I can confirm this behavior. I know about > this for a long time. Netstat complains about /dev/mem for some other > params too even if it outputs correct values for example for opened > tcp connections: > > /# netstat -s -p tcp > netstat: kvm not available: /dev/mem: No such file or directory > tcp: > 1517892073 packets sent > 1453939900 data packets (2274781047202 bytes) > 759536 data packets (929141944 bytes) retransmitted > 59175 data packets unnecessarily retransmitted > 0 resends initiated by MTU discovery > 51907865 ack-only packets (26667901 delayed) > 0 URG only packets > 267 window probe packets > 795506 window update packets > 10493883 control packets > 1487401217 packets received > 1417951529 acks (for 2273802396874 bytes) > 7502860 duplicate acks > 38600 acks for unsent data > 1368386110 packets (2153255668968 bytes) received > in-sequence > 222423 completely duplicate packets (39239815 bytes) > 11980 old duplicate packets > 221 packets with some dup. data (94160 bytes duped) > 35171 out-of-order packets (15770219 bytes) > 21 packets (11 bytes) of data after window > 11 window probes > 1863690 window update packets > 1642030 packets received after close > 281 discarded for bad checksums > 0 discarded for bad header offset fields > 0 discarded because packet too short > 87 discarded due to memory problems > 2448384 connection requests > 7800552 connection accepts > 0 bad connection attempts > 109 listen queue overflows > 339306 ignored RSTs in the windows > 10221160 connections established (including accepts) > 10554092 connections closed (including 1990441 drops) > 5674590 connections updated cached RTT on close > 5677848 connections updated cached RTT variance on close > 1583021 connections updated cached ssthresh on close > 10125 embryonic connections dropped > 1405786035 segments updated rtt (of 1374995187 attempts) > 404689 retransmit timeouts > 1681 connections dropped by rexmit timeout > 608 persist timeouts > 0 connections dropped by persist timeout > 0 Connections (fin_wait_2) dropped because of timeout > 12388 keepalive timeouts > 11896 keepalive probes sent > 492 connections dropped by keepalive > 38184853 correct ACK header predictions > 46419366 correct data packet header predictions > 7826351 syncache entries added > 45759 retransmitted > 55797 dupsyn > 84 dropped > 7800552 completed > 40 bucket overflow > 0 cache overflow > 19220 reset > 7941 stale > 109 aborted > 0 badack > 230 unreach > 0 zone failures > 7826435 cookies sent > 1784 cookies received > 212203 hostcache entries added > 28 bucket overflow > 104273 SACK recovery episodes > 242234 segment rexmits in SACK recovery episodes > 303575028 byte rexmits in SACK recovery episodes > 1538523 SACK options (SACK blocks) received > 12421 SACK options (SACK blocks) sent > 114 SACK scoreboard overflow > 0 packets with ECN CE bit set > 0 packets with ECN ECT(0) bit set > 0 packets with ECN ECT(1) bit set > 0 successful ECN handshakes > 0 times ECN reduced the congestion window > 0 packets with valid tcp-md5 signature received > 0 packets with invalid tcp-md5 signature received > 0 packets with tcp-md5 signature mismatch > 0 packets with unexpected tcp-md5 signature received > 0 packets without expected tcp-md5 signature received > > > I tried netstat -rn in all 8 jails on our test machine. 4 of them > works, the other 4 don't work. > > netstat -rn doesn't work in those jail which are older than host > environment > > netstat -s -p tcp prints error message even in the newest jails: > netstat: kvm not available: /dev/mem: No such file or directory > > > Miroslav Lachman >