From owner-freebsd-jail@FreeBSD.ORG Sat Apr 18 12:37:00 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A42F08E9 for ; Sat, 18 Apr 2015 12:37:00 +0000 (UTC) Received: from smtp.free.de (smtp.free.de [91.204.6.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 10419947 for ; Sat, 18 Apr 2015 12:36:59 +0000 (UTC) Received: (qmail 47390 invoked from network); 18 Apr 2015 14:30:15 +0200 Received: from smtp.free.de (HELO [192.168.178.21]) (k@free.de@[91.204.4.103]) (envelope-sender ) by smtp.free.de (qmail-ldap-1.03) with AES128-SHA encrypted SMTP for ; 18 Apr 2015 14:30:15 +0200 Message-ID: <55324E55.1000805@free.de> Date: Sat, 18 Apr 2015 14:30:13 +0200 From: Kai Gallasch Organization: FREE! User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: IPFW2 logging inside VIMAGE Jails? Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="iwhbTEDpuWldV8oAMQ2XavaN95PxssGMq" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Apr 2015 12:37:00 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --iwhbTEDpuWldV8oAMQ2XavaN95PxssGMq Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi. Is it possible at all to log actions of the IPFW2 firewall inside a running VIMAGE jail to the jail's syslog? I'm asking, because I see no firewall log entries inside the jail's /var/log/security log. What I find is, that log messages of jails with active IPFW rules are only logged on the jailhost (/var/log/security) - out of reach of any local jail admins.. My kernel is built without firewall support. The ipfw.ko is loaded dynamically when the server starts. No PF firewall is in use. - FreeBSD 10.1-RELEASE-p9 - /dev/bpf available inside jails - firewall logging enabled on the jailhost and also inside the jail I found https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D178482 (2 years old, FreeBSD 9.1 related) Cheers, Kai. --=20 PGP-KeyID =3D 0x70654D7C4FB1F588 --iwhbTEDpuWldV8oAMQ2XavaN95PxssGMq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVMk5VAAoJEHBlTXxPsfWIP50P/RdEDQxbU5jXlyn+T9oNqh/F kaIAa1fLT7C6I1k54nGGWfC028t+FreqgKYa05y4Ywb4MBtm0Jh++pZZ8yt7JNj0 KX7cJO2ERDWLQDjArGhtjB+Zi56rucAPxVjHmzazNQPpHBhZN9j+WhNJCOKexabX ZdjWb5VqTFx1hc0P8tBee/Pnt+YJxwcWfpx1hA9UwJHtbI/S/0wu++gvKLpMh2jq CK2KQyYylDPYSm9cW7GQjdCsT3ulEhUO5xZp9VYCSvl862USV3Hsp7xzBpn9a2Vi r0eYIE0A+BnQtCZBZ92gDsUBIsChwTCeF1zPdyvYDpZmca5jhFFYMdSNpD07MyzD ihrXwfN4W9Q8HLilWkanxk7aiq86bKUHglAhskxNGOnHeZao/E7RyGYfEa2sTitx da4nImHP+ctJTDYHCImaB/TRJow+XSyn2rcLLaP0LUGkWvlW/+iOJiYLPvVuULDZ YWqMrv7Njm+MQuSjhs6Sr5sZuY72G//HUc5pHQS6ETPjnVuROR8iwu/SxAFhvHnj OFzrKx0lNNGW396yvqz1qcQpnYMhPP7aBC3bUG9CXf+jj/5wTXTZptvvV9EgIaki CkkI/YwYG9auw4SdKKExrohcCbkqksLipn8okPhgPA2vfdK+uAZY9frS+TDXoMeq FxBCjGr3OfJ9na0EbBTL =nYnO -----END PGP SIGNATURE----- --iwhbTEDpuWldV8oAMQ2XavaN95PxssGMq-- From owner-freebsd-jail@FreeBSD.ORG Sat Apr 18 15:35:37 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 06F95CFD for ; Sat, 18 Apr 2015 15:35:37 +0000 (UTC) Received: from BLU004-OMC3S22.hotmail.com (blu004-omc3s22.hotmail.com [65.55.116.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "*.outlook.com", Issuer "MSIT Machine Auth CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B8F4DC60 for ; Sat, 18 Apr 2015 15:35:36 +0000 (UTC) Received: from BLU403-EAS181 ([65.55.116.72]) by BLU004-OMC3S22.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751); Sat, 18 Apr 2015 08:34:29 -0700 X-TMN: [vAerE+pm5Ma+9tA5f60MmuJOD6tHwRMs] X-Originating-Email: [freekai@outlook.com] Message-ID: From: freekai To: Subject: Create Jail fail by c language Date: Sat, 18 Apr 2015 23:34:21 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 15.0 Thread-Index: AdB57Btoeh6pGnvYTyG782ByiLD25w== Content-Language: zh-cn X-OriginalArrivalTime: 18 Apr 2015 15:34:29.0352 (UTC) FILETIME=[28DCE680:01D079ED] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Apr 2015 15:35:37 -0000 This is My Code: 1 #include 2 #include 3 #include 4 #include 5 #include 6=20 7 int main() 8 { 9 int jid; 10 struct jail j; 11 struct in_addr ip4; 12 const char *cp=3D"192.168.1.10"; 13=20 14 j.version=3DJAIL_API_VERSION; 15 j.path=3D"/home/mk/jail"; 16 j.hostname=3D"testJail"; 17 j.jailname=3D"test"; 18 j.ip4s=3Dinet_addr(cp); 19 j.ip6s=3D0; 20=20 21 if(1!=3Dinet_aton(cp,&ip4)) 22 printf("the address is invalid\r\n"); 23=20 24 j.ip4=3D&ip4; 25 j.ip6=3DNULL; 26=20 27 jid=3Djail(&j); 28=20 29 switch(errno){ 30 case EPERM: 31 printf("eperm\r\n"); 32 break; 33 case EFAULT: 34 printf("efault\r\n"); 35 break; 36 case EINVAL: 37 printf("einval\r\n"); 38 break; 39=20 40 case EAGAIN: 41 printf("eagain\r\n"); 42 } 47 return 0; 48 } The problem is it will print `einval`,it means `The version number of = the argument is not correct.` How to solve it? From owner-freebsd-jail@FreeBSD.ORG Sat Apr 18 21:28:50 2015 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2C4E476E for ; Sat, 18 Apr 2015 21:28:50 +0000 (UTC) Received: from elektropost.org (elektropost.org [217.115.13.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 72761393 for ; Sat, 18 Apr 2015 21:28:48 +0000 (UTC) Received: (qmail 1416 invoked from network); 18 Apr 2015 21:23:34 -0000 Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org) by elektropost.org with ESMTPS (DHE-RSA-AES128-SHA encrypted); 18 Apr 2015 21:23:34 -0000 Message-ID: <5532CB4A.5030703@erdgeist.org> Date: Sat, 18 Apr 2015 23:23:22 +0200 From: Dirk Engling User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: freekai , freebsd-jail@freebsd.org Subject: Re: Create Jail fail by c language References: In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Apr 2015 21:28:50 -0000 On 18.04.15 17:34, freekai wrote: > 18 j.ip4s=inet_addr(cp); >From the man page: > The “ip4s” and “ip6s” give the numbers of IPv4 and IPv6 addresses > that will be passed via their respective pointers. so it should rather read: > 18 j.ip4s=1; > 19 j.ip6s=0; > 20 > 21 if(1!=inet_aton(cp,&ip4)) > 22 printf("the address is invalid\r\n"); > 23 > 24 j.ip4=&ip4; > The problem is it will print `einval`,it means `The version number of the argument is not correct.` > How to solve it? Also, the man pages states several other reasons for the EINVAL return code (scroll further down), one of them being [EINVAL] A supplied parameter is the wrong size. Regards erdgeist