From owner-freebsd-virtualization@FreeBSD.ORG Sun Dec 12 01:50:02 2010 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B63B0106567A for ; Sun, 12 Dec 2010 01:50:02 +0000 (UTC) (envelope-from wjphilli@mac.com) Received: from asmtpout026.mac.com (asmtpout026.mac.com [17.148.16.101]) by mx1.freebsd.org (Postfix) with ESMTP id 9A3CE8FC12 for ; Sun, 12 Dec 2010 01:50:02 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; charset=us-ascii Received: from macbookp.home (blk-89-213-137.eastlink.ca [24.89.213.137]) by asmtp026.mac.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 64bit)) with ESMTPA id <0LDA006NTIAC2610@asmtp026.mac.com> for freebsd-virtualization@freebsd.org; Sat, 11 Dec 2010 16:49:35 -0800 (PST) X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=1 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=6.0.2-1010190000 definitions=main-1012110152 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.2.15,1.0.148,0.0.0000 definitions=2010-12-11_08:2010-12-10, 2010-12-11, 1970-01-01 signatures=0 From: William Phillips Date: Sat, 11 Dec 2010 20:49:23 -0400 Message-id: <31F97B5E-20FF-402D-B951-F6DB75B1BD88@mac.com> To: freebsd-virtualization@freebsd.org X-Mailer: Apple Mail (2.1082) Subject: ng_iface problems with VIMAGE X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Dec 2010 01:50:02 -0000 Hello: The following script creates a point-to-point link between jails. #!/bin/sh # script to create two vnet jails and connect them via ng_iface interfaces # create two vnet jails jail -c vnet name=node0 host.hostname=node0 path=/ persist jexec node0 ifconfig lo0 localhost jail -c vnet name=node1 host.hostname=node1 path=/ persist jexec node1 ifconfig lo0 localhost # create two ng_ifaces and connect them in netgraph ngctl mkpeer . iface hook inet ngctl mkpeer ng0: iface inet inet # move the corresponding interfaces into the jails ifconfig ng0 vnet node0 ifconfig ng1 vnet node1 # configure the interfaces in the jails jexec node0 ifconfig ng0 192.168.10.1 192.168.10.2 jexec node1 ifconfig ng1 192.168.10.2 192.168.10.1 # end of script When I try to ping node1 from node0 the echo request appears on ng1 according to tcpdump on node1 but node1 does not generate an echo reply. Here is the output generated on each jail. [root@gateway /home/phillips]# jexec node0 ping -c1 192.168.10.2 PING 192.168.10.2 (192.168.10.2): 56 data bytes --- 192.168.10.2 ping statistics --- 1 packets transmitted, 0 packets received, 100.0% packet loss [root@gateway /home/phillips]# jexec node1 tcpdump -n -i ng1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ng1, link-type NULL (BSD loopback), capture size 96 bytes 20:31:38.509494 IP 192.168.10.1 > 192.168.10.2: ICMP echo request, id 55300, seq 0, length 64 This is for FreeBSD8.1 with kernel config GENERIC with the following changes: #options SCTP # Stream Control Transmission Protocol options VIMAGE options IPFIREWALL #firewall options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default options MROUTING # Multicast routing Bill Phillips From owner-freebsd-virtualization@FreeBSD.ORG Sun Dec 12 02:45:02 2010 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BB9861065670 for ; Sun, 12 Dec 2010 02:45:02 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from out-0.mx.aerioconnect.net (outl.internet-mail-service.net [216.240.47.235]) by mx1.freebsd.org (Postfix) with ESMTP id 9932F8FC0C for ; Sun, 12 Dec 2010 02:45:02 +0000 (UTC) Received: from idiom.com (postfix@mx0.idiom.com [216.240.32.160]) by out-0.mx.aerioconnect.net (8.13.8/8.13.8) with ESMTP id oBC2VOIk007815; Sat, 11 Dec 2010 18:31:24 -0800 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id E27642D6014; Sat, 11 Dec 2010 18:31:23 -0800 (PST) Message-ID: <4D0433F9.20803@freebsd.org> Date: Sat, 11 Dec 2010 18:31:21 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6 MIME-Version: 1.0 To: William Phillips References: <31F97B5E-20FF-402D-B951-F6DB75B1BD88@mac.com> In-Reply-To: <31F97B5E-20FF-402D-B951-F6DB75B1BD88@mac.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.67 on 216.240.47.51 Cc: freebsd-virtualization@freebsd.org Subject: Re: ng_iface problems with VIMAGE X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Dec 2010 02:45:02 -0000 On 12/11/10 4:49 PM, William Phillips wrote: > Hello: > > The following script creates a point-to-point link between jails. I will admit that I don't remember ever actually connecting two ng_iface nodes directly to each other. Having said htat there the epair(4) driver which is specifically designed to do this. and you may have more luck with that. Also ng_iface nodes are more usually used with a ng_bridge or similar node. for an example look at the two example files in -current (9.x) in /share/examples/netgraph http://svn.freebsd.org/viewvc/base/head/share/examples/netgraph/virtual.chain?view=markup http://svn.freebsd.org/viewvc/base/head/share/examples/netgraph/virtual.lan?view=markup I should move these to 8 soon I guess. > #!/bin/sh > > # script to create two vnet jails and connect them via ng_iface interfaces > > # create two vnet jails > jail -c vnet name=node0 host.hostname=node0 path=/ persist > jexec node0 ifconfig lo0 localhost > > jail -c vnet name=node1 host.hostname=node1 path=/ persist > jexec node1 ifconfig lo0 localhost > > # create two ng_ifaces and connect them in netgraph > ngctl mkpeer . iface hook inet > ngctl mkpeer ng0: iface inet inet > > # move the corresponding interfaces into the jails > ifconfig ng0 vnet node0 > ifconfig ng1 vnet node1 > > # configure the interfaces in the jails > jexec node0 ifconfig ng0 192.168.10.1 192.168.10.2 > jexec node1 ifconfig ng1 192.168.10.2 192.168.10.1 > > # end of script > > When I try to ping node1 from node0 the echo request appears on ng1 according to tcpdump on node1 but node1 does not generate an echo reply. Here is the output generated on each jail. > > [root@gateway /home/phillips]# jexec node0 ping -c1 192.168.10.2 > PING 192.168.10.2 (192.168.10.2): 56 data bytes > > --- 192.168.10.2 ping statistics --- > 1 packets transmitted, 0 packets received, 100.0% packet loss > > > [root@gateway /home/phillips]# jexec node1 tcpdump -n -i ng1 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on ng1, link-type NULL (BSD loopback), capture size 96 bytes > 20:31:38.509494 IP 192.168.10.1> 192.168.10.2: ICMP echo request, id 55300, seq 0, length 64 > > > This is for FreeBSD8.1 with kernel config GENERIC with the following changes: > > #options SCTP # Stream Control Transmission Protocol > > options VIMAGE > options IPFIREWALL #firewall > options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default > options MROUTING # Multicast routing > > > Bill Phillips > > _______________________________________________ > freebsd-virtualization@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization > To unsubscribe, send any mail to "freebsd-virtualization-unsubscribe@freebsd.org" > From owner-freebsd-virtualization@FreeBSD.ORG Sun Dec 12 02:45:33 2010 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C35F6106566B for ; Sun, 12 Dec 2010 02:45:33 +0000 (UTC) (envelope-from wjphilli@mac.com) Received: from asmtpout023.mac.com (asmtpout023.mac.com [17.148.16.98]) by mx1.freebsd.org (Postfix) with ESMTP id A8FF28FC1D for ; Sun, 12 Dec 2010 02:45:33 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; charset=us-ascii Received: from macbookp.home (blk-89-213-137.eastlink.ca [24.89.213.137]) by asmtp023.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTPA id <0LDA00G9INNNDQ50@asmtp023.mac.com>; Sat, 11 Dec 2010 18:45:33 -0800 (PST) X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=2 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=6.0.2-1010190000 definitions=main-1012110161 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.2.15,1.0.148,0.0.0000 definitions=2010-12-11_08:2010-12-10, 2010-12-11, 1970-01-01 signatures=0 From: William Phillips In-reply-to: <4D0433F9.20803@freebsd.org> Date: Sat, 11 Dec 2010 22:45:22 -0400 Message-id: References: <31F97B5E-20FF-402D-B951-F6DB75B1BD88@mac.com> <4D0433F9.20803@freebsd.org> To: Julian Elischer X-Mailer: Apple Mail (2.1082) Cc: freebsd-virtualization@freebsd.org Subject: Re: ng_iface problems with VIMAGE X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Dec 2010 02:45:33 -0000 Hello: Thanks for the quick reply. I generally use what you mention below to build the network at layer 2 then move all the interfaces into the various jails. Everything works fine with ng_hub or ng_bridge and ng_eiface but I decided to try a point-to-point connection which use to work in the vimage days (FreeBSD 4.11) and found that it doesn't work with vnet jails. Bill Phillips On 2010-12-11, at 10:31 PM, Julian Elischer wrote: > On 12/11/10 4:49 PM, William Phillips wrote: >> Hello: >> >> The following script creates a point-to-point link between jails. > > I will admit that I don't remember ever actually connecting > two ng_iface nodes directly to each other. > > Having said htat there the epair(4) driver which is specifically designed to do this. > and you may have more luck with that. > Also ng_iface nodes are more usually used with a ng_bridge or similar node. > > for an example look at the two example files in -current (9.x) > in /share/examples/netgraph > > http://svn.freebsd.org/viewvc/base/head/share/examples/netgraph/virtual.chain?view=markup > http://svn.freebsd.org/viewvc/base/head/share/examples/netgraph/virtual.lan?view=markup > > I should move these to 8 soon I guess. > > >> #!/bin/sh >> >> # script to create two vnet jails and connect them via ng_iface interfaces >> >> # create two vnet jails >> jail -c vnet name=node0 host.hostname=node0 path=/ persist >> jexec node0 ifconfig lo0 localhost >> >> jail -c vnet name=node1 host.hostname=node1 path=/ persist >> jexec node1 ifconfig lo0 localhost >> >> # create two ng_ifaces and connect them in netgraph >> ngctl mkpeer . iface hook inet >> ngctl mkpeer ng0: iface inet inet >> >> # move the corresponding interfaces into the jails >> ifconfig ng0 vnet node0 >> ifconfig ng1 vnet node1 >> >> # configure the interfaces in the jails >> jexec node0 ifconfig ng0 192.168.10.1 192.168.10.2 >> jexec node1 ifconfig ng1 192.168.10.2 192.168.10.1 >> >> # end of script >> >> When I try to ping node1 from node0 the echo request appears on ng1 according to tcpdump on node1 but node1 does not generate an echo reply. Here is the output generated on each jail. >> >> [root@gateway /home/phillips]# jexec node0 ping -c1 192.168.10.2 >> PING 192.168.10.2 (192.168.10.2): 56 data bytes >> >> --- 192.168.10.2 ping statistics --- >> 1 packets transmitted, 0 packets received, 100.0% packet loss >> >> >> [root@gateway /home/phillips]# jexec node1 tcpdump -n -i ng1 >> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode >> listening on ng1, link-type NULL (BSD loopback), capture size 96 bytes >> 20:31:38.509494 IP 192.168.10.1> 192.168.10.2: ICMP echo request, id 55300, seq 0, length 64 >> >> >> This is for FreeBSD8.1 with kernel config GENERIC with the following changes: >> >> #options SCTP # Stream Control Transmission Protocol >> >> options VIMAGE >> options IPFIREWALL #firewall >> options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default >> options MROUTING # Multicast routing >> >> >> Bill Phillips >> >> _______________________________________________ >> freebsd-virtualization@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization >> To unsubscribe, send any mail to "freebsd-virtualization-unsubscribe@freebsd.org" >> > From owner-freebsd-virtualization@FreeBSD.ORG Mon Dec 13 11:08:32 2010 Return-Path: Delivered-To: freebsd-virtualization@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3FCF410657C6 for ; Mon, 13 Dec 2010 11:08:32 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 2CB838FC22 for ; Mon, 13 Dec 2010 11:08:32 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oBDB8WZK045675 for ; Mon, 13 Dec 2010 11:08:32 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oBDB8VOq045672 for freebsd-virtualization@FreeBSD.org; Mon, 13 Dec 2010 11:08:31 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 13 Dec 2010 11:08:31 GMT Message-Id: <201012131108.oBDB8VOq045672@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-virtualization@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-virtualization@FreeBSD.org X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 11:08:32 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/152047 virtualization[vimage] [panic] TUN\TAP under jail with vimage crashe o kern/148155 virtualization[vimage] Kernel panic with PF/IPFilter + VIMAGE kernel a kern/147950 virtualization[vimage] [carp] VIMAGE + CARP = kernel crash s kern/143808 virtualization[pf] pf does not work inside jail a kern/141696 virtualization[rum] [panic] rum(4)+ vimage = kernel panic 5 problems total.