From owner-freebsd-virtualization@FreeBSD.ORG Sun Oct 4 10:00:30 2009 Return-Path: Delivered-To: virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E0304106568D for ; Sun, 4 Oct 2009 10:00:30 +0000 (UTC) (envelope-from nvass9573@gmx.com) Received: from mail.gmx.com (unknown [213.165.64.42]) by mx1.freebsd.org (Postfix) with SMTP id 376478FC1C for ; Sun, 4 Oct 2009 10:00:30 +0000 (UTC) Received: (qmail invoked by alias); 04 Oct 2009 10:00:27 -0000 Received: from adsl-199.91.140.66.tellas.gr (EHLO [169.254.0.102]) [91.140.66.199] by mail.gmx.com (mp-eu001) with SMTP; 04 Oct 2009 12:00:27 +0200 X-Authenticated: #46156728 X-Provags-ID: V01U2FsdGVkX19vgYBslj9vAeFcx7QWyrvArJU9ywLb05Fdq4Uuh8 TyERmxdhbNusZa Message-ID: <4AC87222.4030704@gmx.com> Date: Sun, 04 Oct 2009 13:00:02 +0300 From: Nikos Vassiliadis User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: virtualization@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 X-FuHaFi: 0.59 Cc: Subject: can't find routing entry for network routes X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Oct 2009 10:00:31 -0000 Hi, It seems that some[1] routing requests fail when done in a vnet environment: r1# ifconfig epair0b 10.90/24 r1# traceroute 10.6 traceroute: findsaddr: write: No such process r1# route -n get 10.6 route: writing to routing socket: No such process [1] every host routing entry, is manipulated correctly. Every non-host routing entry, fails. Example: #correct behavior r1# route add 1.1.1.1 10.0.0.9 add host 1.1.1.1: gateway 10.0.0.9 r1# route get 1.1.1.1 route to: 1.1.1.1 destination: 1.1.1.1 gateway: 10.0.0.9 interface: epair0b flags: recvpipe sendpipe ssthresh rtt,msec mtu weight expire 0 0 0 0 1500 1 0 #wrong behavior r1# route add 1.1.1.0/24 10.0.0.9 add net 1.1.1.0: gateway 10.0.0.9 r1# route get 1.1.1.2 route: writing to routing socket: No such process r1# route get 1.1.1.0/24 route: writing to routing socket: No such process Any help? Thanks, Nikos From owner-freebsd-virtualization@FreeBSD.ORG Sun Oct 4 11:42:21 2009 Return-Path: Delivered-To: virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2BC691065693 for ; Sun, 4 Oct 2009 11:42:21 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [195.88.108.3]) by mx1.freebsd.org (Postfix) with ESMTP id D85FB8FC1B for ; Sun, 4 Oct 2009 11:42:20 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 9A86841C678; Sun, 4 Oct 2009 13:25:06 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([195.88.108.3]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id IksUk8Vxpohk; Sun, 4 Oct 2009 13:25:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id C4B2F41C66F; Sun, 4 Oct 2009 13:25:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id D87E64448E6; Sun, 4 Oct 2009 11:22:56 +0000 (UTC) Date: Sun, 4 Oct 2009 11:22:56 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Nikos Vassiliadis In-Reply-To: <4AC87222.4030704@gmx.com> Message-ID: <20091004111741.J26486@maildrop.int.zabbadoz.net> References: <4AC87222.4030704@gmx.com> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: virtualization@freebsd.org Subject: Re: can't find routing entry for network routes X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Oct 2009 11:42:21 -0000 On Sun, 4 Oct 2009, Nikos Vassiliadis wrote: Hi, > It seems that some[1] routing requests fail when > done in a vnet environment: > r1# ifconfig epair0b 10.90/24 > r1# traceroute 10.6 > traceroute: findsaddr: write: No such process > r1# route -n get 10.6 > route: writing to routing socket: No such process .... > > Any help? I have outstanding patches that I haven't comitted yet to not interfere with bugfixing of non-experimental things like the new arp/nd6 code that will be shipped with 8.0-RELEASE while vnets are still considered to be not really supported for that release (see the warning upon boot). Also the solution isn't possibly the right or best one but it works for the moment. Can you try the following patch: http://people.freebsd.org/~bz/20090901-10-vimage-jailed_no_vnet.diff If you are on FreeBSD 8.0-RC1 you'll possibly also need http://people.freebsd.org/~bz/20090906-01-V_llatbl.diff which is in HEAD but not yet MFCed to stable/8. /bz -- Bjoern A. Zeeb It will not break if you know what you are doing. From owner-freebsd-virtualization@FreeBSD.ORG Sun Oct 4 18:00:17 2009 Return-Path: Delivered-To: virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 78BB7106568B for ; Sun, 4 Oct 2009 18:00:17 +0000 (UTC) (envelope-from nvass9573@gmx.com) Received: from mail.gmx.com (unknown [213.165.64.42]) by mx1.freebsd.org (Postfix) with SMTP id C02FF8FC13 for ; Sun, 4 Oct 2009 18:00:16 +0000 (UTC) Received: (qmail invoked by alias); 04 Oct 2009 18:00:15 -0000 Received: from adsl-199.91.140.66.tellas.gr (EHLO [169.254.0.102]) [91.140.66.199] by mail.gmx.com (mp-eu001) with SMTP; 04 Oct 2009 20:00:15 +0200 X-Authenticated: #46156728 X-Provags-ID: V01U2FsdGVkX1/3cEVvmvH3PNL6ZH8UNoap9NYH1YFSlQG9sQzKr9 qMs4cfpfKOJ5+d Message-ID: <4AC8E291.7030409@gmx.com> Date: Sun, 04 Oct 2009 20:59:45 +0300 From: Nikos Vassiliadis User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <4AC87222.4030704@gmx.com> <20091004111741.J26486@maildrop.int.zabbadoz.net> In-Reply-To: <20091004111741.J26486@maildrop.int.zabbadoz.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 X-FuHaFi: 0.57 Cc: virtualization@freebsd.org Subject: Re: can't find routing entry for network routes X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Oct 2009 18:00:17 -0000 Bjoern A. Zeeb wrote: > On Sun, 4 Oct 2009, Nikos Vassiliadis wrote: > > Hi, Hello Bjoern > I have outstanding patches that I haven't comitted yet to not > interfere with bugfixing of non-experimental things like the new > arp/nd6 code that will be shipped with 8.0-RELEASE while vnets are > still considered to be not really supported for that release (see the > warning upon boot). I see. > Also the solution isn't possibly the right or best one but it works > for the moment. Can you try the following patch: > > http://people.freebsd.org/~bz/20090901-10-vimage-jailed_no_vnet.diff Yes, it helps. Just a quick question though, I am trying to use some routing daemons, routed from base and quagga. The protocols (RIPv2, OSPF) I am trying to use rely on joining multicast groups. Is joining multicast groups out of the question for the time being? Nikos From owner-freebsd-virtualization@FreeBSD.ORG Mon Oct 5 20:28:50 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 61D651065694 for ; Mon, 5 Oct 2009 20:28:50 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outX.internet-mail-service.net (outx.internet-mail-service.net [216.240.47.247]) by mx1.freebsd.org (Postfix) with ESMTP id 437CE8FC19 for ; Mon, 5 Oct 2009 20:28:50 +0000 (UTC) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 763A4961D8; Mon, 5 Oct 2009 13:29:05 -0700 (PDT) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id 6FDEB2D6012; Mon, 5 Oct 2009 13:28:49 -0700 (PDT) Message-ID: <4ACA5704.2070404@elischer.org> Date: Mon, 05 Oct 2009 13:28:52 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Tom Judge References: <4ACA0549.7030404@tomjudge.com> <4ACA2E0F.5010800@elischer.org> <4ACA3146.9090402@tomjudge.com> <6201873e0910051142q58e7563fqc7735261ea9ab3c6@mail.gmail.com> <4ACA4216.9060008@tomjudge.com> In-Reply-To: <4ACA4216.9060008@tomjudge.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Adam Vande More , freebsd-current@freebsd.org, Jamie Gritton , FreeBSD virtualization mailing list Subject: Re: Per Jail Memory Limits X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2009 20:28:50 -0000 Tom Judge wrote: > Adam Vande More wrote: >> On Mon, Oct 5, 2009 at 12:47 PM, Tom Judge > > wrote: >> >> Julian Elischer wrote: >> >> Tom Judge wrote: >> >> Hi, >> >> Does anyone know of a patch that will add per jail memory >> limits so that a jail can't swallow the resources of the >> entire box? >> >> >> Thanks >> >> Tom >> _______________________________________________ >> freebsd-current@freebsd.org >> mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-current >> To unsubscribe, send any mail to >> "freebsd-current-unsubscribe@freebsd.org >> " >> >> >> >> not yet.. >> >> >> I started to port this to 7.1 today: >> >> http://wiki.freebsd.org/JailResourceLimits >> >> >> What are the peoples opinions on this patch? >> >> >> Tom >> >> >> If you're soliciting opinions if this will be used and is needed, I >> would love to see this functionality. This is the main reason I've >> had to chose XEN over jails. If you need some help testing, let me know. >> >> -- >> Adam Vande More > Hi Adam, > > I have a patch against 7.1 here: > http://svn.tomjudge.com/freebsd/patches/jail-resource-limits/jail-limits.patch probably the person who should work with this in -current is james (CC'd) > > > I will try to bring the patch up to current when I get a chance but I > have no real need to do this as we use 7.1 in production. > > Notes: > > * CPU limiting is not support is not supported unless you use > shecd_4bsd. > * I have not tested this on any system yet, just compile tested, I am > putting it though its paces right now. > > Tom > > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" From owner-freebsd-virtualization@FreeBSD.ORG Tue Oct 6 10:50:08 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 951BB1065670; Tue, 6 Oct 2009 10:50:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [195.88.108.3]) by mx1.freebsd.org (Postfix) with ESMTP id 214DD8FC08; Tue, 6 Oct 2009 10:50:08 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id D5DFD41C6A1; Tue, 6 Oct 2009 12:50:06 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([195.88.108.3]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id Zyxxf0TrUv+O; Tue, 6 Oct 2009 12:50:06 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 3B51741C69F; Tue, 6 Oct 2009 12:50:06 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 5D55A4448E6; Tue, 6 Oct 2009 10:45:55 +0000 (UTC) Date: Tue, 6 Oct 2009 10:45:55 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Julian Elischer In-Reply-To: <4ACA5704.2070404@elischer.org> Message-ID: <20091006104529.B5956@maildrop.int.zabbadoz.net> References: <4ACA0549.7030404@tomjudge.com> <4ACA2E0F.5010800@elischer.org> <4ACA3146.9090402@tomjudge.com> <6201873e0910051142q58e7563fqc7735261ea9ab3c6@mail.gmail.com> <4ACA4216.9060008@tomjudge.com> <4ACA5704.2070404@elischer.org> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Adam Vande More , FreeBSD virtualization mailing list , freebsd-current@freebsd.org, Jamie Gritton , Tom Judge , freebsd-jail@FreeBSD.org Subject: Re: Per Jail Memory Limits X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Oct 2009 10:50:08 -0000 On Mon, 5 Oct 2009, Julian Elischer wrote: > Tom Judge wrote: >> Adam Vande More wrote: >>> On Mon, Oct 5, 2009 at 12:47 PM, Tom Judge >> > wrote: >>> >>> Julian Elischer wrote: >>> >>> Tom Judge wrote: >>> >>> Hi, >>> >>> Does anyone know of a patch that will add per jail memory >>> limits so that a jail can't swallow the resources of the >>> entire box? >>> >>> >>> Thanks >>> >>> Tom >>> >>> not yet.. >>> >>> >>> I started to port this to 7.1 today: >>> >>> http://wiki.freebsd.org/JailResourceLimits >>> >>> >>> What are the peoples opinions on this patch? >>> >>> >>> Tom >>> >>> >>> If you're soliciting opinions if this will be used and is needed, I would >>> love to see this functionality. This is the main reason I've had to chose >>> XEN over jails. If you need some help testing, let me know. >>> >>> -- >>> Adam Vande More >> Hi Adam, >> >> I have a patch against 7.1 here: >> http://svn.tomjudge.com/freebsd/patches/jail-resource-limits/jail-limits.patch > > > > probably the person who should work with this in -current is james (CC'd) Probably the person who should be contacted is trasz who worked on hierachical resource limit per .., jail in p4. Though this is slightly different. I think it's ok if people need those things to update the pathes but I doubt any will probably ever make it into FreeBSD as those things are kind of contrary to the V_ plans. BTW, I think the patch referenced is not the latest I had seen and I thought that we also had one for 7.x or even for 8 already floating around. Maybe some investigation on list archives etc. might be helpful before starting to hack things. Maybe also check the links on http://wiki.freebsd.org/Jails >> >> >> I will try to bring the patch up to current when I get a chance but I have >> no real need to do this as we use 7.1 in production. >> >> Notes: >> >> * CPU limiting is not support is not supported unless you use >> shecd_4bsd. >> * I have not tested this on any system yet, just compile tested, I am >> putting it though its paces right now. >> >> Tom -- Bjoern A. Zeeb It will not break if you know what you are doing. From owner-freebsd-virtualization@FreeBSD.ORG Wed Oct 7 01:15:02 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 969B3106568B for ; Wed, 7 Oct 2009 01:15:02 +0000 (UTC) (envelope-from remodeler@alentogroup.org) Received: from courriel.marmotmail.com (courriel.marmotmail.com [85.17.36.172]) by mx1.freebsd.org (Postfix) with ESMTP id 584888FC17 for ; Wed, 7 Oct 2009 01:15:02 +0000 (UTC) Received: from bruce.epifora.com (localhost.local [127.0.0.1]) by courriel.marmotmail.com (Postfix) with ESMTP id A8B34239670 for ; Wed, 7 Oct 2009 03:59:23 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id 6D0534761F9 for ; Tue, 6 Oct 2009 20:57:15 -0400 (EDT) Received: from bruce.epifora.com ([127.0.0.1]) by localhost (bruce.epifora.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18448-08 for ; Tue, 6 Oct 2009 20:57:13 -0400 (EDT) Received: from alentogroup.org (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id 878974761F8 for ; Tue, 6 Oct 2009 20:57:13 -0400 (EDT) From: "remodeler" To: freebsd-virtualization@freebsd.org Date: Tue, 6 Oct 2009 20:57:13 -0400 Message-Id: <20091007002615.M76095@alentogroup.org> X-OriginatingIP: 127.0.0.1 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Subject: can't find routing entry for network routes X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2009 01:15:02 -0000 I am having the same problem as Nikos I am trying to implement a vnet-enabled service jail on FreeBSD 8.0 HEAD. I have thoroughly studied the "Network stack virtualization" document written by Marko. I received troubleshooting help over several days last from Julian Elischer when I raised the issue in this thread on the freebsd-net list. I am running a GENERIC kernel on amd64, with the additional options vimage, netgraph, ng_ether, and ng_eiface. I successfully applied the patch Bjoern provided: http://people.freebsd.org/~bz/20090901-10-vimage-jailed_no_vnet.diff I tested with this patch, and also the lines in the other patch Bjoern provided that are not in HEAD: http://people.freebsd.org/~bz/20090906-01-V_llatbl.diff i.e., +#include + CURVNET_RESTORE(); + CURVNET_SET_QUIET(TD_TO_VNET(curthread)); +vnet_lltable_init(const void *unused __unused) +{ + + /* Manually do what SLIST_HEAD_INITIALIZER would do. */ + V_lltables.slh_first = NULL; +} + +VNET_SYSINIT(vnet_lltable_init, SI_SUB_PSEUDO, SI_ORDER_ANY, vnet_lltable_init, + NULL); Trying to apply a ruleset after mounting devfs in a jail, I get: devfs -m /jail/j/ns/dev rule -s 8 applyset devfs rule: ioctl DEVFSIO_SAPPLY: No such process Attempting to apply a default route to the ngeth0 interface bound to the jail, I get: route: writing to routing socket: Network is unreachable add net default: gateway 00:23:54:08:2b:f7: Network is unreachable netstat -r gives: netstat: kvm not available: /dev/mem: Permission denied Routing tables rt_tables: symbol not in namelist I have /dev/mem mounted in the jail. I've seen reference to mem not being accessible in the jail, in some of the discussions on running x-server in the jail. Julian mentioned that it looked like I need to make /dev/mem accessible in the jail. I do not know how to do that; it also seems that if I had a routing socket, I could live without reading memory for netstat output. I understand each jail has its own FIB. I thought jails opened a routing socket during their creation by default. I need to add a default route to use the jail: vimage ns route add default -link 00:0a:0b:0c:2b:f7 But no combination I've tried succeeds. Any help appreciated :-> From owner-freebsd-virtualization@FreeBSD.ORG Wed Oct 7 01:37:48 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 550BF106568B for ; Wed, 7 Oct 2009 01:37:48 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outP.internet-mail-service.net (outp.internet-mail-service.net [216.240.47.239]) by mx1.freebsd.org (Postfix) with ESMTP id 3A9D58FC20 for ; Wed, 7 Oct 2009 01:37:48 +0000 (UTC) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 43A26B3EC7; Tue, 6 Oct 2009 18:37:48 -0700 (PDT) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id 6E0E72D601E; Tue, 6 Oct 2009 18:37:47 -0700 (PDT) Message-ID: <4ACBF0ED.2070905@elischer.org> Date: Tue, 06 Oct 2009 18:37:49 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: remodeler References: <20091007002615.M76095@alentogroup.org> In-Reply-To: <20091007002615.M76095@alentogroup.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-virtualization@freebsd.org Subject: Re: can't find routing entry for network routes X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2009 01:37:48 -0000 remodeler wrote: > I am having the same problem as Nikos I am trying to implement a vnet-enabled > service jail on FreeBSD 8.0 HEAD. I have thoroughly studied the "Network stack > virtualization" document written by Marko. I received troubleshooting help > over several days last from Julian Elischer when I raised the issue in this > thread on the freebsd-net list. I am running a GENERIC kernel on amd64, with > the additional options vimage, netgraph, ng_ether, and ng_eiface. please recap with a script that fails i.e. a script I can try run, and show how the output differs from what you would expect. (I don't have your previous emails at hand) > > I successfully applied the patch Bjoern provided: > > http://people.freebsd.org/~bz/20090901-10-vimage-jailed_no_vnet.diff > > I tested with this patch, and also the lines in the other patch Bjoern > provided that are not in HEAD: > > http://people.freebsd.org/~bz/20090906-01-V_llatbl.diff > > i.e., > +#include > + CURVNET_RESTORE(); > + CURVNET_SET_QUIET(TD_TO_VNET(curthread)); > > +vnet_lltable_init(const void *unused __unused) > +{ > + > + /* Manually do what SLIST_HEAD_INITIALIZER would do. */ > + V_lltables.slh_first = NULL; > +} > + > +VNET_SYSINIT(vnet_lltable_init, SI_SUB_PSEUDO, SI_ORDER_ANY, vnet_lltable_init, > + NULL); > > Trying to apply a ruleset after mounting devfs in a jail, I get: > > devfs -m /jail/j/ns/dev rule -s 8 applyset > devfs rule: ioctl DEVFSIO_SAPPLY: No such process > > Attempting to apply a default route to the ngeth0 interface bound to the jail, > I get: > > route: writing to routing socket: Network is unreachable > add net default: gateway 00:23:54:08:2b:f7: Network is unreachable > > netstat -r gives: > > netstat: kvm not available: /dev/mem: Permission denied > Routing tables > rt_tables: symbol not in namelist > > I have /dev/mem mounted in the jail. I've seen reference to mem not being > accessible in the jail, in some of the discussions on running x-server in the > jail. Julian mentioned that it looked like I need to make /dev/mem accessible > in the jail. I do not know how to do that; it also seems that if I had a > routing socket, I could live without reading memory for netstat output. I > understand each jail has its own FIB. I thought jails opened a routing socket > during their creation by default. > > I need to add a default route to use the jail: > > vimage ns route add default -link 00:0a:0b:0c:2b:f7 > > But no combination I've tried succeeds. Any help appreciated :-> > _______________________________________________ > freebsd-virtualization@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization > To unsubscribe, send any mail to "freebsd-virtualization-unsubscribe@freebsd.org" From owner-freebsd-virtualization@FreeBSD.ORG Wed Oct 7 04:50:08 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9AB5C106568B for ; Wed, 7 Oct 2009 04:50:08 +0000 (UTC) (envelope-from remodeler@alentogroup.org) Received: from courriel.marmotmail.com (courriel.marmotmail.com [85.17.36.172]) by mx1.freebsd.org (Postfix) with ESMTP id 314A68FC13 for ; Wed, 7 Oct 2009 04:50:07 +0000 (UTC) Received: from bruce.epifora.com (localhost.local [127.0.0.1]) by courriel.marmotmail.com (Postfix) with ESMTP id 629202396EE for ; Wed, 7 Oct 2009 08:05:32 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id 6B6924761F9 for ; Wed, 7 Oct 2009 01:03:24 -0400 (EDT) Received: from bruce.epifora.com ([127.0.0.1]) by localhost (bruce.epifora.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23380-10 for ; Wed, 7 Oct 2009 01:03:22 -0400 (EDT) Received: from alentogroup.org (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id 673B24761F8 for ; Wed, 7 Oct 2009 01:03:22 -0400 (EDT) From: "remodeler" To: freebsd-virtualization@freebsd.org Date: Wed, 7 Oct 2009 01:03:22 -0400 Message-Id: <20091007043721.M28730@alentogroup.org> In-Reply-To: <4ACBF0ED.2070905@elischer.org> References: <20091007002615.M76095@alentogroup.org> <4ACBF0ED.2070905@elischer.org> X-OriginatingIP: 127.0.0.1 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Subject: Re: can't find routing entry for network routes X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2009 04:50:08 -0000 On Tue, 06 Oct 2009 18:37:49 -0700, Julian Elischer wrote > please recap with a script that fails Thank you for your response Julian. I very much respect the work everyone has done on netgraph / vimage / jails, and also the help extended to me. Kernel options in addition to amd64 GENERIC are geom_journal, ufs_gjournal, geom_mirror, geom_eli, vimage, netgraph, netgraph_bridge, netgraph_ether, and netgraph_eiface. Additional devices are crypto. World and kernel are in sync. I have been testing by csup'ing from head, but I have the same errors in 8.0 beta1, beta3, and rc1. # make a bridge and connect the physical ethernet interface to it ngctl mkpeer msk0: bridge lower link0 ngctl name msk0:lower bridge0 ngctl connect msk0: bridge0: upper link1 # Start Name Server Jail jail -c -l -U root -n ns host.hostname=ns.my.org path=\ /jail/j/ns vnet persist mount -t procfs proc /jail/j/ns/proc mount -t devfs dev /jail/j/ns/dev devfs -m /jail/j/ns/dev rule -s 4 applyset mount -t fdescfs null /jail/j/ns/dev/fd ngctl mkpeer eiface ether ether ngctl connect ngeth0: bridge0: ether link2 ifconfig ngeth0 vnet ns vimage ns ifconfig lo0 localhost vimage ns ifconfig ngeth0 link 02:0a:0b:0c:01:01 vimage ns ifconfig ngeth0 172.26.64.10 vimage ns route add default -link 00:23:54:08:2b:f7 This results in an error on applying the devfs ruleset, so I see all of root's /dev in the jail. I receive an error on the route command. I get identical errors when I specify / as the path and omit the mounts/devfs command. My expectation is that this would leave me with two network stacks, msk0 and ngeth0, with msk0 connected to the ng_bridge by its upper and lower hooks and ngeth0 by its ether hook. I would expect network connectivity over the bridge, and to be able to manipulate the vnet jail's FIB from the host to add a default route. Most of what I expect happens: # ngctl list There are 5 total nodes: Name: bridge0 Type: bridge ID: 00000004 Num hooks: 3 Name: ipfw Type: ipfw ID: 00000001 Num hooks: 0 Name: ngeth0 Type: eiface ID: 00000008 Num hooks: 1 Name: ngctl1633 Type: socket ID: 0000000a Num hooks: 0 Name: msk0 Type: ether ID: 00000002 Num hooks: 2 # vimage -l ns # jls JID IP Address Hostname Path 1 - ns.my.org /jail/j/ns but the devfs ruleset command fails (executed on the host): # devfs -m /jail/j/ns/dev rule -s 4 applyset devfs rule: ioctl DEVFSIO_SAPPLY: No such process and in the jail: ns# # devfs -m /jail/j/ns/dev rule -s 4 applyset #: Command not found. ns# fs rule: ioctl DEVFSIO_SAPPLY: No such processdevfs rule: ioctl DEVFSIO_SAPPLY: No such process adding the route from the host: # vimage ns route add default -link 00:23:54:08:2b:f7 route: writing to routing socket: Network is unreachable add net default: gateway 00:23:54:08:2b:f7: Network is unreachable and from the jail: ns# route add default -link 00:23:54:08:2b:f7 route: writing to routing socket: Network is unreachable add net default: gateway 00:23:54:08:2b:f7: Network is unreachable I get the same error for netstat -r from the host and the jail: # netstat -r netstat: kvm not available: /dev/mem: Permission denied Routing tables rt_tables: symbol not in namelist Before I compiled in Bjorn's patches, netstat -r worked properly on the host. The host has network connectivity. If I boot without starting the jail, everything works as I expect on the host (haven't tested that very far since the patches). Thank you. From owner-freebsd-virtualization@FreeBSD.ORG Wed Oct 7 05:20:52 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 215A1106566B for ; Wed, 7 Oct 2009 05:20:52 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outO.internet-mail-service.net (outo.internet-mail-service.net [216.240.47.238]) by mx1.freebsd.org (Postfix) with ESMTP id 0699A8FC0A for ; Wed, 7 Oct 2009 05:20:51 +0000 (UTC) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id D239FB98E3; Tue, 6 Oct 2009 22:20:51 -0700 (PDT) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id 290B82D6017; Tue, 6 Oct 2009 22:20:51 -0700 (PDT) Message-ID: <4ACC2536.9030701@elischer.org> Date: Tue, 06 Oct 2009 22:20:54 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: remodeler References: <20091007002615.M76095@alentogroup.org> <4ACBF0ED.2070905@elischer.org> <20091007043721.M28730@alentogroup.org> In-Reply-To: <20091007043721.M28730@alentogroup.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-virtualization@freebsd.org Subject: Re: can't find routing entry for network routes X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2009 05:20:52 -0000 remodeler wrote: > On Tue, 06 Oct 2009 18:37:49 -0700, Julian Elischer wrote > >> please recap with a script that fails > > Thank you for your response Julian. I very much respect the work everyone has > done on netgraph / vimage / jails, and also the help extended to me. > > Kernel options in addition to amd64 GENERIC are geom_journal, ufs_gjournal, > geom_mirror, geom_eli, vimage, netgraph, netgraph_bridge, netgraph_ether, and > netgraph_eiface. Additional devices are crypto. World and kernel are in sync. > I have been testing by csup'ing from head, but I have the same errors in 8.0 > beta1, beta3, and rc1. > > # make a bridge and connect the physical ethernet interface to it > ngctl mkpeer msk0: bridge lower link0 > ngctl name msk0:lower bridge0 > ngctl connect msk0: bridge0: upper link1 > > # Start Name Server Jail > jail -c -l -U root -n ns host.hostname=ns.my.org path=\ > /jail/j/ns vnet persist > mount -t procfs proc /jail/j/ns/proc > mount -t devfs dev /jail/j/ns/dev > devfs -m /jail/j/ns/dev rule -s 4 applyset can you show rule set 4? > mount -t fdescfs null /jail/j/ns/dev/fd gosh someone that uses that? wow > ngctl mkpeer eiface ether ether ?? something missing here. mkpeer take 4 args > ngctl connect ngeth0: bridge0: ether link2 # I haven't checked teh man pages but I'd imagine something like: ngctl mkpeer msk0: bridge lower lower ngctl name msk0:lower bridge ngctl connect bridge: msk0 upper upper ngctl mkpeer bridge: eiface upper2 ether > ifconfig ngeth0 vnet ns > vimage ns ifconfig lo0 localhost use jexec instead I think. 'vimage' will go away. it is teh 'old' interface. > vimage ns ifconfig ngeth0 link 02:0a:0b:0c:01:01 > vimage ns ifconfig ngeth0 172.26.64.10 > vimage ns route add default -link 00:23:54:08:2b:f7 ?? why a link address? > > This results in an error on applying the devfs ruleset, I don't know why that would be. can you do that line on somewhere else, like /mnt? Or does it only fail on the root of the jail? > so I see all of root's > /dev in the jail. I receive an error on the route command. I get identical > errors when I specify / as the path and omit the mounts/devfs command. try using a normal IP address as the default route.. > > My expectation is that this would leave me with two network stacks, msk0 and > ngeth0, with msk0 connected to the ng_bridge by its upper and lower hooks and > ngeth0 by its ether hook. I would expect network connectivity over the bridge, > and to be able to manipulate the vnet jail's FIB from the host to add a > default route. Most of what I expect happens: > > # ngctl list > There are 5 total nodes: > Name: bridge0 Type: bridge ID: 00000004 Num hooks: 3 > Name: ipfw Type: ipfw ID: 00000001 Num hooks: 0 > Name: ngeth0 Type: eiface ID: 00000008 Num hooks: 1 > Name: ngctl1633 Type: socket ID: 0000000a Num hooks: 0 > Name: msk0 Type: ether ID: 00000002 Num hooks: 2 > > # vimage -l > ns > > # jls > JID IP Address Hostname Path > 1 - ns.my.org /jail/j/ns > > but the devfs ruleset command fails (executed on the host): > > # devfs -m /jail/j/ns/dev rule -s 4 applyset > devfs rule: ioctl DEVFSIO_SAPPLY: No such process > > and in the jail: > > ns# # devfs -m /jail/j/ns/dev rule -s 4 applyset > #: Command not found. > ns# fs rule: ioctl DEVFSIO_SAPPLY: No such processdevfs rule: ioctl > DEVFSIO_SAPPLY: No such process > > adding the route from the host: > > # vimage ns route add default -link 00:23:54:08:2b:f7 > route: writing to routing socket: Network is unreachable > add net default: gateway 00:23:54:08:2b:f7: Network is unreachable > > and from the jail: > > ns# route add default -link 00:23:54:08:2b:f7 > route: writing to routing socket: Network is unreachable > add net default: gateway 00:23:54:08:2b:f7: Network is unreachable try adding the IP address of your gateway on the 172 net. (you haven't shown this). > > I get the same error for netstat -r from the host and the jail: > > # netstat -r > netstat: kvm not available: /dev/mem: Permission denied > Routing tables > rt_tables: symbol not in namelist it is possible that the kvm is not available to you becasue f hte jail, but it works for me on -current. > > Before I compiled in Bjorn's patches, netstat -r worked properly on the host. > The host has network connectivity. If I boot without starting the jail, > everything works as I expect on the host (haven't tested that very far since > the patches). I get the imporession you want the jail to be on the 172 net but you don't actually HAVE a 172 net. Is that true? > > Thank you. > > > _______________________________________________ > freebsd-virtualization@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization > To unsubscribe, send any mail to "freebsd-virtualization-unsubscribe@freebsd.org" From owner-freebsd-virtualization@FreeBSD.ORG Wed Oct 7 22:31:02 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE2E71065670 for ; Wed, 7 Oct 2009 22:31:02 +0000 (UTC) (envelope-from remodeler@alentogroup.org) Received: from courriel.marmotmail.com (courriel.marmotmail.com [85.17.36.172]) by mx1.freebsd.org (Postfix) with ESMTP id AD88F8FC15 for ; Wed, 7 Oct 2009 22:31:02 +0000 (UTC) Received: from bruce.epifora.com (localhost.local [127.0.0.1]) by courriel.marmotmail.com (Postfix) with ESMTP id A41DA2398A0 for ; Thu, 8 Oct 2009 01:46:32 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id 875664761F9 for ; Wed, 7 Oct 2009 18:44:27 -0400 (EDT) Received: from bruce.epifora.com ([127.0.0.1]) by localhost (bruce.epifora.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04028-07 for ; Wed, 7 Oct 2009 18:44:26 -0400 (EDT) Received: from alentogroup.org (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id 1A0064761F8 for ; Wed, 7 Oct 2009 18:44:26 -0400 (EDT) From: "remodeler" To: freebsd-virtualization@freebsd.org Date: Wed, 7 Oct 2009 18:44:26 -0400 Message-Id: <20091007222310.M23322@alentogroup.org> In-Reply-To: <4ACCE73A.5000502@elischer.org> References: <20091007002615.M76095@alentogroup.org> <4ACBF0ED.2070905@elischer.org> <20091007043721.M28730@alentogroup.org> <4ACC2536.9030701@elischer.org> <4ACCE73A.5000502@elischer.org> X-OriginatingIP: 127.0.0.1 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Subject: Re: can't find routing entry for network routes X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2009 22:31:03 -0000 Julian Elischer wrote: > note the group permissions. I rebuilt to 8_RELENG and permissions on /dev/kmem default to 540. Netstat works in the virtual jail, and I did not have a route to a gateway on the jail's subnet assigned to ngeth0. Adding a route to the gateway on the physical ethernet interface allowed me to add a default route in the jail. > ?? why a link address? I was afraid the netgraph bridge wouldn't associate the IP address to the physical interface's MAC. I see ng does have arplikeness built-in ;) I sincerely appreciate all of the help, Julian. I am very excited about 8.0 - stack smashing protection, virtualization, trustedbsd. It's a great OS. You mentioned that netgraph is mostly used by higher level applications - commercial apps? What products use netgraph? I will contribute my inernal doc on virtualizing a FreeBSD server with netgraph when everything stabilizes. I have a technical writer available to edit my internal documentation, and I can release the docs under a BSD license. From owner-freebsd-virtualization@FreeBSD.ORG Wed Oct 7 23:30:42 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9D5761065692 for ; Wed, 7 Oct 2009 23:30:42 +0000 (UTC) (envelope-from remodeler@alentogroup.org) Received: from courriel.marmotmail.com (courriel.marmotmail.com [85.17.36.172]) by mx1.freebsd.org (Postfix) with ESMTP id 5B7548FC08 for ; Wed, 7 Oct 2009 23:30:41 +0000 (UTC) Received: from bruce.epifora.com (localhost.local [127.0.0.1]) by courriel.marmotmail.com (Postfix) with ESMTP id A7D0E2394FF for ; Thu, 8 Oct 2009 02:46:12 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id 940A24761F9 for ; Wed, 7 Oct 2009 19:44:07 -0400 (EDT) Received: from bruce.epifora.com ([127.0.0.1]) by localhost (bruce.epifora.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30034-02 for ; Wed, 7 Oct 2009 19:44:06 -0400 (EDT) Received: from alentogroup.org (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id 3311E4761F8 for ; Wed, 7 Oct 2009 19:44:06 -0400 (EDT) From: "remodeler" To: freebsd-virtualization@freebsd.org Date: Wed, 7 Oct 2009 19:44:06 -0400 Message-Id: <20091007234005.M40001@alentogroup.org> In-Reply-To: <4ACD1A29.4070207@elischer.org> References: <20091007002615.M76095@alentogroup.org> <4ACBF0ED.2070905@elischer.org> <20091007043721.M28730@alentogroup.org> <4ACC2536.9030701@elischer.org> <4ACCE73A.5000502@elischer.org> <20091007222310.M23322@alentogroup.org> <4ACD1A29.4070207@elischer.org> X-OriginatingIP: 127.0.0.1 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Subject: Re: can't find routing entry for network routes X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2009 23:30:42 -0000 Julian Elischer wrote: > so does this mean it's all working for you? Yes. Thank you. Will netgraph let you create a gif or other tunneling socket and plug it in directly to the graph? Would the alternative be piping a userland tunneling socket and ng_socket? From owner-freebsd-virtualization@FreeBSD.ORG Thu Oct 8 00:21:35 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 53E37106566B for ; Thu, 8 Oct 2009 00:21:35 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outE.internet-mail-service.net (oute.internet-mail-service.net [216.240.47.228]) by mx1.freebsd.org (Postfix) with ESMTP id 38C738FC19 for ; Thu, 8 Oct 2009 00:21:35 +0000 (UTC) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 281D322D7; Wed, 7 Oct 2009 17:21:35 -0700 (PDT) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id 978E42D6015; Wed, 7 Oct 2009 17:21:34 -0700 (PDT) Message-ID: <4ACD3091.9000709@elischer.org> Date: Wed, 07 Oct 2009 17:21:37 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: remodeler References: <20091007002615.M76095@alentogroup.org> <4ACBF0ED.2070905@elischer.org> <20091007043721.M28730@alentogroup.org> <4ACC2536.9030701@elischer.org> <4ACCE73A.5000502@elischer.org> <20091007222310.M23322@alentogroup.org> <4ACD1A29.4070207@elischer.org> <20091007234005.M40001@alentogroup.org> In-Reply-To: <20091007234005.M40001@alentogroup.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-virtualization@freebsd.org Subject: Re: can't find routing entry for network routes X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Oct 2009 00:21:35 -0000 remodeler wrote: > Julian Elischer wrote: > >> so does this mean it's all working for you? > > Yes. Thank you. > > Will netgraph let you create a gif or other tunneling socket and plug it in > directly to the graph? Would the alternative be piping a userland tunneling > socket and ng_socket? there is an ng_gif node but I've never used it. look in /usr/src/sys/netgraph to see what exists. They are supposed to all have man pages. I like mpd for tunneling.. it is a higher level user of netgraph. > _______________________________________________ > freebsd-virtualization@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization > To unsubscribe, send any mail to "freebsd-virtualization-unsubscribe@freebsd.org" From owner-freebsd-virtualization@FreeBSD.ORG Thu Oct 8 17:01:26 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4149C1065692 for ; Thu, 8 Oct 2009 17:01:26 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outC.internet-mail-service.net (outc.internet-mail-service.net [216.240.47.226]) by mx1.freebsd.org (Postfix) with ESMTP id 22B1E8FC08 for ; Thu, 8 Oct 2009 17:01:26 +0000 (UTC) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id DCD359E3DF; Thu, 8 Oct 2009 10:01:25 -0700 (PDT) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id 92FE22D6028; Thu, 8 Oct 2009 10:01:25 -0700 (PDT) Message-ID: <4ACE1AE8.60409@elischer.org> Date: Thu, 08 Oct 2009 10:01:28 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: "Ahrenholz, Jeffrey M" References: <20091007002615.M76095@alentogroup.org> <4ACBF0ED.2070905@elisch er.org> <20091007043721.M28730@alentogroup.org> <4ACC2536.9030701@elischer. org> <4ACCE73A.5000502@elischer.org> <20091007222310.M23322@alentogroup.org > <4ACD1A29.4070207@elischer.org><20091007234005.M40001@alentogroup.org> <4ACD3091.9000709@elischer.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "freebsd-virtualization@freebsd.org" Subject: Re: can't find routing entry for network routes X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Oct 2009 17:01:26 -0000 Ahrenholz, Jeffrey M wrote: >>> Will netgraph let you create a gif or other tunneling >> socket and plug >>> it in directly to the graph? Would the alternative be piping a >>> userland tunneling socket and ng_socket? >> there is an ng_gif node but I've never used it. >> >> look in /usr/src/sys/netgraph to see what exists. They are >> supposed to all have man pages. >> >> I like mpd for tunneling.. >> it is a higher level user of netgraph. > > Another good one is ng_ksocket(4), which you can use to directly connect the netgraph systems of two different kernels across the network. It behaves like a bare-bones tunnel where the netgraph data is sent directly over UDP or TCP. > > -Jeff in fact mpd knows how to use ksockets to do just that when it usws tcp or udp as a transport mechanism for it's ppp stream. I have also used ksockets directly and used ipsec to encrypt the outer layer.. From owner-freebsd-virtualization@FreeBSD.ORG Thu Oct 8 17:03:55 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B5FCE106568F for ; Thu, 8 Oct 2009 17:03:55 +0000 (UTC) (envelope-from jeffrey.m.ahrenholz@boeing.com) Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by mx1.freebsd.org (Postfix) with ESMTP id 76DC08FC26 for ; Thu, 8 Oct 2009 17:03:55 +0000 (UTC) Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.13.4]) by stl-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id n98GAn1r004912 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 8 Oct 2009 11:10:52 -0500 (CDT) Received: from slb-av-01.boeing.com (localhost [127.0.0.1]) by slb-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id n98GAnPZ020813; Thu, 8 Oct 2009 09:10:49 -0700 (PDT) Received: from XCH-NWHT-04.nw.nos.boeing.com (xch-nwht-04.nw.nos.boeing.com [130.247.64.250]) by slb-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id n98GAnH7020795 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Thu, 8 Oct 2009 09:10:49 -0700 (PDT) Received: from XCH-NW-12V.nw.nos.boeing.com ([130.247.25.248]) by XCH-NWHT-04.nw.nos.boeing.com ([130.247.64.250]) with mapi; Thu, 8 Oct 2009 09:10:49 -0700 From: "Ahrenholz, Jeffrey M" To: "'Julian Elischer'" , remodeler Date: Thu, 8 Oct 2009 09:10:48 -0700 Thread-Topic: can't find routing entry for network routes Thread-Index: AcpHrVmxNLGfP8XVRTW1RqhsDGifugAg+QeA Message-ID: References: <20091007002615.M76095@alentogroup.org> <4ACBF0ED.2070905@elisch er.org> <20091007043721.M28730@alentogroup.org> <4ACC2536.9030701@elischer. org> <4ACCE73A.5000502@elischer.org> <20091007222310.M23322@alentogroup.org > <4ACD1A29.4070207@elischer.org><20091007234005.M40001@alentogroup.org> <4ACD3091.9000709@elischer.org> In-Reply-To: <4ACD3091.9000709@elischer.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "freebsd-virtualization@freebsd.org" Subject: RE: can't find routing entry for network routes X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Oct 2009 17:03:55 -0000 > > Will netgraph let you create a gif or other tunneling=20 > socket and plug=20 > > it in directly to the graph? Would the alternative be piping a=20 > > userland tunneling socket and ng_socket? >=20 > there is an ng_gif node but I've never used it. >=20 > look in /usr/src/sys/netgraph to see what exists. They are=20 > supposed to all have man pages. >=20 > I like mpd for tunneling.. > it is a higher level user of netgraph. Another good one is ng_ksocket(4), which you can use to directly connect th= e netgraph systems of two different kernels across the network. It behaves = like a bare-bones tunnel where the netgraph data is sent directly over UDP = or TCP. -Jeff=