From owner-freebsd-jail@freebsd.org Sun Jan 27 14:00:33 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9C9E314AD0DA; Sun, 27 Jan 2019 14:00:33 +0000 (UTC) (envelope-from stb@lassitu.de) Received: from gilb.zs64.net (gilb.zs64.net [IPv6:2a00:14b0:4200:32e0::1ea]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gilb.zs64.net", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ACD836A8F2; Sun, 27 Jan 2019 14:00:32 +0000 (UTC) (envelope-from stb@lassitu.de) Received: by gilb.zs64.net (Postfix, from stb@lassitu.de) id D731E20B439; Sun, 27 Jan 2019 14:00:31 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Subject: Re: The status of docker From: Stefan Bethke In-Reply-To: <089e330d-2761-2440-3b7f-dd22e9088af5@gjunka.com> Date: Sun, 27 Jan 2019 15:00:31 +0100 Cc: freebsd-ports@freebsd.org, freebsd-jail@freebsd.org, freebsd-virtualization@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <1059F1FF-7521-4ACC-AA20-49E600E20C38@lassitu.de> References: <089e330d-2761-2440-3b7f-dd22e9088af5@gjunka.com> To: Grzegorz Junka X-Mailer: Apple Mail (2.3445.102.3) X-Rspamd-Queue-Id: ACD836A8F2 X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of stb@lassitu.de designates 2a00:14b0:4200:32e0::1ea as permitted sender) smtp.mailfrom=stb@lassitu.de X-Spamd-Result: default: False [1.17 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+mx]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[lassitu.de]; TO_DN_SOME(0.00)[]; NEURAL_SPAM_MEDIUM(0.30)[0.300,0]; NEURAL_HAM_LONG(-0.33)[-0.334,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_SHORT(0.96)[0.959,0]; MX_GOOD(-0.01)[cached: gilb.zs64.net]; IP_SCORE(0.06)[ipnet: 2a00:14b0::/32(0.17), asn: 13135(0.12), country: DE(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:13135, ipnet:2a00:14b0::/32, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jan 2019 14:00:33 -0000 It=E2=80=99s bad etiquette to post to more than two lists, let=E2=80=99s = take this to freebsd-virtualization@. > Am 19.01.2019 um 15:24 schrieb Grzegorz Junka : >=20 > Hello, does anyone know the current status of docker on FreeBSD? Wiki = https://wiki.freebsd.org/Docker states it's experimental. The last = commit in https://github.com/kvasdopil/docker/tree/freebsd-compat is = also from 2015. >=20 > There in fact are two ports, freebsd-docker (from 2015) and docker = (18.06). What's the difference between them and which one should I use = to run docker images on FreeBSD host? >=20 > Has this project been completed and now only needs testing, or has it = been abandoned, or maybe the approach has changed and I am looking in a = wrong place? >=20 > Thanks, > GrzegorzJ >=20 > _______________________________________________ > freebsd-ports@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to = "freebsd-ports-unsubscribe@freebsd.org" --=20 Stefan Bethke Fon +49 151 14070811 From owner-freebsd-jail@freebsd.org Mon Jan 28 12:44:16 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AF9B314B27F5 for ; Mon, 28 Jan 2019 12:44:16 +0000 (UTC) (envelope-from o.hartmann@walstatt.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 1C18F8A07A for ; Mon, 28 Jan 2019 12:44:16 +0000 (UTC) (envelope-from o.hartmann@walstatt.org) Received: by mailman.ysv.freebsd.org (Postfix) id CEA7614B27E2; Mon, 28 Jan 2019 12:44:15 +0000 (UTC) Delivered-To: jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A951B14B27E1; Mon, 28 Jan 2019 12:44:15 +0000 (UTC) (envelope-from o.hartmann@walstatt.org) Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 198938A04C; Mon, 28 Jan 2019 12:44:13 +0000 (UTC) (envelope-from o.hartmann@walstatt.org) Received: from freyja ([79.192.173.163]) by mail.gmx.com (mrgmx001 [212.227.17.190]) with ESMTPSA (Nemesis) id 0Lm34j-1hNR1E3FUP-00ZggB; Mon, 28 Jan 2019 13:44:01 +0100 Date: Mon, 28 Jan 2019 13:44:00 +0100 From: "O. Hartmann" To: freebsd-current , jail@freebsd.org Subject: icmp (IPv4) issues with VIMAGE JAILs and IPv6 Message-ID: <20190128134356.23a41e81@freyja> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:Ihr+Lb+c9mg2/VNa7sS8MESGp0Jb7DR1nbuI7sZQGENxdk9o1EP q6fC+pxX47eGmWdn1Q1TvtYgXXiKnhVHzN9qEbGBKo10CU/rOCFLcCMc48088cazSXrApcl 07xBRin2O36XLW4wWoJeTD5Q1oKVav76anRvv6+9lO9PFdC1jP1ipKCfzuvcI5dW5F96AZi chdY2x23BKpNCA+M+djCg== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:OH3CTtksNSs=:B+NnD1Iwf5U5m+rvIHs1NF nAz+NDfwEAbS0ZjutZNIeFO0A1IoL0jkYP7p9I4Uz8x5DLcxDHQN50vIY2DuIn/286EFTQgDL GUkrpak6xp2gI4j826cRN4MW6qS+DFSmUD05uIMLX6s3nk+e1YlrbiyNEj84UE6nIIKKZS5Ky kGg8PCKW/lqqZxIVV2OyJLuU9lYndbfVIQ5N7wNui1ZzLxXaKruSd+Bj+W2smu3NTD3s7Kw5A 7syCL1D4iiT3oRoMzWzEXasQep/k0XmJO9KbfUe18cCcZew0gO0JgGL/GoA+uMWN+CKU/8zs/ eYRU2eSeqY07dYnKC4mf+p8fm2cUYTmG1A/Fv8H9dtUWojJ697DtsrDOX3U9mqxhF4ssvFNcz enzpOwPCdrvJj9zGCTONqt8TrIEF4DOH5+oN66ndQGC9+GlJUCDnQrk/CEh6/CS8b2057dKWA eTLDxE7qGhiGMlVLKJFmu2lglwr2+9i9WYKNP/T3CDf9dxW6uDbBxlkK0wNtQdh8XSW436WYr eNZhuxWb9R9qNbEvQJJSya9/yji8ceq27tVc9PASDyoZKlP8W0aG+qa0SHAWWKQNMwLuTks68 zck8oFBdsUZXA4wEtCdXErr+QsCD9MHousW2c8yt/xD4V2uKt8dfmBAT+ErznZHPB0w2pK6vp dKMBdIE6KUn/EfuM12onPlJcQzE+M/otyTBUCbeZdT58lQr49O3WOVovdnQnTVXo+gBGPtO6N GJHfjyCKUF7bK9jfEcy/yVDbQNkMtUW8roNPnripOc7xw73hfcpaLx78lATHFbntoF/fJZp1k 8/VSxxRHgtFo3eHUdqmeBAHw8ISAja/5mzRt7fvYXsYxLXezm3UVhNSuzHI9OHEOn2WCTN04S Sd/sKCFjteUjRviLPyvkrpJPopNx1TVl+NcWgDssWCOPjGwnIeD1ofH9gWbplyOHfCi5N+6RH 6qQsnL68Atg== X-Rspamd-Queue-Id: 198938A04C X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-1.05 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; RECEIVED_SPAMHAUS_PBL(0.00)[163.173.192.79.zen.spamhaus.org : 127.0.0.10]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-0.997,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[walstatt.org]; AUTH_NA(1.00)[]; NEURAL_SPAM_SHORT(0.17)[0.166,0]; IP_SCORE(-0.66)[ip: (-4.79), ipnet: 212.227.0.0/16(-0.67), asn: 8560(2.16), country: DE(-0.01)]; MX_GOOD(-0.01)[mx00.gmx.net,mx01.gmx.net]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_MEDIUM(-0.84)[-0.843,0]; R_SPF_NA(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[18.15.227.212.list.dnswl.org : 127.0.3.1]; R_DKIM_NA(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jan 2019 12:44:17 -0000 I ran into severe problems on CURRENT ( FreeBSD 13.0-CURRENT #193 r343521: Mon Jan 28 10:26:36 CET 2019 amd64), VIMAGE enabled host with jails utilizing IPv6. Scenario: The main host has two Braodcom (bce0|1) NICs. bce0 is the physical NIC attached to a routed/switched network for the main host. bce1 is also attached to the same network, but via another port on the switch (Cisco). Gatewaying is not allowed on the main host. bce1 is also member of bridge0. The main host hosts a bunch of vnet/VIMAGE jails (~12): each jail has its "epair" pseudo NIC, of which the a-part (epairXXa) is owned by the jail and the b-part is member of the bridge0. NIC bce1 ensures the connection to the physical network. On all hosts IPV6 is enabled. All host use an ULA IPV6 address. All hosts and jails use FreeBSD's native IPFW as their IP filter. bridge0 is configured to not filter on Level 2 (ethernet). IPFW is configured on each jail via rc.conf and script "WORKSTATION". For example, services are allowed by the rc.conf-line: (main host) firewall_type="WORKSTATION" firewall_myservices="22/tcp 53/udp 80/tcp 443/tcp ..." firewall_allowservices="192.168.255.0/24 fdff:dead:beef::/48" firewall_trusted="192.168.255.2 fdff:dead:beef::34 ..." and similar for the jails. Problem: I can not ping (icmp IPv4) any jail from the main host, any host on the regular internet (i.e. google.de/google.com and so on) or any jail, nor can I ping from inside a jail any host or other jail. Since we use some ICINGA2 facilities, pinging is essential. The weird part: ping6 is working perfectly! Alos, any non-ICMPv4 connection is performed well (ssh, http-80, http-443, NFS via 2049 and so on). Disabling IPFW or switch to "OPEN" on a jail or the main host makes things work again. A very similar setup on a host without jails, using also rc.conf for configuring the IPFW paketfilter doesn't reveal such a misbehaviour. The ruleset on a JAIL with ipfw script "WORKSTATION" configured, which is NOT working (icmp doesn't work as expected), looks like this: [...] service ipfw restart Flushed all rules. 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from any to ::1 00500 deny ip from ::1 to any 00600 allow ipv6-icmp from :: to ff02::/16 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 00900 allow ipv6-icmp from any to any icmp6types 1 01000 allow ipv6-icmp from any to any icmp6types 2,135,136 00000 check-state :default 01200 allow tcp from me to any established 00000 allow tcp from me to any setup keep-state :default 00000 allow udp from me to any keep-state :default 00000 allow icmp from me to any keep-state :default 00000 allow ipv6-icmp from me to any keep-state :default 01700 allow udp from 0.0.0.0 68 to 255.255.255.255 67 out 01800 allow udp from any 67 to me 68 in 01900 allow udp from any 67 to 255.255.255.255 68 in 02000 allow udp from fe80::/10 to me 546 in 02100 allow icmp from any to any icmptypes 8 02200 allow ipv6-icmp from any to any icmp6types 128,129 02300 allow icmp from any to any icmptypes 3,4,11 02400 allow ipv6-icmp from any to any icmp6types 3 02500 allow tcp from 192.168.255.0/24 to me 22 02600 allow tcp from 192.168.255.0/24 to me 80 02700 allow tcp from 192.168.255.0/24 to me 443 02800 allow tcp from fdff:dead:beef::/48 to me 22 02900 allow tcp from fdff:dead:beef::/48 to me 80 03000 allow tcp from fdff:dead:beef::/48 to me 443 65000 count ip from any to any 65100 deny { tcp or udp } from any to any 135-139,445 in 65200 deny { tcp or udp } from any to any 1026,1027 in 65300 deny { tcp or udp } from any to any 1433,1434 in 65400 deny ip from any to 255.255.255.255 65500 deny ip from any to 224.0.0.0/24 in 65500 deny udp from any to any 520 in 65500 deny tcp from any 80,443 to any 1024-65535 in 65500 deny ip from any to any Firewall rules loaded. [...] I can not see the problem here in the configuration :-( On the main host (owner of bce1 and bridge0), net.link.bridge looks like: # sysctl net.link.bridge net.link.bridge.ipfw: 0 net.link.bridge.allow_llz_overlap: 0 net.link.bridge.inherit_mac: 1 net.link.bridge.log_stp: 1 net.link.bridge.pfil_local_phys: 0 net.link.bridge.pfil_member: 0 net.link.bridge.ipfw_arp: 0 net.link.bridge.pfil_bridge: 0 net.link.bridge.pfil_onlyip: 0 Stopping all jails, destroying all epairs and bridge0 doesn't change anything. The problems occured when IPv6 came into play on the specific host in question. Does anyone have any ideas? I'm out of ideas. Thanks in advance, Oliver From owner-freebsd-jail@freebsd.org Mon Jan 28 13:42:40 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C83D814B4760 for ; Mon, 28 Jan 2019 13:42:39 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 32CB08C9E5 for ; Mon, 28 Jan 2019 13:42:39 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: by mailman.ysv.freebsd.org (Postfix) id E9EE914B475D; Mon, 28 Jan 2019 13:42:38 +0000 (UTC) Delivered-To: jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D2CB814B475C; Mon, 28 Jan 2019 13:42:38 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:13b:39f::9f:25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 68D678C9E3; Mon, 28 Jan 2019 13:42:38 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id A4B158D4A142; Mon, 28 Jan 2019 13:42:28 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 3AD24D21CE1; Mon, 28 Jan 2019 13:42:27 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id 2C21gqIVXA5z; Mon, 28 Jan 2019 13:42:25 +0000 (UTC) Received: from [192.168.2.110] (unknown [IPv6:fde9:577b:c1a9:31:2ef0:eeff:fe03:ee34]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 7D441D21CDF; Mon, 28 Jan 2019 13:42:25 +0000 (UTC) From: "Bjoern A. Zeeb" To: "O. Hartmann" Cc: freebsd-current , jail@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: icmp (IPv4) issues with VIMAGE JAILs and IPv6 Date: Mon, 28 Jan 2019 13:42:24 +0000 Reply-To: freebsd-ipfw@freebsd.org X-Mailer: MailMate (2.0BETAr6135) Message-ID: <685AA96F-4E00-444E-972A-384D30683495@lists.zabbadoz.net> In-Reply-To: <20190128134356.23a41e81@freyja> References: <20190128134356.23a41e81@freyja> MIME-Version: 1.0 Content-Type: text/plain; format=flowed X-Rspamd-Queue-Id: 68D678C9E3 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.97 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.97)[-0.973,0]; REPLY(-4.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jan 2019 13:42:40 -0000 On 28 Jan 2019, at 12:44, O. Hartmann wrote: > I ran into severe problems on CURRENT ( FreeBSD 13.0-CURRENT #193 > r343521: Mon Jan 28 10:26:36 CET 2019 amd64), VIMAGE enabled host with > jails > utilizing IPv6. and you forget to mention in the subject that it seems to be an ipfw problem and thus missing your target audience most likely. > Stopping all jails, destroying all epairs and bridge0 doesn't change > anything. > > The problems occured when IPv6 came into play on the specific host in > question. Does that mean you could reproduce the problem just with bce0 and no jail+vnets at all just with IPv4, IPv6, and ipfw on the main host? If you cannot, would starting a vnet-jail (without the bridge and connecting the epair), just starting a jail in persist mode, make a difference; or would strating a jail and applying the ipfw rules therein start the problem? > Does anyone have any ideas? I'm out of ideas. y best guess is to move the thread to freebsd-ipfw (Cc: and Reply-To: set) and see if people pick it up there some more and also finding the minimalistic case to reproduce. /bz From owner-freebsd-jail@freebsd.org Mon Jan 28 21:19:45 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 56FCE14BFEF2 for ; Mon, 28 Jan 2019 21:19:45 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id BC7EE80594 for ; Mon, 28 Jan 2019 21:19:44 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: by mailman.ysv.freebsd.org (Postfix) id 7F92314BFEEC; Mon, 28 Jan 2019 21:19:44 +0000 (UTC) Delivered-To: jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5A19314BFEEB; Mon, 28 Jan 2019 21:19:44 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward102j.mail.yandex.net (forward102j.mail.yandex.net [IPv6:2a02:6b8:0:801:2::102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C763280593; Mon, 28 Jan 2019 21:19:43 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback20g.mail.yandex.net (mxback20g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:320]) by forward102j.mail.yandex.net (Yandex) with ESMTP id 6F98BF224AD; Tue, 29 Jan 2019 00:19:40 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback20g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 2sVRmK3cxO-JeIiEKMi; Tue, 29 Jan 2019 00:19:40 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1548710380; bh=N/Y4xud4/v4zMDOnvN4mUjpDUsXp5RcR2PG6KCw0jkE=; h=Subject:To:References:From:Message-ID:Date:In-Reply-To; b=DBZFvnOYjiI8Rrl01A5eOIHHo1TNibWK2nfctYWNZHg/HpaIOjiNn6lCWH8eynvMO mDUkq01kkt8Rqty57bLNlmsuhaRezi+znSFsTwWEl5zePXVbV6npiBLP9Vs+wZVbED NrTjY13n6TUNKPWNO2fPa0zjYTleH+otmkWUnwOA= Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id hoR1R7Sa54-JdSCuAb5; Tue, 29 Jan 2019 00:19:39 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) Subject: Re: icmp (IPv4) issues with VIMAGE JAILs and IPv6 To: "O. Hartmann" , freebsd-current , jail@freebsd.org References: <20190128134356.23a41e81@freyja> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= mQENBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAG0JUFuZHJleSBWLiBFbHN1a292IDxidTdjaGVyQHlhbmRleC5ydT6JATgEEwECACIFAkwB F1kCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAHF6gQQyKF6qmYIAI6ekfm1VA4T vqankI1ISE6ku4jV7UlpIQlEbE7/8n3Zd6teJ+pGOQhN5qk8QE7utdPdbktAzi+x7LIJVzUw 4TywZLXGrkP7VKYkfg6oyCGyzITghefQeJtr2TN4hYCkzPWpylkue8MtmqfZv/6royqwTbN+ +E09FQNvTgRUYJYTeQ1qOsxNRycwvw3dr2rOfuxShbzaHBB1pBIjGrMg8fC5pd65ACH5zuFV A0CoTNGMDrEZSfBkTW604UUHFFXeCoC3dwDZRKOWJ3GmMXns65Ai5YkA63BSHEE1Qle3VBhd cG1w0CB5FBV3pB27UVnf0jEbysrDqW4qN7XMRFSWNAy5AQ0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAYkBHwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: Date: Tue, 29 Jan 2019 00:16:28 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: <20190128134356.23a41e81@freyja> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="S2MF41pEtJo1HXWUnJjI3V6NrYuBrxMFO" X-Rspamd-Queue-Id: C763280593 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.99 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.99)[-0.993,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jan 2019 21:19:45 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --S2MF41pEtJo1HXWUnJjI3V6NrYuBrxMFO Content-Type: multipart/mixed; boundary="sfuZbHl49U2Z3feYWLZAwPPu1vdtN1eRc"; protected-headers="v1" From: "Andrey V. Elsukov" To: "O. Hartmann" , freebsd-current , jail@freebsd.org Message-ID: Subject: Re: icmp (IPv4) issues with VIMAGE JAILs and IPv6 References: <20190128134356.23a41e81@freyja> In-Reply-To: <20190128134356.23a41e81@freyja> --sfuZbHl49U2Z3feYWLZAwPPu1vdtN1eRc Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 28.01.2019 15:44, O. Hartmann wrote: > Stopping all jails, destroying all epairs and bridge0 doesn't change an= ything. >=20 > The problems occured when IPv6 came into play on the specific host in q= uestion. >=20 > Does anyone have any ideas? I'm out of ideas. Since your ruleset is relatively simple, first of try to use "log" opcode for "deny" rules and look what happens in the /var/log/security. --=20 WBR, Andrey V. Elsukov --sfuZbHl49U2Z3feYWLZAwPPu1vdtN1eRc-- --S2MF41pEtJo1HXWUnJjI3V6NrYuBrxMFO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlxPcSwACgkQAcXqBBDI oXp+xAf+P4D5s8efauDZHi1J2Rw/DKy7sQ+wmXc99V6nxULtMVLeEkIvgbfJfxlL jaHMoC+P981n2ZhAk3vc/jY/f2tJO2ig3yo3pUXSdASBgpOMYRhb6KWWZymLoMFH tI1DVlk2Yc8k64l6mTfqv6Z+ZTbeR0hmQ6Yqu19svwlPZ0rlUR+Di1DrlBl9yaCs EgOEUYqVZP8NkPH2vpuhSPig+lYmLWzT9Ckg3RWLVCrvLSkROlBg2ziomonI6FY9 H/fW7rxiIN+W4JAyJZ1pD/7hURyS7pB9nokNBQFx40l/QW72U0goMcH/pW1Ch1tG 4DcMYMI58HSpP3FJsYK9/9Z8IQfLJQ== =zSjM -----END PGP SIGNATURE----- --S2MF41pEtJo1HXWUnJjI3V6NrYuBrxMFO-- From owner-freebsd-jail@freebsd.org Tue Jan 29 08:39:56 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9335414B1279 for ; Tue, 29 Jan 2019 08:39:56 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 08B647281F for ; Tue, 29 Jan 2019 08:39:56 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: by mailman.ysv.freebsd.org (Postfix) id BD3C114B1277; Tue, 29 Jan 2019 08:39:55 +0000 (UTC) Delivered-To: jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9832814B1276; Tue, 29 Jan 2019 08:39:55 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward105o.mail.yandex.net (forward105o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::608]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 032B77281E; Tue, 29 Jan 2019 08:39:54 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback2g.mail.yandex.net (mxback2g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:163]) by forward105o.mail.yandex.net (Yandex) with ESMTP id AEDB24202C6C; Tue, 29 Jan 2019 11:39:50 +0300 (MSK) Received: from smtp3o.mail.yandex.net (smtp3o.mail.yandex.net [2a02:6b8:0:1a2d::27]) by mxback2g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id BmiebkaIit-doxqiNPl; Tue, 29 Jan 2019 11:39:50 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1548751190; bh=brOngTSLmBF52gJnH0CzU2VIkDOOxVNYweLDDiZBC8s=; h=Subject:To:References:From:Message-ID:Date:In-Reply-To; b=pb/sU59u3up5gmty+mHL6rGHSALKtryJG02Ce/4L/qW/m1Lm8Db2XeOX2iL1Uwit9 r94BwYiiUwESkEgFYxvQFNrY0pDDnrmGlgvBcJgZpU8mUx1HeEkROfu/9ufMmUzMVl JzRun9XZIQt1mAT9k1AluwfFNQ4VJplCRgMNxmTw= Received: by smtp3o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id OwHLKgQS2N-dn8Wjd4c; Tue, 29 Jan 2019 11:39:49 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) Subject: Re: icmp (IPv4) issues with VIMAGE JAILs and IPv6 To: "O. Hartmann" , freebsd-current , jail@freebsd.org References: <20190128134356.23a41e81@freyja> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= mQENBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAG0JUFuZHJleSBWLiBFbHN1a292IDxidTdjaGVyQHlhbmRleC5ydT6JATgEEwECACIFAkwB F1kCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAHF6gQQyKF6qmYIAI6ekfm1VA4T vqankI1ISE6ku4jV7UlpIQlEbE7/8n3Zd6teJ+pGOQhN5qk8QE7utdPdbktAzi+x7LIJVzUw 4TywZLXGrkP7VKYkfg6oyCGyzITghefQeJtr2TN4hYCkzPWpylkue8MtmqfZv/6royqwTbN+ +E09FQNvTgRUYJYTeQ1qOsxNRycwvw3dr2rOfuxShbzaHBB1pBIjGrMg8fC5pd65ACH5zuFV A0CoTNGMDrEZSfBkTW604UUHFFXeCoC3dwDZRKOWJ3GmMXns65Ai5YkA63BSHEE1Qle3VBhd cG1w0CB5FBV3pB27UVnf0jEbysrDqW4qN7XMRFSWNAy5AQ0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAYkBHwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: <8a6f74b5-f943-29de-2d65-88cf4e11e147@yandex.ru> Date: Tue, 29 Jan 2019 11:36:37 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: <20190128134356.23a41e81@freyja> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="oG9DwHI96HJVc3EWs1S0m14iP8CAgXKwv" X-Rspamd-Queue-Id: 032B77281E X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.99 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[]; NEURAL_HAM_SHORT(-0.99)[-0.993,0] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jan 2019 08:39:56 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --oG9DwHI96HJVc3EWs1S0m14iP8CAgXKwv Content-Type: multipart/mixed; boundary="qcmeqsMmpMCSAH3DW6KOOmKZg0md7K5Np"; protected-headers="v1" From: "Andrey V. Elsukov" To: "O. Hartmann" , freebsd-current , jail@freebsd.org Message-ID: <8a6f74b5-f943-29de-2d65-88cf4e11e147@yandex.ru> Subject: Re: icmp (IPv4) issues with VIMAGE JAILs and IPv6 References: <20190128134356.23a41e81@freyja> In-Reply-To: <20190128134356.23a41e81@freyja> --qcmeqsMmpMCSAH3DW6KOOmKZg0md7K5Np Content-Type: multipart/mixed; boundary="------------C368D5E9F8DD935C73038EA0" Content-Language: en-US This is a multi-part message in MIME format. --------------C368D5E9F8DD935C73038EA0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 28.01.2019 15:44, O. Hartmann wrote: > Stopping all jails, destroying all epairs and bridge0 doesn't change an= ything. > The problems occured when IPv6 came into play on the specific host in q= uestion. >=20 > Does anyone have any ideas? I'm out of ideas. Hi, I think I found the problem, the bug was introduced in r342908. Can you try attached patch? --=20 WBR, Andrey V. Elsukov --------------C368D5E9F8DD935C73038EA0 Content-Type: text/x-patch; name="ipfw.diff" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="ipfw.diff" Index: sys/netpfil/ipfw/ip_fw2.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- sys/netpfil/ipfw/ip_fw2.c (revision 343395) +++ sys/netpfil/ipfw/ip_fw2.c (working copy) @@ -1410,6 +1410,7 @@ ipfw_chk(struct ip_fw_args *args) =20 dst_ip.s_addr =3D 0; /* make sure it is initialized */ src_ip.s_addr =3D 0; /* make sure it is initialized */ + src_port =3D dst_port =3D 0; pktlen =3D m->m_pkthdr.len; =20 DYN_INFO_INIT(&dyn_info); @@ -1688,7 +1689,6 @@ do { \ args->f_id.dst_ip =3D ntohl(dst_ip.s_addr); } else { proto =3D 0; - src_port =3D dst_port =3D 0; dst_ip.s_addr =3D src_ip.s_addr =3D 0; =20 args->f_id.addr_type =3D 1; /* XXX */ --------------C368D5E9F8DD935C73038EA0-- --qcmeqsMmpMCSAH3DW6KOOmKZg0md7K5Np-- --oG9DwHI96HJVc3EWs1S0m14iP8CAgXKwv Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlxQEJUACgkQAcXqBBDI oXquvQf/Z8T8yVZmpptZCiATU4QdATmEcu/nyd9AywAEfJ36JORdfr/9KNyoVNvP 3v1GqvyfbMG/gvz2YICXFMGMDIlGj95gizx5jdr+mhNsKCEs4AMZntiPuNRKIc/M llkcISOR3Y4wTcRBH9gt/T6YT25pywniPSclCyFFPeBnLhyAJwM9nHvhYL8+oRs1 EyHt8jbakAZ3Hx5yKJSkayyHBCaVS3GcXHCkJElPX5Ob9763DQo5OMMoQ3oIjG8s 0K+1GXpTU2gpWeHlKKcBnSN32IQS0mYWZjkFAmX+G+aOj144eMwrRgf87ZebtYex P32qQIqJXk99LwLxZItRgjpV7npI3A== =jkPm -----END PGP SIGNATURE----- --oG9DwHI96HJVc3EWs1S0m14iP8CAgXKwv-- From owner-freebsd-jail@freebsd.org Thu Jan 31 07:35:34 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CC40C134A60E for ; Thu, 31 Jan 2019 07:35:34 +0000 (UTC) (envelope-from ohartmann@walstatt.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 4D2DE7527D for ; Thu, 31 Jan 2019 07:35:34 +0000 (UTC) (envelope-from ohartmann@walstatt.org) Received: by mailman.ysv.freebsd.org (Postfix) id 0D78C134A60B; Thu, 31 Jan 2019 07:35:34 +0000 (UTC) Delivered-To: jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DA081134A60A; Thu, 31 Jan 2019 07:35:33 +0000 (UTC) (envelope-from ohartmann@walstatt.org) Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D7FA37527C; Thu, 31 Jan 2019 07:35:32 +0000 (UTC) (envelope-from ohartmann@walstatt.org) Received: from freyja ([79.192.175.91]) by mail.gmx.com (mrgmx002 [212.227.17.190]) with ESMTPSA (Nemesis) id 0Lx83d-1hDVP92Upt-016guK; Thu, 31 Jan 2019 08:35:30 +0100 Date: Thu, 31 Jan 2019 08:35:29 +0100 From: "O. Hartmann" To: "Andrey V. Elsukov" Cc: freebsd-current , jail@freebsd.org Subject: Re: icmp (IPv4) issues with VIMAGE JAILs and IPv6 Message-ID: <20190131083524.06555bc3@freyja> In-Reply-To: <8a6f74b5-f943-29de-2d65-88cf4e11e147@yandex.ru> References: <20190128134356.23a41e81@freyja> <8a6f74b5-f943-29de-2d65-88cf4e11e147@yandex.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:0CyjLB6SUv6NjBzfoEXlO2pkVrdcr96tIebXPU809dm5ltrW3za krE3nF1Mj1Y430cHGkmqZP0X6TEtzg47Kby9sWJM7dKgGyggQeu/+TusE6X3ZNLboTdfNvi 7rHmf935iZCckakTbn9wfrb4540cJOmolrTN4o1oHaLvn1cFmGqKk5ih8FM340mEbXipcaI fHKW1fAWqG7GDkMGsEQBw== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:cGnShQrF9Cg=:J1FPwwhBPuY8LySNBwcOwJ GQFkJpaQ+V+emI3GKiHF6sQ5mTpWq2HemwKlZRk1flPT0ZxTGVPF6lCbzy4sQf8Elk0ty08z9 R8PeKbXtsBrNx1CfPalft0elbEIvN5sLlXBxUsBSCwt703d7y/zLpirW8HQ9pumFvbTouqqqW 6SsCwzjn8pbwg8GXwhJRku2/OLGrnY1xAu0Uykzhl+ToPVPRcLcWr469U73tSVu4TGc/x4VKw priGM/9pQkqDVOjF+2poK2u3bg0J471HDl3jq4uTBnVgkaOyNTCTRu+LcnU3hIKdoMy5pZM1w hAaGE2R3t6ReXMT5Vb27WOqOMU1ROqZ+vhZDvyN5YcFmgLPDk5uTUoODsQ9DIjhLtd0fx4GPF wk4bVP57M7KqAyWaR+JftyLZswCVmYuEGtqN9Q75xhvfXI+lx+rTRRVuirOFD0g+37yuDNI5s OqUoBEvBPv7n3QDIvaYA6YIPpwynDyknhNB94M2f24bMYjWpJ6+sfRdkvVZ9xITaf7+KDLZpm HwKV/c2xG7/GywKb//80JjVD624O0T/hjlKqfBzvUGDK4p0Hu2M8n+FjnIqVU3x0YHwiljfcb wwjpEKekRazRdyWfmDeI8q+ZHYYanSS1FZDa0KbNSmjUOsgkCz6K8y6avsoCBTubujr1Q4W2f iVy9NdL9BTwAJcuR6BGEJeqcQZxCEMuXyDUeAzONiGXa+6SAV6xaKARvqCVp8rnwMI1AnQedT SQYl04mGAINWYUbcX7kQ5Q9c9lWNOayAn2zU+tHyGA5maBMWprHJv7OcSmNbWxzvn1Qd4xS2D kIztHp0v/iTciZJ9sXc0K+lQfeh2s4agHUG1FnfJHfvKgvKy/lIJeOvdP9qTCYBrSBd8JbraF Mqq3eK/JpkRUVLJb618LeKB4lLPMYGOx+cEuuJoI3uxF+MMZzqIbBlb5u+y2+e7Hw4uQPZbVR /bTQi+caMCA== X-Rspamd-Queue-Id: D7FA37527C X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [1.69 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; MX_GOOD(-0.01)[cached: mx01.gmx.net]; FREEMAIL_TO(0.00)[yandex.ru]; RECEIVED_SPAMHAUS_PBL(0.00)[91.175.192.79.zen.spamhaus.org : 127.0.0.10]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; IP_SCORE(-0.34)[ip: (-3.07), ipnet: 212.227.0.0/16(-0.73), asn: 8560(2.11), country: DE(-0.01)]; RCVD_IN_DNSWL_LOW(-0.10)[15.15.227.212.list.dnswl.org : 127.0.3.1]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_SPAM_SHORT(0.53)[0.532,0]; NEURAL_HAM_LONG(-0.58)[-0.585,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[walstatt.org]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.79)[0.787,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_NA(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jan 2019 07:35:35 -0000 On Tue, 29 Jan 2019 11:36:37 +0300 "Andrey V. Elsukov" wrote: > On 28.01.2019 15:44, O. Hartmann wrote: > > Stopping all jails, destroying all epairs and bridge0 doesn't change > > anything. The problems occured when IPv6 came into play on the specific > > host in question. > > > > Does anyone have any ideas? I'm out of ideas. > > Hi, > > I think I found the problem, the bug was introduced in r342908. > Can you try attached patch? > Sorry for responding so late. Thank you for digging into this problem - and finally having resolved it! Great. After the patch has been apllied, the system worked as expected. Thanks a lot. Regards, Oliver From owner-freebsd-jail@freebsd.org Thu Jan 31 16:28:59 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0F46D14AF37B for ; Thu, 31 Jan 2019 16:28:59 +0000 (UTC) (envelope-from mwlucas@mail.michaelwlucas.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 6773295E30 for ; Thu, 31 Jan 2019 16:28:58 +0000 (UTC) (envelope-from mwlucas@mail.michaelwlucas.com) Received: by mailman.ysv.freebsd.org (Postfix) id 2269A14AF37A; Thu, 31 Jan 2019 16:28:58 +0000 (UTC) Delivered-To: jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F40AF14AF379 for ; Thu, 31 Jan 2019 16:28:57 +0000 (UTC) (envelope-from mwlucas@mail.michaelwlucas.com) Received: from mail.michaelwlucas.com (mail.michaelwlucas.com [104.236.197.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8540C95E2F for ; Thu, 31 Jan 2019 16:28:57 +0000 (UTC) (envelope-from mwlucas@mail.michaelwlucas.com) Received: from mail.michaelwlucas.com (localhost [127.0.0.1]) by mail.michaelwlucas.com (8.15.2/8.15.2) with ESMTP id x0VGSjQB083628 for ; Thu, 31 Jan 2019 11:28:46 -0500 (EST) (envelope-from mwlucas@mail.michaelwlucas.com) Received: (from mwlucas@localhost) by mail.michaelwlucas.com (8.15.2/8.15.2/Submit) id x0VGSjAh083627 for jail@freebsd.org; Thu, 31 Jan 2019 11:28:45 -0500 (EST) (envelope-from mwlucas) Date: Thu, 31 Jan 2019 11:28:45 -0500 From: "Michael W. Lucas" To: jail@freebsd.org Subject: netstat in a jail, 12 vs 13 Message-ID: <20190131162845.GA83592@mail.michaelwlucas.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.2 (mail.michaelwlucas.com [127.0.0.1]); Thu, 31 Jan 2019 11:28:48 -0500 (EST) X-Rspamd-Queue-Id: 8540C95E2F X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [4.24 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_SHORT(0.53)[0.527,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[jail@freebsd.org]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; MX_GOOD(-0.01)[cached: mail.michaelwlucas.com]; NEURAL_SPAM_LONG(1.00)[0.999,0]; DMARC_NA(0.00)[michaelwlucas.com]; NEURAL_SPAM_MEDIUM(1.00)[0.997,0]; R_SPF_NA(0.00)[]; FORGED_SENDER(0.30)[mwlucas@michaelwlucas.com,mwlucas@mail.michaelwlucas.com]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:14061, ipnet:104.236.192.0/18, country:US]; FROM_NEQ_ENVFROM(0.00)[mwlucas@michaelwlucas.com,mwlucas@mail.michaelwlucas.com]; IP_SCORE(0.53)[asn: 14061(2.72), country: US(-0.07)] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jan 2019 16:28:59 -0000 Hi, I have a jail that I swap between a 12.0 userland and a -current userland, and I'm looking at network diagnosis tools available to the jail in both. -current jail on -current can see its own network. root@loghost:/var/db/pkg # sockstat -4 USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root sendmail 37707 4 tcp4 127.0.0.1:25 *:* root sshd 37704 4 tcp4 *:22 *:* root syslogd 37639 6 udp4 *:514 *:* root@loghost:/var/db/pkg # netstat -na -f inet Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 127.0.0.1.25 *.* LISTEN tcp4 0 0 *.22 *.* LISTEN udp4 0 0 *.514 *.* 12.0 jail on -current host: root@loghost:~ # sockstat -4 sockstat: struct xinpgen size mismatch root@loghost:~ # netstat -na -f inet netstat: kvm not available: /dev/mem: No such file or directory Some tcp sockets may have been deleted. Some udp sockets may have been deleted. Neither jail has /dev/mem or /dev/kmem access--they have the same jail.conf entry, I literally move the userland directory. It appears that -current netstat/sockstat doesn't need /dev/mem? As a workaround in the non-vnet case, I can use the host's netstat to view open sockets on a 12.0 jail. That doesn't work with vnets, though. Questions: -Does netstat in -current no longer need /dev/mem, or is something else going on? -Is there a way for a jail owner in 12.0 and earlier to view sockets on their jail? Thanks, ==ml -- Michael W. Lucas https://mwl.io/ author of: Absolute OpenBSD, SSH Mastery, git commit murder, Immortal Clay, PGP & GPG, Absolute FreeBSD, etc, etc, etc... From owner-freebsd-jail@freebsd.org Thu Jan 31 18:08:51 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 360EA14B21C4 for ; Thu, 31 Jan 2019 18:08:51 +0000 (UTC) (envelope-from christer.edwards@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 8012B6B358 for ; Thu, 31 Jan 2019 18:08:50 +0000 (UTC) (envelope-from christer.edwards@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 3FA2F14B21C3; Thu, 31 Jan 2019 18:08:50 +0000 (UTC) Delivered-To: jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0479114B21C2 for ; Thu, 31 Jan 2019 18:08:50 +0000 (UTC) (envelope-from christer.edwards@gmail.com) Received: from mail-it1-x129.google.com (mail-it1-x129.google.com [IPv6:2607:f8b0:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7BFE76B356 for ; Thu, 31 Jan 2019 18:08:49 +0000 (UTC) (envelope-from christer.edwards@gmail.com) Received: by mail-it1-x129.google.com with SMTP id z7so5087189iti.0 for ; Thu, 31 Jan 2019 10:08:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8YxqCQttFE+v+KKY6Su+lHa9evnwIg0O3Xei/Ko6GUU=; b=uBDDWnCqHDIYU1TOQ1oxnxL1Avt30HPNx79eZ66wUHfTNO+8ScmlPMVaxrve0KibMd TbPyi0Px286N/7iRyFBkOupFSReOLjwb7Mjd4+Lh1ZAo+Hs6is4hEQ+NeJr9nB6SUvMl zdUce2gnRN4FF/ItkkIwPvCyQAqfsjhTpa2/pNS7gLCGhKZH07xTT5jWd//dCHNBTKb+ RBjOv5mhJKX/ZWg2UO45EHbR8MkRkQpiQvp5MOA7v4rc7XLlk0rT06ZxtoqLX1LSa3KZ L1UM8RSywPy2eaaxN5HRbcnTlpUtEtwdFkLRo30e6r9utb85jNRzX32rN1uF9TU0fhQ/ 2+tg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8YxqCQttFE+v+KKY6Su+lHa9evnwIg0O3Xei/Ko6GUU=; b=MljwWvhwwgwKxPJqMUey7u757y05pD7ZSnOfOb2Yo52F6mPQoMMOT5Xd/0J3ILh9pG yExOFeVuVLyMOlOXnmuXF/jfxcAJOhDhS51VRhssBwjNxkJlIRwvcLiY0jG6vicszupT GrFCnD8ODpeQ48MGcp4NHnwCKPIbWQyMn7hlumuSCldMm0GixVe2yqjUL1rXWhhcK0QO JL+XSpWzalibCoH/YhMFmpgkSf/DPNJxqFgNZG5m3G7W3qW6opleUFp9pR32th0yOEgH oLnyar5/sIHx0Fuhzb8VHWxCtgvwnwGNEe5tUQqoHsxA73EnW7yDYVCL5ssTFLvCA9Rw Dumw== X-Gm-Message-State: AJcUukcKy8556kSkPmRo1x1oXhSmYp/yhfb9lKW36CGHhDZj1djnOJJZ Vbf/9AEfVCgmIDDpfkuLCVy0CD+j6SdcdH81I/1qKXpEPWc= X-Google-Smtp-Source: ALg8bN6HcymdMA8l0Buz/qmByjD8LrYBDAiySU77d2qW9ZT5RfHKK8qSPrmcdnumjXSVSp6NZrY4TkdthbLgZI75LOA= X-Received: by 2002:a24:4fcb:: with SMTP id c194mr15663150itb.47.1548958128530; Thu, 31 Jan 2019 10:08:48 -0800 (PST) MIME-Version: 1.0 References: <20190131162845.GA83592@mail.michaelwlucas.com> In-Reply-To: <20190131162845.GA83592@mail.michaelwlucas.com> From: Christer Edwards Date: Thu, 31 Jan 2019 11:08:36 -0700 Message-ID: Subject: Re: netstat in a jail, 12 vs 13 To: "Michael W. Lucas" Cc: jail@freebsd.org X-Rspamd-Queue-Id: 7BFE76B356 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.97 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.97)[-0.970,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[]; TAGGED_FROM(0.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jan 2019 18:08:51 -0000 On Thu, Jan 31, 2019 at 9:29 AM Michael W. Lucas wrote: > > 12.0 jail on -current host: > > root@loghost:~ # sockstat -4 > sockstat: struct xinpgen size mismatch > root@loghost:~ # netstat -na -f inet > netstat: kvm not available: /dev/mem: No such file or directory > Some tcp sockets may have been deleted. > Some udp sockets may have been deleted. I have seen this happen anytime I have run a jail where the version does not exactly match the host. sockstat always fails with 'sockstat: struct xinpgen size mismatch' Very interested in a solution / patch / workaround myself. Christer From owner-freebsd-jail@freebsd.org Thu Jan 31 21:37:26 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E06BF14B8662 for ; Thu, 31 Jan 2019 21:37:25 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 4F91D72BF2 for ; Thu, 31 Jan 2019 21:37:25 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 0CAC914B8661; Thu, 31 Jan 2019 21:37:25 +0000 (UTC) Delivered-To: jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DCA0114B865F for ; Thu, 31 Jan 2019 21:37:24 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 08CED72BF1 for ; Thu, 31 Jan 2019 21:37:24 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: by mail-qt1-x834.google.com with SMTP id i7so5180546qtj.10 for ; Thu, 31 Jan 2019 13:37:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=9fBSgEqdTYHesYGTuu/rRrMC+holxyPN9jogHyamUCI=; b=XOyPWoa3NxjvtxsGBqBN75leU3r59A4dq/mB/c48MeEK3fuuBLCSq6r8vy9+83wUF8 YTIZjLktJZLWj2ipUr/wA1oxSSQtZLmYh8x1ZNtt4WJaWOdNm7dnWf1TJNXzbnoy7pKi yZ7Rz0kS0HGr1bDO0b4k9pyTGkZdvsecXieUyr6PNfx/CTsqDjl6922JgMuoZEvI5uA5 o0pxiDqUPSfYvU+tx2vf4g/2/Rk06m4/bD9cGQXGgXBwCtqqUdHvyNdv3hu+b2A5uEpP uJ2TkMphJub2thlxvQWPX/70Tnyvvf8rTGfMuLsdJhMSR/BeMPAEeeFqX0+4Yy4EckmT mWOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=9fBSgEqdTYHesYGTuu/rRrMC+holxyPN9jogHyamUCI=; b=K8kx7REUQ4V7rGC3VpnHLS9E7x1P7Vs37P3O8OxqQdOET+WgnyL39+8K4uGANATosb 5sJhQxctczukSYcGrUzxLYmM3PZlQABYC7HoOaMeqhS0cVy2o9zrGlgMRNnm1U8iV/x4 lFSBZmTRfSPaSrWLDDrE11iHnnjSDy/I3AXC8GRBsz6LLZA1cFWFYKc49g5wTJT+f/xC i+Vo7pg5Z1lLHGMfYU+9yMZnfGMMLc8dvEyxwC9lmRxeJDC3xFknT6fiJHCEeOkV37ng k3H3E3bY9/o9nWWqT6bgdvEB+s7iH183bmCErhoJfkYAd2fKSzvpzQtEdr/udoZ2omdJ h8WA== X-Gm-Message-State: AJcUukfAg21Jc41OHZUt03OSCr+GB66xZPVxbBQtLUP1KPXojPHKvSSq hz27+uBUJmhYyFRq6C9awfNw5sU/tTNGofGGZNQ= X-Google-Smtp-Source: ALg8bN6STgnnoakZ5QqYN93vCIzkJnGyvOhR1GUFHa2DvRWZ4EVSsutx6rN+BijHcbf/0JqFFo1vGvzFVbZgf9HmCwM= X-Received: by 2002:a0c:c60b:: with SMTP id v11mr33905215qvi.198.1548970643440; Thu, 31 Jan 2019 13:37:23 -0800 (PST) MIME-Version: 1.0 From: Sami Halabi Date: Thu, 31 Jan 2019 23:37:11 +0200 Message-ID: Subject: 9 netstat in a jail, 12 vs 13 To: Christer Edwards Cc: "Michael W. Lucas" , jail@freebsd.org X-Rspamd-Queue-Id: 08CED72BF1 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=XOyPWoa3; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of sodynet1@gmail.com designates 2607:f8b0:4864:20::834 as permitted sender) smtp.mailfrom=sodynet1@gmail.com X-Spamd-Result: default: False [-6.41 / 15.00]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_SHORT(-0.95)[-0.951,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[jail@freebsd.org]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[4.3.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(-2.45)[ip: (-7.64), ipnet: 2607:f8b0::/32(-2.56), asn: 15169(-1.97), country: US(-0.07)]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jan 2019 21:37:26 -0000 Compile static binary of netstat and copy it to the jail may solve your problem. Sami =D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A =D7=99=D7=95=D7=9D =D7=94=D7=B3, 31 = =D7=91=D7=99=D7=A0=D7=95=D7=B3 2019, 20:09, =D7=9E=D7=90=D7=AA Christer Edw= ards < christer.edwards@gmail.com>: > On Thu, Jan 31, 2019 at 9:29 AM Michael W. Lucas < > mwlucas@michaelwlucas.com> > wrote: > > > > > 12.0 jail on -current host: > > > > root@loghost:~ # sockstat -4 > > sockstat: struct xinpgen size mismatch > > root@loghost:~ # netstat -na -f inet > > netstat: kvm not available: /dev/mem: No such file or directory > > Some tcp sockets may have been deleted. > > Some udp sockets may have been deleted. > > > I have seen this happen anytime I have run a jail where the version does > not exactly match the host. sockstat always fails with 'sockstat: struct > xinpgen size mismatch' > > Very interested in a solution / patch / workaround myself. > > Christer > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" >