Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 6 Oct 2009 20:57:13 -0400
From:      "remodeler" <remodeler@alentogroup.org>
To:        freebsd-virtualization@freebsd.org
Subject:   can't find routing entry for network routes 
Message-ID:  <20091007002615.M76095@alentogroup.org>

next in thread | raw e-mail | index | archive | help
I am having the same problem as Nikos I am trying to implement a vnet-enabled
service jail on FreeBSD 8.0 HEAD. I have thoroughly studied the "Network stack
virtualization" document written by Marko. I received troubleshooting help
over several days last from Julian Elischer when I raised the issue in this
thread on the freebsd-net list. I am running a GENERIC kernel on amd64, with
the additional options vimage, netgraph, ng_ether, and ng_eiface.

I successfully applied the patch Bjoern provided:

http://people.freebsd.org/~bz/20090901-10-vimage-jailed_no_vnet.diff

I tested with this patch, and also the lines in the other patch Bjoern
provided that are not in HEAD:

http://people.freebsd.org/~bz/20090906-01-V_llatbl.diff

i.e., 
+#include <sys/jail.h>
+	CURVNET_RESTORE();
+	CURVNET_SET_QUIET(TD_TO_VNET(curthread));

+vnet_lltable_init(const void *unused __unused)
+{
+
+	/* Manually do what SLIST_HEAD_INITIALIZER would do. */
+	V_lltables.slh_first = NULL;
+}
+
+VNET_SYSINIT(vnet_lltable_init, SI_SUB_PSEUDO, SI_ORDER_ANY, vnet_lltable_init,
+    NULL);

Trying to apply a ruleset after mounting devfs in a jail, I get:

devfs -m /jail/j/ns/dev rule -s 8 applyset
devfs rule: ioctl DEVFSIO_SAPPLY: No such process

Attempting to apply a default route to the ngeth0 interface bound to the jail,
I get:

route: writing to routing socket: Network is unreachable                        
add net default: gateway 00:23:54:08:2b:f7: Network is unreachable

netstat -r gives:
                               
netstat: kvm not available: /dev/mem: Permission denied
Routing tables                                         
rt_tables: symbol not in namelist

I have /dev/mem mounted in the jail. I've seen reference to mem not being
accessible in the jail, in some of the discussions on running x-server in the
jail. Julian mentioned that it looked like I need to make /dev/mem accessible
in the jail. I do not know how to do that; it also seems that if I had a
routing socket, I could live without reading memory for netstat output. I
understand each jail has its own FIB. I thought jails opened a routing socket
during their creation by default.

I need to add a default route to use the jail:

vimage ns route add default -link 00:0a:0b:0c:2b:f7

But no combination I've tried succeeds. Any help appreciated :->



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091007002615.M76095>