From owner-freebsd-virtualization@FreeBSD.ORG Wed Oct 7 01:15:02 2009 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 969B3106568B for ; Wed, 7 Oct 2009 01:15:02 +0000 (UTC) (envelope-from remodeler@alentogroup.org) Received: from courriel.marmotmail.com (courriel.marmotmail.com [85.17.36.172]) by mx1.freebsd.org (Postfix) with ESMTP id 584888FC17 for ; Wed, 7 Oct 2009 01:15:02 +0000 (UTC) Received: from bruce.epifora.com (localhost.local [127.0.0.1]) by courriel.marmotmail.com (Postfix) with ESMTP id A8B34239670 for ; Wed, 7 Oct 2009 03:59:23 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id 6D0534761F9 for ; Tue, 6 Oct 2009 20:57:15 -0400 (EDT) Received: from bruce.epifora.com ([127.0.0.1]) by localhost (bruce.epifora.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18448-08 for ; Tue, 6 Oct 2009 20:57:13 -0400 (EDT) Received: from alentogroup.org (localhost [127.0.0.1]) by bruce.epifora.com (Postfix) with ESMTP id 878974761F8 for ; Tue, 6 Oct 2009 20:57:13 -0400 (EDT) From: "remodeler" To: freebsd-virtualization@freebsd.org Date: Tue, 6 Oct 2009 20:57:13 -0400 Message-Id: <20091007002615.M76095@alentogroup.org> X-OriginatingIP: 127.0.0.1 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Subject: can't find routing entry for network routes X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2009 01:15:02 -0000 I am having the same problem as Nikos I am trying to implement a vnet-enabled service jail on FreeBSD 8.0 HEAD. I have thoroughly studied the "Network stack virtualization" document written by Marko. I received troubleshooting help over several days last from Julian Elischer when I raised the issue in this thread on the freebsd-net list. I am running a GENERIC kernel on amd64, with the additional options vimage, netgraph, ng_ether, and ng_eiface. I successfully applied the patch Bjoern provided: http://people.freebsd.org/~bz/20090901-10-vimage-jailed_no_vnet.diff I tested with this patch, and also the lines in the other patch Bjoern provided that are not in HEAD: http://people.freebsd.org/~bz/20090906-01-V_llatbl.diff i.e., +#include + CURVNET_RESTORE(); + CURVNET_SET_QUIET(TD_TO_VNET(curthread)); +vnet_lltable_init(const void *unused __unused) +{ + + /* Manually do what SLIST_HEAD_INITIALIZER would do. */ + V_lltables.slh_first = NULL; +} + +VNET_SYSINIT(vnet_lltable_init, SI_SUB_PSEUDO, SI_ORDER_ANY, vnet_lltable_init, + NULL); Trying to apply a ruleset after mounting devfs in a jail, I get: devfs -m /jail/j/ns/dev rule -s 8 applyset devfs rule: ioctl DEVFSIO_SAPPLY: No such process Attempting to apply a default route to the ngeth0 interface bound to the jail, I get: route: writing to routing socket: Network is unreachable add net default: gateway 00:23:54:08:2b:f7: Network is unreachable netstat -r gives: netstat: kvm not available: /dev/mem: Permission denied Routing tables rt_tables: symbol not in namelist I have /dev/mem mounted in the jail. I've seen reference to mem not being accessible in the jail, in some of the discussions on running x-server in the jail. Julian mentioned that it looked like I need to make /dev/mem accessible in the jail. I do not know how to do that; it also seems that if I had a routing socket, I could live without reading memory for netstat output. I understand each jail has its own FIB. I thought jails opened a routing socket during their creation by default. I need to add a default route to use the jail: vimage ns route add default -link 00:0a:0b:0c:2b:f7 But no combination I've tried succeeds. Any help appreciated :->