From owner-freebsd-jail@freebsd.org  Fri Jun 12 17:48:58 2020
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 185E9340C4E
 for <freebsd-jail@mailman.nyi.freebsd.org>;
 Fri, 12 Jun 2020 17:48:58 +0000 (UTC)
 (envelope-from dave.mehler@gmail.com)
Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com
 [IPv6:2607:f8b0:4864:20::d2a])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 49k7WY0g4jz3Z58;
 Fri, 12 Jun 2020 17:48:56 +0000 (UTC)
 (envelope-from dave.mehler@gmail.com)
Received: by mail-io1-xd2a.google.com with SMTP id t9so11116252ioj.13;
 Fri, 12 Jun 2020 10:48:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=QjN/z5rYQ2n3xeYhG9RyZ3loSWkNnvzwoLu9r0r4h8k=;
 b=hQMfCz1d7dJ4ANdoiVfd8N1D+jJT50sveC20O0EhqRmX0B+NQObqS82wYCsOOUim02
 2OWRligad2DxeBJ26XVsVAeEn9mZCmMGVHIzcBNzlRdGvjF+Eq/7bVkGuXhKVUYZYLqR
 BrHgPA+ZuEdGuhIAmIO9E6qSq5WFwIfznTGL6+XrnmVRe6YPbgSwBSsMsRwOf0wAFn8d
 nXPhMpxhTXImt3tLLlYzTXMzKVVoRmiFtcHhTY2RH1ehHv5Dl+GVdCVI4JUbo+iGrdgV
 ChRFPyeEEQrv4s08CDBJ7sypNn85zfVidJ3qyxNykxX9cMIK4XehIRjv7J5aWi+QCAb4
 Zxmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=QjN/z5rYQ2n3xeYhG9RyZ3loSWkNnvzwoLu9r0r4h8k=;
 b=TVRNcYUh35/l2Q7v+pad3K+xKhGZ4o50FQRJQWeK0DYcSuKxPl8KlSQz5AQKtNaSpg
 z/SwIbX2Fo3Xy9UT9gpzgQ+M5NBlbPDsknUGGdCoolYsLtuRhEbEQ+Pfj+cajSn8ekiS
 fIahXLn0/LeUU60fO6ghNA3Hdndj8yUg57DqMyrCsedOXBr9d84akn0tvVqnu1lYUd6w
 +8EjenpO4GPXThNlS+dan+WxdxeYfPUoJgUb3SvOBWWtmAoao5dqBkde6EldXQPVy8hZ
 s2mLTqvQ6ex/baEb4ZjzM6ONO2kknV6E0r4mX+59dSBgi4GRf2YV9BhfzeOC9f9lcw6r
 l+RQ==
X-Gm-Message-State: AOAM5324UVOAo+zSaqe/hJBTxCKgIUPD1r1p2qlFYfnqciRBsxFREKcA
 jXGZcJE0dHViHweeldfvDZa3YWAFGdFBB+uwb/GK1Bme
X-Google-Smtp-Source: ABdhPJxUF10gOEG3mnZ8fhsvBP2PrNftaSuhWU7Z3FNZ6sdwMBqLa+O6Xleb7BY6qyBPSksb7kr4Si7DSDwLLEDmNoU=
X-Received: by 2002:a05:6602:2055:: with SMTP id
 z21mr14966303iod.60.1591984135746; 
 Fri, 12 Jun 2020 10:48:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:6cf:0:0:0:0:0 with HTTP;
 Fri, 12 Jun 2020 10:48:55 -0700 (PDT)
In-Reply-To: <20200609182546.6693d2e3.ole@free.de>
References: <CAPORhP57h6yoDZF+3h2kLApN-hLmedPfX819LJW8Ec2A7DNW_A@mail.gmail.com>
 <20200609182546.6693d2e3.ole@free.de>
From: David Mehler <dave.mehler@gmail.com>
Date: Fri, 12 Jun 2020 13:48:55 -0400
Message-ID: <CAPORhP5UPZLOoGAP9ixrfKrMnYXr03iWzv0sqcDy8ZYd+9BPVQ@mail.gmail.com>
Subject: Re: vnet jail shutdown crashes system
To: Ole <ole@free.de>
Cc: Kyle Evans <kevans@freebsd.org>, freebsd-jail@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: 49k7WY0g4jz3Z58
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=hQMfCz1d;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of davemehler@gmail.com designates
 2607:f8b0:4864:20::d2a as permitted sender)
 smtp.mailfrom=davemehler@gmail.com
X-Spamd-Result: default: False [-3.64 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-0.99)[-0.994];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[3];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c];
 FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain];
 DWL_DNSWL_NONE(0.00)[gmail.com:dkim];
 NEURAL_HAM_LONG(-1.02)[-1.018]; TO_DN_SOME(0.00)[];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::d2a:from];
 NEURAL_HAM_SHORT(-0.63)[-0.632]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 TAGGED_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[];
 RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jun 2020 17:48:58 -0000

Hello,

Thanks to everyone who offered suggestions on my vnet jail. I'm
passing this on, a friend of mine sent me his configuration, which he
modified from mine, it does not crash on vnet jail shutdown and takes
down the interfaces both epair0a and epair0b. My rc.conf in the
original post is unchanged. Here's the revised and working
/etc/jail.conf:

#cat jail.conf
exec.clean;
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
mount.devfs;
allow.raw_sockets;
        #exec.system_user = "root";
        #exec.jail_user = "root";
vnet;

jail1 {
    host.hostname = jail1.lan;
    path = "/jails/jail1";
    devfs_ruleset = "4";
        mount.devfs;
        vnet = "new";
    vnet.interface = "epair0b";
    exec.prestart = "ifconfig epair0 create up";
    exec.prestart += "ifconfig bridge0 addm epair0a";
        exec.start  = "/bin/sh /etc/rc";
        exec.start += "ifconfig epair0b inet 192.168.122.50 netmask
255.255.255.0";
        exec.start += "route add default 192.168.122.1";
        exec.stop   = "/bin/sh /etc/rc.shutdown";
    exec.poststop = "ifconfig bridge0 deletem epair0a";
    exec.poststop += "ifconfig epair0a destroy";
        exec.consolelog = "/var/log/jail_jail1_console.log";
}


I have no idea why this works but it is here I'm passing it on hoping
it helps others with vnet and/or track down the epair teardown issue.

Thanks and HTH
Dave.


On 6/9/20, Ole <ole@free.de> wrote:
> Hello Dave,
>
> I had the same problem. I found out, that the system will crash, if I do
> the 'ifconfig epair0a destroy' direct after the 'jail  -r'.
>
> My solution is to sleep 2 seconds after the 'jail  -r' command.
>
> Maybe a little bit dirty.
>
> Ole
>
>
>
> Sun, 7 Jun 2020 21:59:03 -0400 - David Mehler <dave.mehler@gmail.com>:
>
>> Hello,
>>
>> I've finally created a vnet jail on FreeBSD 12.1 that will get out to
>> the internet. Whenever I atempt to shut it down the system crashes, I
>> have no idea why.
>>
>> I found an example and adapted and pounded on it until I got it
>> working. Here's my configuration. On the host:
>>
>> /etc/rc.conf fragment:
>> cloned_interfaces="bridge0"
>> ifconfig_bridge0="inet 192.168.122.1/24 addm vtnet0 up"
>>
>> #cat /etc/jail.conf
>> exec.clean;
>> exec.start = "/bin/sh /etc/rc";
>> exec.stop = "/bin/sh /etc/rc.shutdown";
>> mount.devfs;
>> allow.raw_sockets;
>>         exec.system_user = "root";
>>         exec.jail_user = "root";
>> vnet;
>>
>> jail1 {
>>     host.hostname = jail1.lan;
>>     path = "/jails/jail1";
>>     devfs_ruleset = "5";
>>     vnet.interface = "epair0b";
>>     exec.prestart = "ifconfig epair0 create up";
>>     exec.prestart += "ifconfig bridge0 addm epair0a";
>>     exec.poststop = "ifconfig bridge0 deletem epair0a";
>>     exec.poststop += "ifconfig epair0a destroy";
>>         exec.consolelog = "/var/log/jail_jail1_console.log";
>> }
>>
>> ifconfig fragment:
>> bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0
>> mtu 1500 ether 02:e7:79:f2:c4:00
>>         inet 192.168.122.1 netmask 0xffffff00 broadcast
>> 192.168.122.255 id 00:00:00:00:00:00 priority 32768 hellotime 2
>> fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
>>         root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
>>         member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>>                 ifmaxaddr 0 port 4 priority 128 path cost 2000
>>         member: vtnet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>>                 ifmaxaddr 0 port 1 priority 128 path cost 2000
>>         groups: bridge
>>         nd6 options=9<PERFORMNUD,IFDISABLED>
>> epair0a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
>> metric 0 mtu 1500
>>         options=8<VLAN_MTU>
>>         ether 02:ad:9b:f9:5e:0a
>>         inet6 fe80::ad:9bff:fef9:5e0a%epair0a prefixlen 64 scopeid 0x4
>>         groups: epair
>>         media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
>>         status: active
>>         nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
>>
>> In the vnet jail:
>> # cat /etc/rc.conf
>> hostname="jail1.lan"
>> ifconfig_epair0b="inet 192.168.122.50 netmask 255.255.255.0"
>> defaultrouter="192.168.122.1"
>>
>> I wish I knew why stopping this jail takes the whole system down,
>> suggestions welcome.
>> Thanks.
>> Dave.
>> _______________________________________________
>> freebsd-jail@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
>> To unsubscribe, send any mail to
>> "freebsd-jail-unsubscribe@freebsd.org"
>