Date: Fri, 01 Jan 2021 18:02:33 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 252334] Regression for running jails with fibs Message-ID: <bug-252334-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D252334 Bug ID: 252334 Summary: Regression for running jails with fibs Product: Base System Version: CURRENT Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: misc Assignee: bugs@FreeBSD.org Reporter: freebsd@fizz.buzz I've noticed that there appears to be a regression in FreeBSD 13 when tryin= g to run a jail with a fib. I've created a minimal example script: https://gist.github.com/tomalexander/3ecde8933e482794ef808a37047b07a0 If you take that script and run it in a FreeBSD virtual machine with a clean install of FreeBSD with git installed then it will update itself to a revis= ion you specify at the top of the script and build a jail using the same revisi= on. I strongly advise everyone to only run the script inside a VM because it wi= ll overwrite system config files. This process will involve multiple reboots, but the script installs itself = as a service to auto-launch itself on reboots so it should fully set itself up without intervention. Regardless, the script is quite small and readable so= you should be able to follow the steps manually if you'd like (explanation at bottom of email). If you set REVISION=3D"stable/12" at the top of the script then after it go= es through its full setup you can run "service jail onestart test" and you can read /var/log/jail.log and see that no errors related to the fib are printe= d. The jail itself won't have network connectivity because this setup is missi= ng other pieces like a firewall to do NAT since I wanted to cut this down to a minimal example. If instead you set REVISION=3D"main" at the top of the script then if you h= ad KERNCONF=3D"GENERIC" at the top of the script you will get dropped into a debugger upon running "service jail onestart test": https://user-images.githubusercontent.com/458272/103318144-75636800-49fb-11= eb-92f8-66351c65ca7d.png . If instead you set KERNCONF=3D"GENERIC-NODEBUG" then you can read /var/log/jail.log and see messages that say "route: fiboptlist_csv failed." Through some printf debugging, I have found that in FreeBSD 12 the numfibs = in route.c inside the jail is 2 but in FreeBSD 13 the numfibs in route.c inside the jail is 1. Thats as far as my debugging has reached so far. I've attemp= ted to git bisect my way there, but I've been unsuccessful (hitting a lot of revision that fail to build between stable/12 and main) Finally, a quick overview of what the script does for people who want to recreate this on their own. I'll leave out the minutia of the script inject= ing itself as a service and cleaning itself up: 1. Creates devfs rule for vnet 2. sets net.fibs=3D2 in the host /boot/loader.conf 3. sets net.add_addr_allfibs=3D1 in the host /etc/sysctl.conf 4. sets up a jail.conf using the example from /usr/share/examples/jails for if_bridge but set the fib for the jail to 1 5. Checks out the revision of freebsd specified in the script. Builds and installs that version to the host. 6. Also install that built version to /jail to be used as a jail 7. Configure the jail's rc.conf to use a static local ip address --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-252334-227>