From owner-freebsd-jail@freebsd.org Tue Jan 26 17:53:49 2021 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6D12A4F9BF9 for ; Tue, 26 Jan 2021 17:53:49 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DQDqv2bp9z3NgZ for ; Tue, 26 Jan 2021 17:53:45 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-qk1-x734.google.com with SMTP id a7so9907519qkb.13 for ; Tue, 26 Jan 2021 09:53:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=+/oAIYnpkNHlg8zmovk1lJZPJSpD5nflQqzNfBNmsLI=; b=ItKGbmWM+KugeC39Z7GmUCElfN5KDsCuV1QFx6hFgZCBzusBkmKlK3n1m6CDJcO1N5 UyPpeBor9Ym73QTT1atWrZiBgTTJHK4C+QycrbbhL0Qhy1VopTc9/W/iQV+LtqCxDp3a O2vGiEAx+Ewu8BVQsnDh2mbgk6EnUvROL1W3pQL3SFsRaNBVRPZS8+VyO5LS1Wga1hlw 4G8Nf1NTuI8say/N9X2rohx0RJyY5mqBVHBCIqLL/gzzgXMZjMpCBLA6k7v1GV6tYQI8 xR1HstTSBXJuqxMR1341YqdEltIlUH6Gklxz26Uhfp7bgTnbt06GZncMDxijUf0VJkuI Tv2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=+/oAIYnpkNHlg8zmovk1lJZPJSpD5nflQqzNfBNmsLI=; b=DEteCAYAXBkOSgGg8jf5HRiwyfu6QbBSzaDOoJdZzkoYE643EZ6sFfDNUqp/wXXCtm SVWTf0kYu+O0tQ/1vACwSRJ2mO2dwoDQIa7yj4Nz9q9Pvw/2ZPbzJaVgp9Cpk7qsJBCO u7JW4988Hbtk+ObhL/Tyru2OP5sg+aGWvT3dY4aCNg4AI+v/cKijHdNmYNh96blg5Yas K53XfBdq5qoZQ2rVOMCqQbq84kTcsd+MDByS62BCCHibHH1xBq6yR/YGPWnDrH6eNTHC MpKF0JKQHnAZUhfHOuXKolK2XjOKE8N/+RPbHiuri5YBLUgbqvQ2WagFCV/E2JAMDVAW jF1Q== X-Gm-Message-State: AOAM533PY06S7AoYR9s4hZhX8FXXHWU+VvjU5e17m0P4J2ybFoCE8OQ8 PgkxiD7CGu7HiFTk3zZdZj024C8Obzo= X-Google-Smtp-Source: ABdhPJwi6OS0GQIDPdaojvR5oF+MhsRiI0bUUQluXoN8ZPGguR23hoB5cGU+x0xj5MCSTP/r4YqRVA== X-Received: by 2002:a37:4f44:: with SMTP id d65mr6802744qkb.165.1611683622631; Tue, 26 Jan 2021 09:53:42 -0800 (PST) Received: from [10.0.10.8] (cpe-65-25-51-0.neo.res.rr.com. [65.25.51.0]) by smtp.googlemail.com with ESMTPSA id c49sm14542137qta.89.2021.01.26.09.53.40 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 26 Jan 2021 09:53:41 -0800 (PST) Message-ID: <60105725.3010703@gmail.com> Date: Tue, 26 Jan 2021 12:53:41 -0500 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: petru garstea CC: freebsd-jail@freebsd.org Subject: Re: Jails - vnet- netgraph References: <5eebbbcf-9912-d980-21e3-c5628005421b@ambient-md.com> In-Reply-To: <5eebbbcf-9912-d980-21e3-c5628005421b@ambient-md.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4DQDqv2bp9z3NgZ X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=ItKGbmWM; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of luzar722@gmail.com designates 2607:f8b0:4864:20::734 as permitted sender) smtp.mailfrom=luzar722@gmail.com X-Spamd-Result: default: False [1.96 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RECEIVED_SPAMHAUS_PBL(0.00)[65.25.51.0:received]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MID_RHS_MATCH_FROM(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::734:from]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; NEURAL_SPAM_SHORT(0.96)[0.961]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::734:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FORGED_MUA_THUNDERBIRD_MSGID(4.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::734:from]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-jail] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jan 2021 17:53:50 -0000 petru garstea wrote: > Greetings FreeBSD community, > > > Â Â Â OS: FreeBSD sun 12.2-RELEASE-p1 FreeBSD 12.2-RELEASE-p1 GENERICÂ > amd64 > > > I am trying to build a netgraph vnet jail with support of official jng > script that comes with FreeBSD and developed by Devin Teske. > > jail.conf file > > netgraph { > Â devfs_ruleset = 13; > Â enforce_statfs = 2; > Â exec.clean; > Â exec.consolelog = /var/log/bastille/netgraph_console.log; > Â exec.start = '/bin/sh /etc/rc'; > Â exec.stop = '/bin/sh /etc/rc.shutdown'; > Â host.hostname = netgraph; > Â mount.devfs; > Â mount.fstab = /usr/local/bastille/jails/netgraph/fstab; > Â path = /usr/local/bastille/jails/netgraph/root; > Â securelevel = 2; > > Â vnet; > Â vnet.interface = e0b_bastille0; > # exec.prestart += "jib addm bastille0 re0"; > # exec.poststop += "jib destroy bastille0"; > Â exec.prestart += "jng bridge netgraph re0"; > Â exec.poststop += "jng shutdown netgraph" ; > } > > When I start the jail, netgraph subsystem raise the following exception > > ngctl: send msg: No such file or directory > jail: netgraph: jng bridge netgraph re0: failed > > I tried also to create the netgraph bridge with not using jng script > > ngctl mkpeer re0: bridge lower link0 > ngctl: send msg: No such file or directory > > From what I found it looks it used to work on FreeBSD 11.x and stopped > working in version 12. > > Any thoughts ? > > Please advise > > > Cheers, > > Petru Garstea > Don't see any reply so I will try to help you. If I remember correctly the jib and jng was added as documentation back around freebsd 10.00. I have tried to get it to work 10+, 11+ ,12+ with no joy. There is something missing but can not tell what it is. The jail environment has gone through many changes over time so no wonder jib/jng don't work now. Netgraph is a complete subsystem for network configuration that has it's own syntax and commands. The learning curve is pretty great. There is a outstanding bug and Devin Teske & (she) has taken up the bug. Hopping 13 holds the bug fix.