Date: Sat, 27 Aug 2016 19:26:34 -0400 From: Ernie Luzar <luzar722@gmail.com> To: Roger Leigh <rleigh@codelibre.net> Cc: freebsd-jail@freebsd.org Subject: Re: Jails and IPv6 local loopback Message-ID: <57C221AA.3070404@gmail.com> In-Reply-To: <ca059207-cc79-dd22-e3a6-767758557391@codelibre.net> References: <bd642bc0-32f4-4589-28b5-e9d3d6c4953b@codelibre.net> <efa9c4b5-d586-cd4e-d9c3-8132c67da3ec@codelibre.net> <57C20EA8.3030906@gmail.com> <ca059207-cc79-dd22-e3a6-767758557391@codelibre.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Roger Leigh wrote: > On 27/08/16 23:05, Ernie Luzar wrote: >> Roger Leigh wrote: >>> On 27/08/16 17:22, Roger Leigh wrote: >>>> Hi list, >>>> >>>> I saw >>>> https://lists.freebsd.org/pipermail/freebsd-jail/2011-March/001500.html >>>> in the archives but didn't see anything more recent. >>>> >>>> This is with 10.3-RELEASE >>> [...] >>> >>> And after upgrade to 11.0-RC2: >>> >>> bfcpp% ifconfig >>> bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu >>> 1500 >>> >>> options=c019b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE> >>> >>> >>> ether 38:ea:a7:ab:61:53 >>> inet 192.168.1.12 netmask 0xffffffff broadcast 192.168.1.12 >>> inet6 2001:8b0:860:ddbd:3aea:a7ff:feab:7002 prefixlen 128 vhid 3 >>> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> >>> media: Ethernet autoselect (1000baseT <full-duplex>) >>> status: active >>> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 >>> options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> >>> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> >>> bfcpp% ping -c1 localhost >>> PING localhost (127.0.0.1): 56 data bytes >>> 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.061 ms >>> >>> --- localhost ping statistics --- >>> 1 packets transmitted, 1 packets received, 0.0% packet loss >>> round-trip min/avg/max/stddev = 0.061/0.061/0.061/0.000 ms >>> bfcpp% ping6 -c1 localhost >>> PING6(56=40+8+8 bytes) 2001:8b0:860:ddbd:3aea:a7ff:feab:7002 --> ::1 >>> ping6: sendmsg: Can't assign requested address >>> ping6: wrote localhost 16 chars, ret=-1 >>> >>> --- localhost ping6 statistics --- >>> 1 packets transmitted, 0 packets received, 100.0% packet loss >>> >>>> As you can see, inside the jail I have a working IPv4 loopback, but not >>>> a working IPv6 loopback. Both work correctly on the host system. This >>>> is inconsistent, and it's breaking stuff which needs the v6 loopback to >>>> be functional. >>>> >>>> Is this a case of a bad default, a misconfiguration or a bug in the >>>> loopback support for jails? >>> >>> Note that 11.0-RC2 shows exactly the same behaviour. > >> You are not seeing what you think you are seeing. jail(8) is mapping the >> loopback interface over the jails assigned ipv4 ip address. It only >> seems reasonable that its doing the same thing with the ipv6 ip address. >> >> Check out this PR for more details >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210049 > > Sorry, I read that, but I'm not sure I understand. At least, I don't > understand why a discrepancy between v4 and v6 would be expected or > reasonable irrespective of any bugs. > > In my case, I haven't set anything related to the loopback interface lo0 > for the jail. The host has working v4 and v6 loopback addresses. The > guest has only working v4. Why not for v6? > > interface = "bge0"; > ip4.addr = "192.168.1.12"; > ip6.addr = "2001:8b0:860:ddbd:3aea:a7ff:feab:7002"; > allow.raw_sockets = "1"; > > is the extent of the configuration. I specify both v4 and v6 addresses > on bge0. I don't specify anything loopback-related, so why is it > mapping v4 and not v6? The discrepancy seems a little odd. > > Is there a solution to the problem at present? What would the > recommended configuration in jail.conf be for obtaining working v4 and > v6 addresses on the loopback interface inside the jail? > Previously you posted this as your jail.conf bfcpp { host.hostname = "bfcpp.codelibre.net"; interface = "bge0"; ip4.addr = "192.168.1.12"; ip6.addr = "2001:8b0:860:ddbd:3aea:a7ff:feab:7002"; allow.raw_sockets = "1"; path = "/jail/bfcpp"; mount.devfs; mount.fdescfs; mount.procfs; mount.fstab="/etc/fstab.bfcpp"; exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.clean; exec.jail_user = "root"; exec.system_jail_user; } I see no reason for these mount.fdescfs; mount.procfs; exec.clean; exec.jail_user = "root"; exec.system_jail_user; not the cause of your problem, just not needed. Your assuming that ping6 is broken just because its having a problem with localhost. Try ping6 against some other box on the lan using it's ipv6 ip address. You need to define the hosts ipv6 ip address to localhost in the hosts /etc/hosts file. You may also have to define the jails ipv6 ip address to localhost in the jails /etc/hosts file.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?57C221AA.3070404>