From owner-freebsd-jail@freebsd.org Wed Oct 9 11:43:04 2019 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C66AA14963E for ; Wed, 9 Oct 2019 11:43:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 46pC5N4rs9z4Jch for ; Wed, 9 Oct 2019 11:43:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id A672E14963D; Wed, 9 Oct 2019 11:43:04 +0000 (UTC) Delivered-To: jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A632514963C for ; Wed, 9 Oct 2019 11:43:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46pC5N3xLnz4Jcg for ; Wed, 9 Oct 2019 11:43:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6BBE2FFE7 for ; Wed, 9 Oct 2019 11:43:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id x99Bh4iK091770 for ; Wed, 9 Oct 2019 11:43:04 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id x99Bh4jI091768 for jail@FreeBSD.org; Wed, 9 Oct 2019 11:43:04 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 240106] VNET issue with ARP and routing sockets in jails Date: Wed, 09 Oct 2019 11:43:04 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: lan@zato.ru X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Oct 2019 11:43:04 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240106 Alexander Lunev changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lan@zato.ru --- Comment #3 from Alexander Lunev --- I think that bug that I wanted to report is somewhat similar, all main acto= rs - VNET, jails and ARP - are the same. So I have a problem with network connectivity between jails and host when u= sing jails with VNET and VLANs.=20 I've written about it to freebsd-net@ mailing list:=20 threads:=20 https://lists.freebsd.org/pipermail/freebsd-net/2019-September/054391.html https://lists.freebsd.org/pipermail/freebsd-net/2019-October/054437.html There's a topic on FreeBSD forums, which confirms this and once again expla= in the configuration with which this problem occuring, and in in great detail,= but author has "solved" his problem by simply not using configuration when you bridge physical interface with jail's VNET interface and not using jail's V= NET interface with VLANs.=20 https://forums.freebsd.org/threads/bridge-epair-not-passing-through-tagged-= vlan-traffic-between-host-and-vnet-jail.71646/ I'll add some more observation here. I recreated configuration in a virtual machine, as i wrote in my last message to freebsd-net@ here: https://lists.freebsd.org/pipermail/freebsd-net/2019-October/054475.html. Jail's vlan interface IP is 10.15.15.2 and host's vlan interface IP is 10.15.15.1. Both jail and host have no ARP entries about each other address= es.=20 So I ping from 10.15.15.2 to 10.15.15.1.=20 1. in initial configuration, I see this on em0:=20 HOST# tcpdump -i em0 -e | grep 10.15.15 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes 08:57:52.051429 02:95:ce:33:dc:0b (oui Unknown) > Broadcast, ethertype 802.= 1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.1 tell 10.15.15.2, length 28 08:57:53.071451 02:95:ce:33:dc:0b (oui Unknown) > Broadcast, ethertype 802.= 1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.1 tell 10.15.15.2, length 28 08:57:54.101515 02:95:ce:33:dc:0b (oui Unknown) > Broadcast, ethertype 802.= 1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.1 tell 10.15.15.2, length 28 2. then I added ARP entry in jail:=20 JAIL# arp -s 10.15.15.1 00:0c:29:2f:6c:08 HOST# tcpdump -i em0 -e | grep 10.15.15 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes 09:07:10.321257 00:0c:29:2f:6c:08 (oui Unknown) > Broadcast, ethertype 802.= 1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.2 tell 10.15.15.1, length 28 09:07:11.391300 00:0c:29:2f:6c:08 (oui Unknown) > Broadcast, ethertype 802.= 1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.2 tell 10.15.15.1, length 28 09:07:12.415232 00:0c:29:2f:6c:08 (oui Unknown) > Broadcast, ethertype 802.= 1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.2 tell 10.15.15.1, length 28 3. then I added jail ARP entry to host:=20 HOST# arp -s 10.15.15.2 02:95:ce:33:dc:0b and ICMP requests started to pass from jail to host, and vlan22 interface on host receiving packets and sending replies:=20 HOST# tcpdump -i vlan22 -e | grep 10.15.15 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vlan22, link-type EN10MB (Ethernet), capture size 262144 bytes 09:37:11.517054 02:95:ce:33:dc:0b (oui Unknown) > 00:0c:29:2f:6c:08 (oui Unknown), ethertype IPv4 (0x0800), length 98: 10.15.15.2 > 10.15.15.1: ICMP echo request, id 25864, seq 0, length 64 09:37:11.517063 00:0c:29:2f:6c:08 (oui Unknown) > 02:95:ce:33:dc:0b (oui Unknown), ethertype IPv4 (0x0800), length 98: 10.15.15.1 > 10.15.15.2: ICMP echo reply, id 25864, seq 0, length 64 but i don't see them on host's epair0a interface, bridged with em0 in bridg= e0, there are only requests on epair0a:=20 HOST# tcpdump -i epair0a -e | grep 10.15.15 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on epair0a, link-type EN10MB (Ethernet), capture size 262144 bytes 09:40:44.178363 02:95:ce:33:dc:0b (oui Unknown) > 00:0c:29:2f:6c:08 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IP= v4, 10.15.15.2 > 10.15.15.1: ICMP echo request, id 32264, seq 0, length 64 09:40:45.221713 02:95:ce:33:dc:0b (oui Unknown) > 00:0c:29:2f:6c:08 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IP= v4, 10.15.15.2 > 10.15.15.1: ICMP echo request, id 32264, seq 1, length 64 09:40:46.253079 02:95:ce:33:dc:0b (oui Unknown) > 00:0c:29:2f:6c:08 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IP= v4, 10.15.15.2 > 10.15.15.1: ICMP echo request, id 32264, seq 2, length 64 and on em0 i see only replies: HOST# tcpdump -i em0 -e | grep 10.15.15 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes 09:41:11.092092 00:0c:29:2f:6c:08 (oui Unknown) > 02:95:ce:33:dc:0b (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IP= v4, 10.15.15.1 > 10.15.15.2: ICMP echo reply, id 34568, seq 0, length 64 09:41:12.096310 00:0c:29:2f:6c:08 (oui Unknown) > 02:95:ce:33:dc:0b (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IP= v4, 10.15.15.1 > 10.15.15.2: ICMP echo reply, id 34568, seq 1, length 64 09:41:13.121890 00:0c:29:2f:6c:08 (oui Unknown) > 02:95:ce:33:dc:0b (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IP= v4, 10.15.15.1 > 10.15.15.2: ICMP echo reply, id 34568, seq 2, length 64 and on bridge interface nor requests nor replies are shown.=20 HOST# tcpdump -i bridge0 -e | grep 10.15.15 ... silince ... Is it normal and I'm doing something wrong?=20 I wanted to make jails act as the normal freebsd host with one dedicated VN= ET interface with VLANs. --=20 You are receiving this mail because: You are the assignee for the bug.=