From owner-freebsd-jail@freebsd.org Mon Aug 22 18:46:25 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B00D7BC2A82 for ; Mon, 22 Aug 2016 18:46:25 +0000 (UTC) (envelope-from sdb.tomcat@gmail.com) Received: from mail-lf0-x22d.google.com (mail-lf0-x22d.google.com [IPv6:2a00:1450:4010:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 363B51DD1 for ; Mon, 22 Aug 2016 18:46:25 +0000 (UTC) (envelope-from sdb.tomcat@gmail.com) Received: by mail-lf0-x22d.google.com with SMTP id f93so84594175lfi.2 for ; Mon, 22 Aug 2016 11:46:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=Rx7jhPpUzNszqKLSK+WUkNJsYhrnYMRa6JxuIc9C9a0=; b=qw0XawC0gh3QzhJ0Nu565tLrR0D4Hq4xdxNf/nTCBiSN7SHc8qGSMD4/HpNhXnM6Kj nEeiuQLeVZ+9gDlOnnoPl/kaYYoNtUxOY2jmCTORbyz4pmCJiRygc/51XgvWIsn6+XWQ EDf2mFyZXxN+52ZKqqyOsbbxEcr+dwHBRWOON4OuqrkksNkCmipWhvRlqU5FARSkcFTO QLY3To2i6Mj4MO9wT/XF9e5rzwJC+ppBiiCupO3aEYExOfxM28TrFFpujulIloMI96z7 +gAp8RPjql5UAgui1Snlw9OKWxxSvdGk4oNwUiE3B6OUJKjeGKpW3BzkkvKKBP8uhDeF ZmvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Rx7jhPpUzNszqKLSK+WUkNJsYhrnYMRa6JxuIc9C9a0=; b=UyUkUFv4nIFf6ss+9G0nq2k0Fttn8qu6B3gAR54iVSSqpG/uBah9yjOMACsExxczLf Cg9fZW/DjrT71VWQb00FHenR8MbS4wIHL/8MkjSnpK3+YGY0XiLIy00+0ook/7EXnlmp IjwKPA4KI5SzsXS6NHtQ6lhHqGhDaYZi4iowtPqwvhLc4FuOcZiYvODt81h95KaaakHt TRUKNNGQUx8mNCNgGcyyecmJGdUALni+39I8IJWEjO6m+qwwZoW/CBW9+4iD//AroBM/ X+/RwHhjJLdhYWfHLghnAB4oLu+4D/QArPdKBa/GNoDFuWN1EFMWDhHLN8/bvcf4E6/C GpgA== X-Gm-Message-State: AEkooutmhgXxYf+xj5deAymPPqHWYg/orVWaHuZRCxTPSjrSLGQYC8Z5Np/npURSpBhnM2diYjxP02PklpIcsA== X-Received: by 10.25.216.163 with SMTP id r35mr4868838lfi.173.1471891582833; Mon, 22 Aug 2016 11:46:22 -0700 (PDT) MIME-Version: 1.0 Received: by 10.114.183.103 with HTTP; Mon, 22 Aug 2016 11:46:21 -0700 (PDT) From: Thomas Thompson Date: Mon, 22 Aug 2016 14:46:21 -0400 Message-ID: Subject: pkg install fails in jail with v 1.8.7 To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Aug 2016 18:46:25 -0000 Hello, I've run into an odd problem with pkg v 1.8.7 and jails on a FreeBSD 9.3 server. I'm getting the same error as described in this thread from the forums: https://forums.freebsd.org/threads/56490/ where package installs fail and report two errors (snipped from jail install logs): pkg: dup2(rootfd): Invalid argument pkg: Fail to create /usr: Bad file descriptor It's not an FS issue as far as I can tell (fsck returns clean), and it goes away if I lock the pkg version in the ezjail.current file before doing updates and installing new packages: pkg lock -y pkg pkg 1.8.7 works fine on another server, and my google-fu isn't finding anything obvious. Any help / pointers here would be greatly appreciated. For reference / on the server is ufs. -T.J. From owner-freebsd-jail@freebsd.org Mon Aug 22 22:52:51 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6D09ABC2EF0; Mon, 22 Aug 2016 22:52:51 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-it0-x22a.google.com (mail-it0-x22a.google.com [IPv6:2607:f8b0:4001:c0b::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 323681708; Mon, 22 Aug 2016 22:52:51 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-it0-x22a.google.com with SMTP id x131so115501930ite.0; Mon, 22 Aug 2016 15:52:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=QOOyA6SDNdsiezVcaos3IWlNjXQIoaL8I57W2ZNV+IA=; b=stjMftgAl3/tiAU38q2d/1yaam/xDaQA4JhUvyZcQGmA/YGoD3Rj4TXteVjCwK03ao z1uC6hUbywhsO3GHUje3Oc39HtG8fApeTTXrL6QtOcvgBhTsWaY2X/q6wCTFDE8iGcHZ zQrrUAfBS99lNeuPyVFYdVuGco+0F9XH9C6llZLIp4zxZGUROdDHV3aQ1cM0Etjlg4St ofIC4ua9O7mD4temjTy6UToPB4imrI3rGJOd/07sbDaDShuLhX3Q2cCtOUDQU4IzH9Km DTDQAX9Ep+Bvsd2RKOg+pinuEII0M6UdB1LqDtraV5RB5Nr8p43sE6O327V+ZMXbLt8A gXBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=QOOyA6SDNdsiezVcaos3IWlNjXQIoaL8I57W2ZNV+IA=; b=jZ35gGReHJu6qJFtkdkldOk25dxm8y9rjILhh8UCvZfxR32XJixdGUZ9WmZPgaCS5M VDuy6GqvtmqUHlr0h/l2xUcn1J6wA97q61r8CObxEb342r1Xfx14G04IPlda6U/N4RYK Op58vLICNqaPDz5XxfrBFL+EgHwkMwIcEY+1O93c2zsTLgLTstd82CZ/aoWDjRPqhxt+ 91x3nP4xD29r1/n4M0Bh1VU4EZoE2+81E274OwyWp02FGMpUZpbby5+DsMw8yzPrRk81 QHHUe9oG1oRJWIuXQ+ubJcJ0bsWg+68oXmWny/7NHWqC8nXR0EhIyLgica3vNk0QeEBs 7DsQ== X-Gm-Message-State: AEkoouvnJCTHnQYjvEBIgIse4xFjIdckRX1JEsS5efUoRGKNwOOTaHawiKOMt4QM8GGXng== X-Received: by 10.36.225.9 with SMTP id n9mr23319514ith.30.1471906370380; Mon, 22 Aug 2016 15:52:50 -0700 (PDT) Received: from [10.0.10.3] (cpe-24-165-196-54.neo.res.rr.com. [24.165.196.54]) by smtp.googlemail.com with ESMTPSA id o74sm346867ioe.37.2016.08.22.15.52.48 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 22 Aug 2016 15:52:49 -0700 (PDT) Message-ID: <57BB8247.6060907@gmail.com> Date: Mon, 22 Aug 2016 18:52:55 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Freebsd Questions CC: "freebsd-jail@freebsd.org" Subject: Problem 11.0-RC1 vnet jails with ipfilter References: <57B1E1BC.4090205@gmail.com> <078403E1-D8A3-4E52-B218-7A8B4400749A@lists.zabbadoz.net> <57B375C6.9030500@gmail.com> <89E52542-8E6B-4BA6-921E-E939A3F3A038@lists.zabbadoz.net> <57B3B858.4000707@gmail.com> <20160817072244.GO18643@e-new.0x20.net> In-Reply-To: <20160817072244.GO18643@e-new.0x20.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Aug 2016 22:52:51 -0000 Hello List. I have a working setup where I am running IPF on the host and in a vnet jail at the same time. The problem is I don't think the vnet IPF rules are being enforced. To verify the vnet IPF rules are active and being enforced, I have a rule to deny outbound for port 43. Port 43 is used by the "whois" command. When I issue the "whois" command from the vnet jail console, I get whois results when it should not function. I may have overlooked something or my testing concept may be faulty, so I am requesting some other eyes to review what I am doing for a reason I am getting the results I am getting. I have run the test using a vimage kernel and a vimage/ipf kernel and get the same results. The vnet jail is using this /etc/devfs.rules rule [devfsrules_vjail_ipf=60] add include $devfsrules_jail add path ipl unhide add path ipl0 unhide add path ipf unhide add path ipauth unhide add path ipnat unhide add path ipstate unhide # used by ipstate #add path kmem unhide #add path kernel unhide and yes the "devfs rule showsets" command does show rule number 60. Issuing the ipfilter command "ipfstat -hnoi" from the host console shows these rules 0 @1 pass out quick on lo0 all 0 @2 pass out log quick on fxp0 all 0 @1 pass in quick on lo0 all 1 @2 pass in log quick on fxp0 all Issuing the ipfilter command "ipfstat -hnoi" from the started vnet jail console shows these rules 0 @1 pass out quick on lo0 all 0 @2 block out log quick on epair17b proto tcp from any to any port = nicname 0 @3 pass out log quick on epair17b all 0 @1 pass in quick on lo0 all 0 @2 pass in log quick on epair17b all There are 0 counts because the ipstate command is restricted from accessing kmem & kernel from inside of the vnet jail. But this at lease seems to indicate ipfilter is running in the vnet jail. Issuing the "ping" command from the started vnet jail console works and the hosts ipfilter log shows this [sniped to fit] fxp0 @0:2 p 10.11.0.2 -> 8.8.8.8 PR icmp len 20 84 icmp echo/0 OUT fxp0 @0:2 p 8.8.8.8 -> 10.11.0.2 PR icmp len 20 84 icmp echoreply/0 IN fxp0 @0:2 p 10.11.0.2 -> 8.8.8.8 PR icmp len 20 84 icmp echo/0 OUT fxp0 @0:2 p 8.8.8.8 -> 10.11.0.2 PR icmp len 20 84 icmp echoreply/0 IN fxp0 @0:2 p 10.11.0.2 -> 8.8.8.8 PR icmp len 20 84 icmp echo/0 OUT fxp0 @0:2 p 8.8.8.8 -> 10.11.0.2 PR icmp len 20 84 icmp echoreply/0 IN fxp0 @0:2 p 10.11.0.2 -> 8.8.8.8 PR icmp len 20 84 icmp echo/0 OUT fxp0 @0:2 p 8.8.8.8 -> 10.11.0.2 PR icmp len 20 84 icmp echoreply/0 IN Issuing the "whois" command from the started vnet jail console works also, but should not work because of the block rule on port 43. The hosts ipfilter log shows this [sniped to fit] fxp0 @0:2 p 10.2.0.2,51575 -> 192.0.32.59,43 PR tcp len 20 60 -S OUT fxp0 @0:2 p 192.0.32.59,43 -> 10.2.0.2,51575 PR tcp len 20 60 -AS IN fxp0 @0:2 p 10.2.0.2,51575 -> 192.0.32.59,43 PR tcp len 20 52 -A OUT fxp0 @0:2 p 10.2.0.2,51575 -> 192.0.32.59,43 PR tcp len 20 61 -AP OUT fxp0 @0:2 p 192.0.32.59,43 -> 10.2.0.2,51575 PR tcp len 20 52 -A IN fxp0 @0:2 p 192.0.32.59,43 -> 10.2.0.2,51575 PR tcp len 20 367 -AP IN fxp0 @0:2 p 192.0.32.59,43 -> 10.2.0.2,51575 PR tcp len 20 52 -AF IN fxp0 @0:2 p 10.2.0.2,51575 -> 192.0.32.59,43 PR tcp len 20 52 -A OUT fxp0 @0:2 p 10.2.0.2,51575 -> 192.0.32.59,43 PR tcp len 20 52 -AF OUT fxp0 @0:2 p 10.2.0.2,51903 -> 199.71.0.46,43 PR tcp len 20 60 -S OUT fxp0 @0:2 p 192.0.32.59,43 -> 10.2.0.2,51575 PR tcp len 20 52 -A IN fxp0 @0:2 p 199.71.0.46,43 -> 10.2.0.2,51903 PR tcp len 20 60 -AS IN fxp0 @0:2 p 10.2.0.2,51903 -> 199.71.0.46,43 PR tcp len 20 52 -A OUT fxp0 @0:2 p 10.2.0.2,51903 -> 199.71.0.46,43 PR tcp len 20 63 -AP OUT fxp0 @0:2 p 199.71.0.46,43 -> 10.2.0.2,51903 PR tcp len 20 52 -A IN fxp0 @0:2 p 199.71.0.46,43 -> 10.2.0.2,51903 PR tcp len 20 293 -AP IN fxp0 @0:2 p 199.71.0.46,43 -> 10.2.0.2,51903 PR tcp len 20 1500 -A IN I would think that this indicates that the ipfilter rules in a vnet jail are not functioning. I can start the vnet jail without any firewall running in it and get the same results. Thanks for your help. From owner-freebsd-jail@freebsd.org Tue Aug 23 15:25:47 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F0D03BC32E9 for ; Tue, 23 Aug 2016 15:25:47 +0000 (UTC) (envelope-from sdb.tomcat@gmail.com) Received: from mail-qk0-x22e.google.com (mail-qk0-x22e.google.com [IPv6:2607:f8b0:400d:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B054A1F14 for ; Tue, 23 Aug 2016 15:25:47 +0000 (UTC) (envelope-from sdb.tomcat@gmail.com) Received: by mail-qk0-x22e.google.com with SMTP id l2so109886198qkf.3 for ; Tue, 23 Aug 2016 08:25:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=q77nRuNYf3v0Dx9rkX+bUhQiBajhqXgrp0ttkGul7G4=; b=yhKfVVv8Eyq7DxdCL0TZXWuIdCpMs1q/oi+9S7PiKstFSSMI21pND50gOeuVrZ+5ua AV63Yu0rfNCWUIBQKI249Z9QMB/qE6azuPNodkDUpDICoGPdqWBM8XL8XU8pmTWAJPXc 6NvXXbWW/5uYT+ZzhLCdvigGCy+QLML9ni9ZEvF3/tHgiq35n6o8s9+ZF1Qaa9gGsWmQ XNLCjs8hzkxlypnSM8GGgH5YrpRNBqKyTi9TejL4HyCWQ/jP+XnNu/fM88GqyFxktZbc R5nJ3oF8LxL372Jw0NF0Bs5DAlUcxBp3nefLOFbmBTPPUIkoexv6kvOHVeiumYn2F79A x9vQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=q77nRuNYf3v0Dx9rkX+bUhQiBajhqXgrp0ttkGul7G4=; b=JTEtmzYD6jgU9Ty9wl43HFM/B8fVYqDOgLErO4Bx/uWwqig1hsvYrSxLN2heI9SKUM DP75c/31y6mPcy6ktQVEHslYSc3MT9AM6kElF9rEzKah+cKo3o5jawk0wY8UXC8k5xH5 dk1dXhFj8WylR3YCXau79usiTUwexdMs2WpGOgt0S9Fuil9rdBX79Bqpi0Wo2psLlQfi gDvGY3hR3oTkPNp1UGliNiA3+Dpu2Cv2vMCk0AhsrhmqbiGdmYFlCw4/1e5exwnLMDAo kI0F51ErOPL4ARSn6/xEjQb5Ej9DWqGMD22gbIRp5aZpjsOUlG+yUnI0je8xITT7E6DN GWKg== X-Gm-Message-State: AE9vXwNmYPl6/LS6kAcfM/AxrOT6AxbeC6pPbJhUBcR/SYHmpEjVxHx3GhTFh5yvbKskAJ+DJqHc6mGBsVNWVQ== X-Received: by 10.55.31.41 with SMTP id f41mr30745344qkf.249.1471965946640; Tue, 23 Aug 2016 08:25:46 -0700 (PDT) MIME-Version: 1.0 Received: by 10.200.47.24 with HTTP; Tue, 23 Aug 2016 08:25:46 -0700 (PDT) In-Reply-To: References: From: Thomas Thompson Date: Tue, 23 Aug 2016 11:25:46 -0400 Message-ID: Subject: Re: pkg install fails in jail with v 1.8.7 To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Aug 2016 15:25:48 -0000 Found the issue. The server in question is running 9.1, while the other machines are @ 9.3. I expect the issues to be resolved once I bring the server up to date with the others. -T.J. On Mon, Aug 22, 2016 at 2:46 PM, Thomas Thompson wrote: > Hello, > > I've run into an odd problem with pkg v 1.8.7 and jails on a FreeBSD 9.3 > server. I'm getting the same error as described in this thread from the > forums: https://forums.freebsd.org/threads/56490/ where package installs > fail and report two errors (snipped from jail install logs): > > pkg: dup2(rootfd): Invalid argument > > pkg: Fail to create /usr: Bad file descriptor > > It's not an FS issue as far as I can tell (fsck returns clean), and it > goes away if I lock the pkg version in the ezjail.current file before doing > updates and installing new packages: > > pkg lock -y pkg > > pkg 1.8.7 works fine on another server, and my google-fu isn't finding > anything obvious. Any help / pointers here would be greatly appreciated. > For reference / on the server is ufs. > > -T.J. > From owner-freebsd-jail@freebsd.org Tue Aug 23 15:49:21 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9DD26BC3E53 for ; Tue, 23 Aug 2016 15:49:21 +0000 (UTC) (envelope-from baptiste.daroussin@gmail.com) Received: from mail-lf0-x22a.google.com (mail-lf0-x22a.google.com [IPv6:2a00:1450:4010:c07::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1C6DB15CB for ; Tue, 23 Aug 2016 15:49:21 +0000 (UTC) (envelope-from baptiste.daroussin@gmail.com) Received: by mail-lf0-x22a.google.com with SMTP id b199so104083862lfe.0 for ; Tue, 23 Aug 2016 08:49:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=T2V+B4/RDKGMvDnXs/yjyMdgoXh5si21Tm5o0BidAzE=; b=JpYDh7uhGyDASzgrn+XIJ0BSrMzfD+wYEqX11ban8uGVeWa3Nmafs5GS2m4B7d4uWe /+TcY/h6UmXdsizy/DR7zafA/QTFmcxBp7UoxMNFOHyMBmPDiNcshXXSuI1gc1aW3ZFf 8OtFCo6SF8DBXGoF/q80CWmtjnD/p8h24dljcI4V0rI8i3ufNEg0qI1syZ6qqhjvVXAL HLLg5/EPY1WI8nLl8/7M7J5475RY1Pv/vqZOIjlqrpyn4OAIGM6+zSa7niDj+JnexRMY tVEpc26rmXxk3cI0SM0LK8SOmdHxWc4F2Ez1k5AzfO4fD4MoTxqV54CshvwzU47Lnmj/ MfLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=T2V+B4/RDKGMvDnXs/yjyMdgoXh5si21Tm5o0BidAzE=; b=eTtqRaj9oiisq1sBFauiZePoYmP4xEkYwkBcSFs4BkKeHacy3eP6oU8ZHhJpcuHxrY leqQ2Yj7L5z565rty1iUWKjnYxi83mfQ7JXuEnYM4ip7QJIBS3g3HKGAE+5YElftagX0 rzvvU75dNZiLSskbfPZ18k75ibsQ9wyJ/AbmM8qYNl6LRNJxTIUuYm+cKmQvbeMjaVd7 i0n1/ZHTGvW3VtJe9/uRpJ1oh8ptIfc8jQCHkiaQzV6jP0WIFZAQS1b6Mdk7/rLMMD6Z QC8xAXsiMBhEQZpF1X/qH7/IaEM3pgwbiuKz9gvyCqQ9veC34ALidolJfdDIn7z9IQxI 54oA== X-Gm-Message-State: AEkoouu677QCbyGgy4WRFKT1DApTvlE2gX5ybIdImvzV86SS/R4gZ3N1GYc7B3FEtM4gRw== X-Received: by 10.25.214.166 with SMTP id p38mr7560001lfi.168.1471967359120; Tue, 23 Aug 2016 08:49:19 -0700 (PDT) Received: from ivaldir.etoilebsd.net ([2001:41d0:8:db4c::1]) by smtp.gmail.com with ESMTPSA id g40sm952088ljg.22.2016.08.23.08.49.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 Aug 2016 08:49:18 -0700 (PDT) Sender: Baptiste Daroussin Date: Tue, 23 Aug 2016 17:49:16 +0200 From: Baptiste Daroussin To: Thomas Thompson Cc: freebsd-jail@freebsd.org Subject: Re: pkg install fails in jail with v 1.8.7 Message-ID: <20160823154916.u6y7wshp4yhqbkbo@ivaldir.etoilebsd.net> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="54jrjdajou76cmbn" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.6.2-neo (2016-08-08) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Aug 2016 15:49:21 -0000 --54jrjdajou76cmbn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 22, 2016 at 02:46:21PM -0400, Thomas Thompson wrote: > Hello, >=20 > I've run into an odd problem with pkg v 1.8.7 and jails on a FreeBSD 9.3 > server. I'm getting the same error as described in this thread from the > forums: https://forums.freebsd.org/threads/56490/ where package installs > fail and report two errors (snipped from jail install logs): >=20 > pkg: dup2(rootfd): Invalid argument >=20 > pkg: Fail to create /usr: Bad file descriptor >=20 > It's not an FS issue as far as I can tell (fsck returns clean), and it go= es > away if I lock the pkg version in the ezjail.current file before doing > updates and installing new packages: >=20 > pkg lock -y pkg >=20 > pkg 1.8.7 works fine on another server, and my google-fu isn't finding > anything obvious. Any help / pointers here would be greatly appreciated. > For reference / on the server is ufs. I have replied on the forum. Short version: running a 9.3 binary that uses things (discovered at build t= ime) only available on 9.3 and not on 9.1. The fix: either upgrade your system or build your on set of packages on 9.1 Best regards, Bapt --54jrjdajou76cmbn Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXvG/VAAoJEGOJi9zxtz5aPFcP/2f5WtE22FvL1KuC30AHxuy+ FwjM2sQoAJ0A/yn1iNVYU7LoqEfkUge68WukbycXVICV1Nl19J3m0DaNW8KxVv+Z 5+qQUntNCLTbdsYmWMgqROJ7qUIyf4BxME/Kmk/MiJU8zaDx6SXcK00CCn6Rbaju iSc3JkeIHeRic1LLTtIi3PWPFeBnGe5UBThv7leBoIRYsXQT7C6ZIfxktYlAj70+ rhd/q+sa2+W4zLLVOSJZqegeGxu2+6qLMwAmRZXf+cPLrcoAy7DiWoge7X4DHlpn AsyF5213CzQ2cK6MRYc9BT5MFqfsR6vlpzwbqPfVpmZs1HcBDj/kYDcUD126wZ1B It4xYfBaPnVBksW/c/b8tzU/AsqSRZNVfUYQ70TviE5OQWdZi7h4V/z73QjQWeUT YPYcWIZtO0HbLzmCYwTzIZABMKSk44jNphR3G0tF7PLiorUd0hjc0bMqZTGXR9P2 Wpr0hBcevNYY70njR0S780PO/r69w6ryr91a+hCNVqxKIr6iNnYFU5rNhGaMfv7p U7kHP8zOZNeqMQTEdqe7c+ewnzIctqblkB7ezEgjl77BpXVb9Z/iYYL94PaTe544 rPJHxufwSYXVgxK6WjZZA5IpRwVUg2okA5TViydksaIk7K3WFA37A32XuolP7Gqz /MLWDhcaRV6DZl35Foj6 =7EC/ -----END PGP SIGNATURE----- --54jrjdajou76cmbn-- From owner-freebsd-jail@freebsd.org Tue Aug 23 16:54:48 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 68928BC3ACA; Tue, 23 Aug 2016 16:54:48 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-it0-x243.google.com (mail-it0-x243.google.com [IPv6:2607:f8b0:4001:c0b::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 32CC81512; Tue, 23 Aug 2016 16:54:48 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-it0-x243.google.com with SMTP id j124so8648709ith.3; Tue, 23 Aug 2016 09:54:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :content-transfer-encoding; bh=/eiU9Aad21sh/tZ/Z0iX0o+cRoAz6Y3U11L5lxsnbto=; b=FTAvbhDoCdjN/RRtHOFAD5UWJ8pW9YTqq7sEks4+bFAt7H7Jt8rvFPWR66qANbuU8U ZWvFcJO9NzLxbY/MdKMx5oxBW9KyttWSH3G2MhrlRQthw41M2myjRFgHGMTcFPhxwPe8 3TDUmuZ9AgM9FWQnr1mttyiUqBd4yV2Cb1s77i7FBp2avWq01ctDkfE+HUIhshzXlFKJ llAbUUkNGYfxw/0vwcRezSHnOLOS8Vsq53S2R0axuAU9zhKy4jrmZREcE3E3LGWksT+T kHkQG1Bzi+eCrqsHvnBj2AJlbXMXenSAedTvGxGu4MVlA6SWTWK+7822slM6BJ6iRO39 Iltg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:content-transfer-encoding; bh=/eiU9Aad21sh/tZ/Z0iX0o+cRoAz6Y3U11L5lxsnbto=; b=a+7seMgMg95taxSl1JUrSdAkseaPFV0krLx+Rz8I4RiCS4UK8WWBRRyqiX5VIwH2CB LhkBGn5iPH6RBsuHW0wn1PcxnpHzIgO9gM64c1pnB796UmzIKbVmRUcqV2iZHlqKuBKU Cu3FiGjMMZT1jNhPY+zcxLqwvIkNTcuI1SSDtk5R5aTWLXr9WPQODfASqrm3IwHftA9d VbEcarObFbeqJ8R3wDWxONK/aNKAZYYzPK7C33Eep577T1E6ZgLT8gh8xZ7Efe4ZgB0h CaW4lpE+DQtWi22MrP6M1GjLouIQK/36jJo1qSnQTXxedQlfpGo01COa0SVO8odU140h YdpQ== X-Gm-Message-State: AEkooutbYlr38AL6QhhQr2eU4XMwV0ZHUCnHVHt32o/QF5KX0A79yLvtnHwYZzJQZwUvNw== X-Received: by 10.36.102.194 with SMTP id k185mr28758356itc.45.1471971287567; Tue, 23 Aug 2016 09:54:47 -0700 (PDT) Received: from [10.0.10.3] (cpe-24-165-196-54.neo.res.rr.com. [24.165.196.54]) by smtp.googlemail.com with ESMTPSA id h67sm1663281ioe.40.2016.08.23.09.54.46 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 23 Aug 2016 09:54:47 -0700 (PDT) Message-ID: <57BC7FE4.7010801@gmail.com> Date: Tue, 23 Aug 2016 12:55:00 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Freebsd Questions CC: "freebsd-jail@freebsd.org" Subject: 10.x or 11.0 and pf firewall in vimage jail Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Aug 2016 16:54:48 -0000 Would like to talk with anyone who has a working pf firewall on the host and in a vnet/vimage jail running on version 10.x or 11.0. Looking for details about pf configuration and setup. Thanks From owner-freebsd-jail@freebsd.org Tue Aug 23 17:05:21 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 71495BC3F71 for ; Tue, 23 Aug 2016 17:05:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 60F0F1DA9 for ; Tue, 23 Aug 2016 17:05:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u7NH5Jlf075525 for ; Tue, 23 Aug 2016 17:05:21 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 212077] [11.0-RC1][jail][ipfw] adding table causes kernel panic Date: Tue, 23 Aug 2016 17:05:20 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Aug 2016 17:05:21 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212077 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- CC|freebsd-amd64@FreeBSD.org |freebsd-jail@FreeBSD.org Assignee|freebsd-bugs@FreeBSD.org |freebsd-ipfw@FreeBSD.org --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-jail@freebsd.org Tue Aug 23 17:23:50 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BDD6EBC445B for ; Tue, 23 Aug 2016 17:23:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AD8D318C1 for ; Tue, 23 Aug 2016 17:23:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u7NHNoW4017236 for ; Tue, 23 Aug 2016 17:23:50 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 212077] [11.0-RC1][jail][ipfw] adding table causes kernel panic Date: Tue, 23 Aug 2016 17:23:50 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: vimage X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: bz@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Aug 2016 17:23:50 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212077 Bjoern A. Zeeb changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bz@FreeBSD.org Keywords| |vimage --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-jail@freebsd.org Tue Aug 23 17:24:58 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E3D5DBC44C1; Tue, 23 Aug 2016 17:24:58 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B1B8C1952; Tue, 23 Aug 2016 17:24:58 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from [192.168.228.1] (unknown [IPv6:2a02:1811:2419:4e02:c5a8:54ca:244d:6bbf]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id A518DA28A; Tue, 23 Aug 2016 19:24:55 +0200 (CEST) From: "Kristof Provost" To: "Ernie Luzar" Cc: "Freebsd Questions" , "freebsd-jail@freebsd.org" Subject: Re: 10.x or 11.0 and pf firewall in vimage jail Date: Tue, 23 Aug 2016 19:24:55 +0200 Message-ID: <191F87D2-012E-4C57-9FF7-AAB3D5E010E5@FreeBSD.org> In-Reply-To: <57BC7FE4.7010801@gmail.com> References: <57BC7FE4.7010801@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Mailer: MailMate (2.0BETAr6052) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Aug 2016 17:24:59 -0000 On 23 Aug 2016, at 18:55, Ernie Luzar wrote: > Would like to talk with anyone who has a working pf firewall on the > host and in a vnet/vimage jail running on version 10.x or 11.0. > Looking for details about pf configuration and setup. > pf on the host should work just fine in combination with vimage. I’ve been running such a setup since at least 10.0. It’s a relatively simple setup: a couple if vimage jails with epair interfaces, one end in the jail, the other in a bridge. What are you having issues with? Regards, Kristof From owner-freebsd-jail@freebsd.org Tue Aug 23 18:03:07 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0FC6FBC3490 for ; Tue, 23 Aug 2016 18:03:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F39FC1F3A for ; Tue, 23 Aug 2016 18:03:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u7NI36p4081391 for ; Tue, 23 Aug 2016 18:03:06 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 212077] [11.0-RC1][jail][ipfw] adding table causes kernel panic Date: Tue, 23 Aug 2016 18:03:07 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: vimage X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: bz@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Aug 2016 18:03:07 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212077 Bjoern A. Zeeb changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Open --- Comment #1 from Bjoern A. Zeeb --- OK, it's not the command that triggers the panic, it's a packet that is then checked against the rule. I can reproduce it on head. --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-jail@freebsd.org Wed Aug 24 09:24:00 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B3549BC1510; Wed, 24 Aug 2016 09:24:00 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-wm0-x243.google.com (mail-wm0-x243.google.com [IPv6:2a00:1450:400c:c09::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 484C21709; Wed, 24 Aug 2016 09:24:00 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mail-wm0-x243.google.com with SMTP id i5so1726071wmg.2; Wed, 24 Aug 2016 02:24:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bu2jh7qIGQu4OxCsWULg0Q+tfq+Z/rwljQhMEU4tlyU=; b=twRP/pR5K78E3B6ZQM4F7h9AnqWA3PvVPuqe/FIDVV8nmqpTAACWfYmEDG711QsMer XquP+rNrjOuqxDZJj8X3FRNm2WiltTbJkqTX6x+jygVrp7Qr4LQ5ar3TvooqNiXeIz66 6fiPLfoFBb9T1LjaPgHOXalj6ETrfknMBpXdMLAJpjjJ5aPWJU3ITHVk/TaK76Gh8HMu PopuwjpBwWuYHHTiza5lrxgX90SJlSPe7a181xdLqQMtYBj91hiNWilmdhNNNKKY/1uV u61yALIM4+RD+Q4dynlkZHU1VX412VMo26Jc7fudzDy37qn3IzBIE/PG6//MPAqYiewD E6eA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bu2jh7qIGQu4OxCsWULg0Q+tfq+Z/rwljQhMEU4tlyU=; b=NAbZFzPuX4MlqG1yibCKEsZhaWbx1w6RiXOMG8ygvFflKoYhWTRfjvTIkPUoElI4ve ah2YDruSMPIxW692kEB5RVLoYI6qk3AO4qeeItOVcnnxQzd8tCQHkTkUavV1c4FIHtMT aWI+8N1+HLLh2jLEQIXYlKZ7MpgOSZAXZC9MBQ5UFqDqbkQI3DGQFc9xRSY9b0SmXlYK S2Tqt0DtFlctMU2HsOGS1/dl6zeoTGRkFzni3Ah64IYbhh0ctGNNNiTNCIVAoDEjZe3+ B8YWpMH8Puj6g4HONC3i26cr2p1lTPQeCTtlRb3c0116PuWZJG9gqwx+5cMxjsmciwXS K/4Q== X-Gm-Message-State: AEkoout5TKx/BXg6K9m025LZgq70pEfAbgmFD8E54ctqTvPFVNvYC8cMv8zmXxfYmrThCty4FWHlu67NxefaJw== X-Received: by 10.194.127.37 with SMTP id nd5mr1764241wjb.156.1472030638644; Wed, 24 Aug 2016 02:23:58 -0700 (PDT) MIME-Version: 1.0 Received: by 10.194.54.202 with HTTP; Wed, 24 Aug 2016 02:23:58 -0700 (PDT) In-Reply-To: <191F87D2-012E-4C57-9FF7-AAB3D5E010E5@FreeBSD.org> References: <57BC7FE4.7010801@gmail.com> <191F87D2-012E-4C57-9FF7-AAB3D5E010E5@FreeBSD.org> From: krad Date: Wed, 24 Aug 2016 10:23:58 +0100 Message-ID: Subject: Re: 10.x or 11.0 and pf firewall in vimage jail To: Kristof Provost Cc: Ernie Luzar , "freebsd-jail@freebsd.org" , Freebsd Questions Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Aug 2016 09:24:00 -0000 Anything special required for that? Last time I tried VIMAGE and VNET jails I just got kernel panics. I wasnt doing anything special. I memory is fuzzy though, and it could have been 9-stable i tried it on. On 23 August 2016 at 18:24, Kristof Provost wrote: > On 23 Aug 2016, at 18:55, Ernie Luzar wrote: > >> Would like to talk with anyone who has a working pf firewall on the host >> and in a vnet/vimage jail running on version 10.x or 11.0. >> Looking for details about pf configuration and setup. >> >> pf on the host should work just fine in combination with vimage. I=E2=80= =99ve > been running such a setup since at least 10.0. > > It=E2=80=99s a relatively simple setup: a couple if vimage jails with epa= ir > interfaces, one end in the jail, the other in a bridge. > > What are you having issues with? > > Regards, > Kristof > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe > @freebsd.org" > From owner-freebsd-jail@freebsd.org Wed Aug 24 09:27:10 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 95F8CBC16AB; Wed, 24 Aug 2016 09:27:10 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6059C1945; Wed, 24 Aug 2016 09:27:10 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from [10.240.0.116] (vega.codepro.be [IPv6:2a01:4f8:162:1127::3]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id 22A01949E; Wed, 24 Aug 2016 11:27:07 +0200 (CEST) From: "Kristof Provost" To: krad Cc: "Ernie Luzar" , "freebsd-jail@freebsd.org" , "Freebsd Questions" Subject: Re: 10.x or 11.0 and pf firewall in vimage jail Date: Wed, 24 Aug 2016 11:27:06 +0200 Message-ID: In-Reply-To: References: <57BC7FE4.7010801@gmail.com> <191F87D2-012E-4C57-9FF7-AAB3D5E010E5@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Mailer: MailMate (2.0BETAr6052) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Aug 2016 09:27:10 -0000 On 24 Aug 2016, at 11:23, krad wrote: > Anything special required for that? Last time I tried VIMAGE and VNET > jails > I just got kernel panics. I wasnt doing anything special. I memory is > fuzzy > though, and it could have been 9-stable i tried it on. > No, just enabling VIMAGE in the kernel config. 9-stable is … old, so if you’re interested in VIMAGE I’d recommend trying 12-current (or 11-stable). Regards, Kristof From owner-freebsd-jail@freebsd.org Wed Aug 24 11:43:31 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 24921BC4367 for ; Wed, 24 Aug 2016 11:43:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 143AF1666 for ; Wed, 24 Aug 2016 11:43:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u7OBhSkv027898 for ; Wed, 24 Aug 2016 11:43:30 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 212077] [11.0-RC1][jail][ipfw] adding table causes kernel panic Date: Wed, 24 Aug 2016 11:43:29 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RC1 X-Bugzilla-Keywords: vimage X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: bz@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: dependson Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Aug 2016 11:43:31 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212077 Bjoern A. Zeeb changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |212105 Referenced Bugs: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212105 [Bug 212105] ipfw dumps core after adding rule with table --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-jail@freebsd.org Sat Aug 27 16:22:15 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 991A0B7702A for ; Sat, 27 Aug 2016 16:22:15 +0000 (UTC) (envelope-from rleigh@codelibre.net) Received: from auth.a.painless.aa.net.uk (auth.a.painless.aa.net.uk [90.155.4.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6856E961 for ; Sat, 27 Aug 2016 16:22:15 +0000 (UTC) (envelope-from rleigh@codelibre.net) Received: from 7.5.2.1.f.5.e.f.f.f.c.4.4.a.2.6.d.b.d.d.0.6.8.0.0.b.8.0.1.0.0.2.ip6.arpa ([2001:8b0:860:ddbd:62a4:4cff:fe5f:1257]) by a.painless.aa.net.uk with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.77) (envelope-from ) id 1bdgN1-0000Yt-L3 for freebsd-jail@freebsd.org; Sat, 27 Aug 2016 17:22:12 +0100 To: freebsd-jail@freebsd.org From: Roger Leigh Subject: Jails and IPv6 local loopback Message-ID: Date: Sat, 27 Aug 2016 17:22:04 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Aug 2016 16:22:15 -0000 Hi list, I saw https://lists.freebsd.org/pipermail/freebsd-jail/2011-March/001500.html in the archives but didn't see anything more recent. This is with 10.3-RELEASE % freebsd-version 10.3-RELEASE-p6 % jls JID IP Address Hostname Path [...] 3 192.168.1.12 bfcpp.codelibre.net /jail/bfcpp [...] From jail.conf: bfcpp { host.hostname = "bfcpp.codelibre.net"; interface = "bge0"; ip4.addr = "192.168.1.12"; ip6.addr = "2001:8b0:860:ddbd:3aea:a7ff:feab:7002"; allow.raw_sockets = "1"; path = "/jail/bfcpp"; mount.devfs; mount.fdescfs; mount.procfs; mount.fstab="/etc/fstab.bfcpp"; exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.clean; exec.jail_user = "root"; exec.system_jail_user; } amys% ping -c1 localhost PING localhost (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.046 ms --- localhost ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.046/0.046/0.046/0.000 ms amys% ping6 -c1 localhost PING6(56=40+8+8 bytes) ::1 --> ::1 16 bytes from ::1, icmp_seq=0 hlim=64 time=0.252 ms --- localhost ping6 statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.252/0.252/0.252/0.000 ms Inside this jail: bfcpp% ifconfig bge0: flags=8843 metric 0 mtu 1500 options=c019b ether 38:ea:a7:ab:61:53 inet 192.168.1.12 netmask 0xffffffff broadcast 192.168.1.12 inet6 2001:8b0:860:ddbd:3aea:a7ff:feab:7002 prefixlen 128 nd6 options=21 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 metric 0 mtu 16384 options=600003 nd6 options=21 bfcpp% ping localhost PING localhost (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.056 ms ^C --- localhost ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.056/0.056/0.056/0.000 ms bfcpp% ping6 localhost PING6(56=40+8+8 bytes) 2001:8b0:860:ddbd:3aea:a7ff:feab:7002 --> ::1 ping6: sendmsg: Can't assign requested address ping6: wrote localhost 16 chars, ret=-1 ping6: sendmsg: Can't assign requested address ping6: wrote localhost 16 chars, ret=-1 ping6: sendmsg: Can't assign requested address ping6: wrote localhost 16 chars, ret=-1 ^C --- localhost ping6 statistics --- 3 packets transmitted, 0 packets received, 100.0% packet loss As you can see, inside the jail I have a working IPv4 loopback, but not a working IPv6 loopback. Both work correctly on the host system. This is inconsistent, and it's breaking stuff which needs the v6 loopback to be functional. Is this a case of a bad default, a misconfiguration or a bug in the loopback support for jails? Thanks, Roger From owner-freebsd-jail@freebsd.org Sat Aug 27 20:26:40 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E79CDB77780 for ; Sat, 27 Aug 2016 20:26:40 +0000 (UTC) (envelope-from rleigh@codelibre.net) Received: from auth.a.painless.aa.net.uk (auth.a.painless.aa.net.uk [90.155.4.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B5EA8907 for ; Sat, 27 Aug 2016 20:26:40 +0000 (UTC) (envelope-from rleigh@codelibre.net) Received: from 7.5.2.1.f.5.e.f.f.f.c.4.4.a.2.6.d.b.d.d.0.6.8.0.0.b.8.0.1.0.0.2.ip6.arpa ([2001:8b0:860:ddbd:62a4:4cff:fe5f:1257]) by a.painless.aa.net.uk with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.77) (envelope-from ) id 1bdkBa-0002Ck-QM for freebsd-jail@freebsd.org; Sat, 27 Aug 2016 21:26:39 +0100 Subject: Re: Jails and IPv6 local loopback To: freebsd-jail@freebsd.org References: From: Roger Leigh Message-ID: Date: Sat, 27 Aug 2016 21:26:34 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Aug 2016 20:26:41 -0000 On 27/08/16 17:22, Roger Leigh wrote: > Hi list, > > I saw > https://lists.freebsd.org/pipermail/freebsd-jail/2011-March/001500.html > in the archives but didn't see anything more recent. > > This is with 10.3-RELEASE [...] And after upgrade to 11.0-RC2: bfcpp% ifconfig bge0: flags=8843 metric 0 mtu 1500 options=c019b ether 38:ea:a7:ab:61:53 inet 192.168.1.12 netmask 0xffffffff broadcast 192.168.1.12 inet6 2001:8b0:860:ddbd:3aea:a7ff:feab:7002 prefixlen 128 vhid 3 nd6 options=21 media: Ethernet autoselect (1000baseT ) status: active lo0: flags=8049 metric 0 mtu 16384 options=600003 nd6 options=21 bfcpp% ping -c1 localhost PING localhost (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.061 ms --- localhost ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.061/0.061/0.061/0.000 ms bfcpp% ping6 -c1 localhost PING6(56=40+8+8 bytes) 2001:8b0:860:ddbd:3aea:a7ff:feab:7002 --> ::1 ping6: sendmsg: Can't assign requested address ping6: wrote localhost 16 chars, ret=-1 --- localhost ping6 statistics --- 1 packets transmitted, 0 packets received, 100.0% packet loss > As you can see, inside the jail I have a working IPv4 loopback, but not > a working IPv6 loopback. Both work correctly on the host system. This > is inconsistent, and it's breaking stuff which needs the v6 loopback to > be functional. > > Is this a case of a bad default, a misconfiguration or a bug in the > loopback support for jails? Note that 11.0-RC2 shows exactly the same behaviour. Regards, Roger From owner-freebsd-jail@freebsd.org Sat Aug 27 22:05:04 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8ACA0B77117 for ; Sat, 27 Aug 2016 22:05:04 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-it0-x22d.google.com (mail-it0-x22d.google.com [IPv6:2607:f8b0:4001:c0b::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5CA50F3C for ; Sat, 27 Aug 2016 22:05:04 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-it0-x22d.google.com with SMTP id g62so46722292ith.1 for ; Sat, 27 Aug 2016 15:05:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=6Ha9ICbHMoCdqKjlY5KWEzNG4zUR3zUDKrSSjQMYsXo=; b=d4lMDtDgwTHubH9VKsbOQC5Q+X1+QEGYFiob1R17Uo/USRoDsWv1EC4zS/HP/8ojgX bOo1C3tvsuBjt44CMDTgGi8LkwflE2cum8GzvkVtOvFvAJFg9Su9YMTwg1Ai2g/MO9m+ zQmZTFXZAjU/ykIzpQJO2aPvNGgCel6Y5oN5Vf6nS+ANSAjVfzUj9fidhgJJbBYNSOQ/ yyAPQweI56qLAYMG1pXqN49Q7zLl6zRnnRQUUlAmnUoaUN9Db7AC44zHbh9/NbkEZd8k 58aFEZTRqyWceAxrgl7zEZ5ZnlJk7LmuxhSQKGtbzE7aPvxqn0tDFi0k8XhZUWyqkFsC IM6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=6Ha9ICbHMoCdqKjlY5KWEzNG4zUR3zUDKrSSjQMYsXo=; b=fDiXyuScamvgz7caQ2D1Wdr46613tDCKJKN3ZKvNXrrCCq+tLgamjlqfLxsAlN25o4 m9rWejbQrIzrIqA5ooe14MN1l3chsYCQLzxQLL8Xx/bc9la0hTBBCvxDN3ZOpVnVSgV2 ziRSBd54ai93sk+YON/ITqEf1A1IUozrLUJwSJnhMmRr9jZ7P07LAOZZ1Qp17QVxqw6C mmVwzVIafAL5Wx1mAWc/mSluApOIU/hUXQiCWFT1S/xRsdvlNUnqVRT0EU1EUG5TIuYs KWwebn4OgjUMwWBTzJGXir7VFjP2cJcceWP9AHYrwjT7oSXyaelzKBHq6LG6alGaJ1gI 54CQ== X-Gm-Message-State: AE9vXwNdEOVyE3K5eOQBYPLZuHC04JUrpsr+s3pvZtB45XxfTKjeH4D+mwzc2wIlx5zoFA== X-Received: by 10.36.104.73 with SMTP id v70mr6481347itb.12.1472335503645; Sat, 27 Aug 2016 15:05:03 -0700 (PDT) Received: from [10.0.10.3] (cpe-24-165-196-54.neo.res.rr.com. [24.165.196.54]) by smtp.googlemail.com with ESMTPSA id r200sm2221074itc.13.2016.08.27.15.05.02 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 27 Aug 2016 15:05:03 -0700 (PDT) Message-ID: <57C20EA8.3030906@gmail.com> Date: Sat, 27 Aug 2016 18:05:28 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Roger Leigh CC: freebsd-jail@freebsd.org Subject: Re: Jails and IPv6 local loopback References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Aug 2016 22:05:04 -0000 Roger Leigh wrote: > On 27/08/16 17:22, Roger Leigh wrote: >> Hi list, >> >> I saw >> https://lists.freebsd.org/pipermail/freebsd-jail/2011-March/001500.html >> in the archives but didn't see anything more recent. >> >> This is with 10.3-RELEASE > [...] > > And after upgrade to 11.0-RC2: > > bfcpp% ifconfig > bge0: flags=8843 metric 0 mtu 1500 > > options=c019b > > ether 38:ea:a7:ab:61:53 > inet 192.168.1.12 netmask 0xffffffff broadcast 192.168.1.12 > inet6 2001:8b0:860:ddbd:3aea:a7ff:feab:7002 prefixlen 128 vhid 3 > nd6 options=21 > media: Ethernet autoselect (1000baseT ) > status: active > lo0: flags=8049 metric 0 mtu 16384 > options=600003 > nd6 options=21 > bfcpp% ping -c1 localhost > PING localhost (127.0.0.1): 56 data bytes > 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.061 ms > > --- localhost ping statistics --- > 1 packets transmitted, 1 packets received, 0.0% packet loss > round-trip min/avg/max/stddev = 0.061/0.061/0.061/0.000 ms > bfcpp% ping6 -c1 localhost > PING6(56=40+8+8 bytes) 2001:8b0:860:ddbd:3aea:a7ff:feab:7002 --> ::1 > ping6: sendmsg: Can't assign requested address > ping6: wrote localhost 16 chars, ret=-1 > > --- localhost ping6 statistics --- > 1 packets transmitted, 0 packets received, 100.0% packet loss > >> As you can see, inside the jail I have a working IPv4 loopback, but not >> a working IPv6 loopback. Both work correctly on the host system. This >> is inconsistent, and it's breaking stuff which needs the v6 loopback to >> be functional. >> >> Is this a case of a bad default, a misconfiguration or a bug in the >> loopback support for jails? > > Note that 11.0-RC2 shows exactly the same behaviour. > > > Regards, > Roger You are not seeing what you think you are seeing. jail(8) is mapping the loopback interface over the jails assigned ipv4 ip address. It only seems reasonable that its doing the same thing with the ipv6 ip address. Check out this PR for more details https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210049 From owner-freebsd-jail@freebsd.org Sat Aug 27 22:26:42 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EFA32B7766C for ; Sat, 27 Aug 2016 22:26:42 +0000 (UTC) (envelope-from rleigh@codelibre.net) Received: from b.painless.aa.net.uk (b.painless.aa.net.uk [81.187.30.52]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 987D2B89 for ; Sat, 27 Aug 2016 22:26:42 +0000 (UTC) (envelope-from rleigh@codelibre.net) Received: from 7.5.2.1.f.5.e.f.f.f.c.4.4.a.2.6.d.b.d.d.0.6.8.0.0.b.8.0.1.0.0.2.ip6.arpa ([2001:8b0:860:ddbd:62a4:4cff:fe5f:1257]) by b.painless.aa.net.uk with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.77) (envelope-from ) id 1bdm3e-0007jX-Ch for freebsd-jail@freebsd.org; Sat, 27 Aug 2016 23:26:34 +0100 Subject: Re: Jails and IPv6 local loopback References: <57C20EA8.3030906@gmail.com> From: Roger Leigh To: freebsd-jail@freebsd.org Message-ID: Date: Sat, 27 Aug 2016 23:26:33 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <57C20EA8.3030906@gmail.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Aug 2016 22:26:43 -0000 On 27/08/16 23:05, Ernie Luzar wrote: > Roger Leigh wrote: >> On 27/08/16 17:22, Roger Leigh wrote: >>> Hi list, >>> >>> I saw >>> https://lists.freebsd.org/pipermail/freebsd-jail/2011-March/001500.html >>> in the archives but didn't see anything more recent. >>> >>> This is with 10.3-RELEASE >> [...] >> >> And after upgrade to 11.0-RC2: >> >> bfcpp% ifconfig >> bge0: flags=8843 metric 0 mtu >> 1500 >> >> options=c019b >> >> ether 38:ea:a7:ab:61:53 >> inet 192.168.1.12 netmask 0xffffffff broadcast 192.168.1.12 >> inet6 2001:8b0:860:ddbd:3aea:a7ff:feab:7002 prefixlen 128 vhid 3 >> nd6 options=21 >> media: Ethernet autoselect (1000baseT ) >> status: active >> lo0: flags=8049 metric 0 mtu 16384 >> options=600003 >> nd6 options=21 >> bfcpp% ping -c1 localhost >> PING localhost (127.0.0.1): 56 data bytes >> 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.061 ms >> >> --- localhost ping statistics --- >> 1 packets transmitted, 1 packets received, 0.0% packet loss >> round-trip min/avg/max/stddev = 0.061/0.061/0.061/0.000 ms >> bfcpp% ping6 -c1 localhost >> PING6(56=40+8+8 bytes) 2001:8b0:860:ddbd:3aea:a7ff:feab:7002 --> ::1 >> ping6: sendmsg: Can't assign requested address >> ping6: wrote localhost 16 chars, ret=-1 >> >> --- localhost ping6 statistics --- >> 1 packets transmitted, 0 packets received, 100.0% packet loss >> >>> As you can see, inside the jail I have a working IPv4 loopback, but not >>> a working IPv6 loopback. Both work correctly on the host system. This >>> is inconsistent, and it's breaking stuff which needs the v6 loopback to >>> be functional. >>> >>> Is this a case of a bad default, a misconfiguration or a bug in the >>> loopback support for jails? >> >> Note that 11.0-RC2 shows exactly the same behaviour. > You are not seeing what you think you are seeing. jail(8) is mapping the > loopback interface over the jails assigned ipv4 ip address. It only > seems reasonable that its doing the same thing with the ipv6 ip address. > > Check out this PR for more details > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210049 Sorry, I read that, but I'm not sure I understand. At least, I don't understand why a discrepancy between v4 and v6 would be expected or reasonable irrespective of any bugs. In my case, I haven't set anything related to the loopback interface lo0 for the jail. The host has working v4 and v6 loopback addresses. The guest has only working v4. Why not for v6? interface = "bge0"; ip4.addr = "192.168.1.12"; ip6.addr = "2001:8b0:860:ddbd:3aea:a7ff:feab:7002"; allow.raw_sockets = "1"; is the extent of the configuration. I specify both v4 and v6 addresses on bge0. I don't specify anything loopback-related, so why is it mapping v4 and not v6? The discrepancy seems a little odd. Is there a solution to the problem at present? What would the recommended configuration in jail.conf be for obtaining working v4 and v6 addresses on the loopback interface inside the jail? Thanks, Roger From owner-freebsd-jail@freebsd.org Sat Aug 27 23:26:05 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DA3DFB776F1 for ; Sat, 27 Aug 2016 23:26:05 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-it0-x233.google.com (mail-it0-x233.google.com [IPv6:2607:f8b0:4001:c0b::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 90E2CAE6 for ; Sat, 27 Aug 2016 23:26:05 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-it0-x233.google.com with SMTP id x131so50969458ite.0 for ; Sat, 27 Aug 2016 16:26:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=IqAJaIVNceW5L6k+nfDLiHuGpvVz9axE0zGsf5r82Ow=; b=GRlqaVVG5emrlEz1C7nKI5/xDsOXuWtJIXQnOGwgY9943FhB2MDZ2Bdlow9pWAVHOk 9a9g2Je2zc7RiSpqYR4wAhdo6AYIt4Xn2C/CM9byviYdE1mWcIRc95Ig0O3Kl7oL30A9 lkvoPMiFYzxPW1WA1J31E4x2YXFyrrm2Q3FZwBUbnpNPxwXRw6hb1jxx3OV8btVgEGDJ zgQYYPjfKaV2y38v3PE1dHMfbnTKIMRxUIaACDT31EIR8uF0rE4PfN/tMgn5i3GeOq9e iUaa8EvV9WyqlydXKbUEsewDULpXDvf0E8w6/mPZMt8QRtjjgylc6WX5CaEbamEk6sOu NVbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=IqAJaIVNceW5L6k+nfDLiHuGpvVz9axE0zGsf5r82Ow=; b=CTSB35SjvEkFb+TxHDOh3RP7En+yRNnQgYS5MLbgNRWME33GSu0bJuLv1XxOrFeKdn SeH6UbqHWHCZLmMtru+voZZZ04xdxd88PL9U7TRM5gRZOv75LExgto2AQ4szX+3Q4Ilr xE4xYkyky0oU1mmxto5kzgv1fzBZ9wbNbewuu1KYIfOWguGMyqxQOSX8PWtUceN2i068 wxecu6KsfVXjdtq81lr52O7mkGGQt+WUkAIjus3WJzC067+YUE2/7AIr5qcPs5d/T3kq egLaCmSedqhfl4r09472vfueHA2XcrsKplz7V+9Ik8wMYP78eDLp5hSF86lUIs4vVNQz EAtQ== X-Gm-Message-State: AE9vXwMpNaE0bKTu61sLGqryPE0x0bM6u952jmmQiHNkbC/tGEu3s8baUjbqzv1nnBMt/w== X-Received: by 10.36.88.83 with SMTP id f80mr6835958itb.36.1472340364911; Sat, 27 Aug 2016 16:26:04 -0700 (PDT) Received: from [10.0.10.3] (cpe-24-165-196-54.neo.res.rr.com. [24.165.196.54]) by smtp.googlemail.com with ESMTPSA id r188sm2359900ith.7.2016.08.27.16.26.04 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 27 Aug 2016 16:26:04 -0700 (PDT) Message-ID: <57C221AA.3070404@gmail.com> Date: Sat, 27 Aug 2016 19:26:34 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Roger Leigh CC: freebsd-jail@freebsd.org Subject: Re: Jails and IPv6 local loopback References: <57C20EA8.3030906@gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Aug 2016 23:26:06 -0000 Roger Leigh wrote: > On 27/08/16 23:05, Ernie Luzar wrote: >> Roger Leigh wrote: >>> On 27/08/16 17:22, Roger Leigh wrote: >>>> Hi list, >>>> >>>> I saw >>>> https://lists.freebsd.org/pipermail/freebsd-jail/2011-March/001500.html >>>> in the archives but didn't see anything more recent. >>>> >>>> This is with 10.3-RELEASE >>> [...] >>> >>> And after upgrade to 11.0-RC2: >>> >>> bfcpp% ifconfig >>> bge0: flags=8843 metric 0 mtu >>> 1500 >>> >>> options=c019b >>> >>> >>> ether 38:ea:a7:ab:61:53 >>> inet 192.168.1.12 netmask 0xffffffff broadcast 192.168.1.12 >>> inet6 2001:8b0:860:ddbd:3aea:a7ff:feab:7002 prefixlen 128 vhid 3 >>> nd6 options=21 >>> media: Ethernet autoselect (1000baseT ) >>> status: active >>> lo0: flags=8049 metric 0 mtu 16384 >>> options=600003 >>> nd6 options=21 >>> bfcpp% ping -c1 localhost >>> PING localhost (127.0.0.1): 56 data bytes >>> 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.061 ms >>> >>> --- localhost ping statistics --- >>> 1 packets transmitted, 1 packets received, 0.0% packet loss >>> round-trip min/avg/max/stddev = 0.061/0.061/0.061/0.000 ms >>> bfcpp% ping6 -c1 localhost >>> PING6(56=40+8+8 bytes) 2001:8b0:860:ddbd:3aea:a7ff:feab:7002 --> ::1 >>> ping6: sendmsg: Can't assign requested address >>> ping6: wrote localhost 16 chars, ret=-1 >>> >>> --- localhost ping6 statistics --- >>> 1 packets transmitted, 0 packets received, 100.0% packet loss >>> >>>> As you can see, inside the jail I have a working IPv4 loopback, but not >>>> a working IPv6 loopback. Both work correctly on the host system. This >>>> is inconsistent, and it's breaking stuff which needs the v6 loopback to >>>> be functional. >>>> >>>> Is this a case of a bad default, a misconfiguration or a bug in the >>>> loopback support for jails? >>> >>> Note that 11.0-RC2 shows exactly the same behaviour. > >> You are not seeing what you think you are seeing. jail(8) is mapping the >> loopback interface over the jails assigned ipv4 ip address. It only >> seems reasonable that its doing the same thing with the ipv6 ip address. >> >> Check out this PR for more details >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210049 > > Sorry, I read that, but I'm not sure I understand. At least, I don't > understand why a discrepancy between v4 and v6 would be expected or > reasonable irrespective of any bugs. > > In my case, I haven't set anything related to the loopback interface lo0 > for the jail. The host has working v4 and v6 loopback addresses. The > guest has only working v4. Why not for v6? > > interface = "bge0"; > ip4.addr = "192.168.1.12"; > ip6.addr = "2001:8b0:860:ddbd:3aea:a7ff:feab:7002"; > allow.raw_sockets = "1"; > > is the extent of the configuration. I specify both v4 and v6 addresses > on bge0. I don't specify anything loopback-related, so why is it > mapping v4 and not v6? The discrepancy seems a little odd. > > Is there a solution to the problem at present? What would the > recommended configuration in jail.conf be for obtaining working v4 and > v6 addresses on the loopback interface inside the jail? > Previously you posted this as your jail.conf bfcpp { host.hostname = "bfcpp.codelibre.net"; interface = "bge0"; ip4.addr = "192.168.1.12"; ip6.addr = "2001:8b0:860:ddbd:3aea:a7ff:feab:7002"; allow.raw_sockets = "1"; path = "/jail/bfcpp"; mount.devfs; mount.fdescfs; mount.procfs; mount.fstab="/etc/fstab.bfcpp"; exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.clean; exec.jail_user = "root"; exec.system_jail_user; } I see no reason for these mount.fdescfs; mount.procfs; exec.clean; exec.jail_user = "root"; exec.system_jail_user; not the cause of your problem, just not needed. Your assuming that ping6 is broken just because its having a problem with localhost. Try ping6 against some other box on the lan using it's ipv6 ip address. You need to define the hosts ipv6 ip address to localhost in the hosts /etc/hosts file. You may also have to define the jails ipv6 ip address to localhost in the jails /etc/hosts file.