From owner-freebsd-jail@freebsd.org Sun Jul 12 16:53:41 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A06E336929D for ; Sun, 12 Jul 2020 16:53:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4B4Xsx3m6Jz3Wjd for ; Sun, 12 Jul 2020 16:53:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 8103A369385; Sun, 12 Jul 2020 16:53:41 +0000 (UTC) Delivered-To: jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 80CCD369402 for ; Sun, 12 Jul 2020 16:53:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B4Xsx2qnwz3Wqs for ; Sun, 12 Jul 2020 16:53:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 44AB827569 for ; Sun, 12 Jul 2020 16:53:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 06CGrfcH092016 for ; Sun, 12 Jul 2020 16:53:41 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 06CGrf0k092015 for jail@FreeBSD.org; Sun, 12 Jul 2020 16:53:41 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 155765] [patch] 'buildworld' does not honors WITHOUT_JAIL Date: Sun, 12 Jul 2020 16:53:41 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: Unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: short_desc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jul 2020 16:53:41 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D155765 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|[patch] `buildworld' does |[patch] 'buildworld' does |not honors WITHOUT_JAIL |not honors WITHOUT_JAIL --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-jail@freebsd.org Sun Jul 12 16:54:17 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 99F2136940F for ; Sun, 12 Jul 2020 16:54:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4B4Xtd3gz2z3WX5 for ; Sun, 12 Jul 2020 16:54:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 7E527369241; Sun, 12 Jul 2020 16:54:17 +0000 (UTC) Delivered-To: jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7E1D6369503 for ; Sun, 12 Jul 2020 16:54:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B4Xtd2q8cz3WZc for ; Sun, 12 Jul 2020 16:54:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 444BB278A6 for ; Sun, 12 Jul 2020 16:54:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 06CGsHol092492 for ; Sun, 12 Jul 2020 16:54:17 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 06CGsHCi092491 for jail@FreeBSD.org; Sun, 12 Jul 2020 16:54:17 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 155765] [patch] 'buildworld' does not honors WITHOUT_JAIL Date: Sun, 12 Jul 2020 16:54:17 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: Unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: attachments.filename attachments.description Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jul 2020 16:54:17 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D155765 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #114127|file.txt |jail.patch filename| | Attachment #114127|file.txt |jail.patch description| | --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-jail@freebsd.org Mon Jul 13 03:49:38 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B8322357A96 for ; Mon, 13 Jul 2020 03:49:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4B4qQp4Ww0z4MnP for ; Mon, 13 Jul 2020 03:49:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 997AA357778; Mon, 13 Jul 2020 03:49:38 +0000 (UTC) Delivered-To: jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9942A357B07 for ; Mon, 13 Jul 2020 03:49:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B4qQp3bWpz4Mkr for ; Mon, 13 Jul 2020 03:49:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5ABEEF5E3 for ; Mon, 13 Jul 2020 03:49:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 06D3ncJv001462 for ; Mon, 13 Jul 2020 03:49:38 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 06D3ncRv001461 for jail@FreeBSD.org; Mon, 13 Jul 2020 03:49:38 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 155765] [patch] 'buildworld' does not honors WITHOUT_JAIL Date: Mon, 13 Jul 2020 03:49:38 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: Unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kevans@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: kevans@freebsd.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jul 2020 03:49:38 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D155765 Kyle Evans changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jail@FreeBSD.org, | |kevans@freebsd.org Assignee|jail@FreeBSD.org |kevans@freebsd.org --- Comment #3 from Kyle Evans --- Oh, cool; I just noticed this the other day and had started assessing the feasibility of WITHOUT_JAIL removing libjail. I think we've evolved a couple more dependants, but I'll look at excising/fixing those -- the only thing blocking me before was uncertainty about what all ifconfig needed it for. --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.= From owner-freebsd-jail@freebsd.org Wed Jul 15 03:58:53 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7F1873588E3 for ; Wed, 15 Jul 2020 03:58:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4B63XY2Wyyz4YjR for ; Wed, 15 Jul 2020 03:58:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 4AA73358B0F; Wed, 15 Jul 2020 03:58:53 +0000 (UTC) Delivered-To: jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 495083586E3 for ; Wed, 15 Jul 2020 03:58:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B63XY17ljz4YXR for ; Wed, 15 Jul 2020 03:58:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id F357E10EF3 for ; Wed, 15 Jul 2020 03:58:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 06F3wqBe022526 for ; Wed, 15 Jul 2020 03:58:52 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 06F3wqdZ022514 for jail@FreeBSD.org; Wed, 15 Jul 2020 03:58:52 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 240106] VNET issue with ARP and routing sockets in jails Date: Wed, 15 Jul 2020 03:58:53 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: freqlabs@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jul 2020 03:58:53 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240106 Ryan Moeller changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |freqlabs@FreeBSD.org Status|New |Open --- Comment #4 from Ryan Moeller --- When I followed the reproduction steps described in the linked threads with= a debug kernel I hit the following assert: panic: m_dup: bogus m_pkthdr.len cpuid =3D 1 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe2eca39= e700 vpanic() at vpanic+0x177/frame 0xfffffe2eca39e760 doadump() at doadump/frame 0xfffffe2eca39e7e0 m_dup() at m_dup+0x376/frame 0xfffffe2eca39e860 bridge_broadcast() at bridge_broadcast+0x1bf/frame 0xfffffe2eca39e8c0 bridge_forward() at bridge_forward+0x222/frame 0xfffffe2eca39e920 bridge_input() at bridge_input+0x3d5/frame 0xfffffe2eca39e990 ether_nh_input() at ether_nh_input+0x2a6/frame 0xfffffe2eca39e9e0 netisr_dispatch_src() at netisr_dispatch_src+0xa2/frame 0xfffffe2eca39ea40 ether_input() at ether_input+0x8f/frame 0xfffffe2eca39ea80 epair_nh_sintr() at epair_nh_sintr+0x1a/frame 0xfffffe2eca39eaa0 swi_net() at swi_net+0x1b9/frame 0xfffffe2eca39eb20 intr_event_execute_handlers() at intr_event_execute_handlers+0x99/frame 0xfffffe2eca39eb60 ithread_loop() at ithread_loop+0xb7/frame 0xfffffe2eca39ebb0 fork_exit() at fork_exit+0x84/frame 0xfffffe2eca39ebf0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe2eca39ebf0 =E2=80=94 trap 0, rip =3D 0, rsp =3D 0, rbp =3D 0 =E2=80=94 The offending KASSERT is still there: /* Check correct total mbuf length */ KASSERT((remain > 0 && m !=3D NULL) || (remain =3D=3D 0 && = m =3D=3D NULL), ("%s: bogus m_pkthdr.len", __func__)); --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-jail@freebsd.org Wed Jul 15 14:23:29 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DFFBE367911 for ; Wed, 15 Jul 2020 14:23:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4B6KPD3TTyz427X for ; Wed, 15 Jul 2020 14:23:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 087F1367910; Wed, 15 Jul 2020 14:23:28 +0000 (UTC) Delivered-To: jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 08120367A03 for ; Wed, 15 Jul 2020 14:23:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B6KPC26yjz42L5 for ; Wed, 15 Jul 2020 14:23:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 93B6618657 for ; Wed, 15 Jul 2020 14:23:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 06FENQJR079798 for ; Wed, 15 Jul 2020 14:23:26 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 06FENQ9G079797 for jail@FreeBSD.org; Wed, 15 Jul 2020 14:23:26 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 240106] VNET issue with ARP and routing sockets in jails Date: Wed, 15 Jul 2020 14:23:25 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: markj@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jul 2020 14:23:29 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240106 Mark Johnston changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |markj@FreeBSD.org --- Comment #5 from Mark Johnston --- (In reply to Ryan Moeller from comment #4) I haven't been able to reproduce this. Did you do so on -CURRENT? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-jail@freebsd.org Wed Jul 15 16:03:10 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1D60336A36C for ; Wed, 15 Jul 2020 16:03:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4B6McF72QLz44D4 for ; Wed, 15 Jul 2020 16:03:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id EF36336A2C2; Wed, 15 Jul 2020 16:03:09 +0000 (UTC) Delivered-To: jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EEFDC36A210 for ; Wed, 15 Jul 2020 16:03:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B6McF63n4z449W for ; Wed, 15 Jul 2020 16:03:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B37FE199D5 for ; Wed, 15 Jul 2020 16:03:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 06FG39Ai007864 for ; Wed, 15 Jul 2020 16:03:09 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 06FG3922007854 for jail@FreeBSD.org; Wed, 15 Jul 2020 16:03:09 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 240106] VNET issue with ARP and routing sockets in jails Date: Wed, 15 Jul 2020 16:03:09 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: freqlabs@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jul 2020 16:03:10 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240106 --- Comment #6 from Ryan Moeller --- (In reply to Mark Johnston from comment #5) This stack was from approximately stable/11 a few months ago. I just tried on -CURRENT and the ARP reply does make it back and there is no panic (tested in a jail with epair on a bridge). I will check stable/12 and stable/11 again, and 12.1-Rel to be sure. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-jail@freebsd.org Fri Jul 17 02:01:08 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 63A7F373E72 for ; Fri, 17 Jul 2020 02:01:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4B7Dqm26Xqz4Mwf for ; Fri, 17 Jul 2020 02:01:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 4890F373FEB; Fri, 17 Jul 2020 02:01:08 +0000 (UTC) Delivered-To: jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 48554374119 for ; Fri, 17 Jul 2020 02:01:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B7Dqm1GJ8z4Mwd for ; Fri, 17 Jul 2020 02:01:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 100FC11BC7 for ; Fri, 17 Jul 2020 02:01:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 06H2179A098952 for ; Fri, 17 Jul 2020 02:01:07 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 06H217IZ098951 for jail@FreeBSD.org; Fri, 17 Jul 2020 02:01:07 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 248029] Allow ability to use socket option SO_REUSEPORT_LB in jail Date: Fri, 17 Jul 2020 02:01:07 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to short_desc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jul 2020 02:01:08 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D248029 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |jail@FreeBSD.org Summary|Ability to use socket |Allow ability to use socket |option SO_REUSEPORT_LB in |option SO_REUSEPORT_LB in |jail |jail --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-jail@freebsd.org Fri Jul 17 08:06:47 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1068735C618 for ; Fri, 17 Jul 2020 08:06:47 +0000 (UTC) (envelope-from noreply@mailinglist.nccrent.com) Received: from mailinglist.nccrent.com (mailinglist.nccrent.com [77.32.154.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4B7Nxd71dsz3TJ8 for ; Fri, 17 Jul 2020 08:06:45 +0000 (UTC) (envelope-from noreply@mailinglist.nccrent.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailinglist.nccrent.com; q=dns/txt; s=mail; bh=IxORWM6CECYzR/qB2k+VM4JM3p44whbCuoO5OKX/KK8=; h=from:reply-to:subject:date:mime-version:content-type:list-id:list-unsubscribe:x-csa-complaints:list-unsubscribe-post; b=hq3tw8chb5+qSziI2k+jPjnToMT5/StJQZslkZZU2FiRY4DpkeZV9TAZ6AjGjUsqaAewRNBtpIAV HQC6Fyx5S26fBugxdDugzTkQtvcQu/IpwEjsahKLPS8BA10OWYVlqNpXf1cczk/eL9dPVO03Opk2 JsGH2ElsgRjDoalI95s= To: Subject: NCC RENT - Noleggio con conducente / Chauffeur services Date: Fri, 17 Jul 2020 08:04:30 +0000 Feedback-ID: 77.32.154.111:1731011_40:1731011:Sendinblue From: NCC Rent SaS List-Unsubscribe-Post: List-Unsubscribe=One-Click MIME-Version: 1.0 Message-Id: <202017070804.mv9y1l5sqtdjj@mailinglist.nccrent.com> Precedence: bulk Reply-To: booking@nccrent.com X-Csa-Complaints: whitelist-complaints@eco.de X-Mailer: Sendinblue X-Mailin-Campaign: 40 X-Mailin-Client: 1731011 X-sib-id: fIF2AVC58YT2hyoZNUATblQ2yNpZzRLXH2gZHsro33aBo5Ryie2AY_EMSytNnv8C109Kih5ke1LYIY0wR1m97ZW56hGOqSgTg8HdjuSW1pYHzvMX9JKdDwXHOXHf94OhT9HsFgpZi9zL_go-polr76oNTnI7AI_5cWPU_Exx7u-Diw X-Rspamd-Queue-Id: 4B7Nxd71dsz3TJ8 X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=mailinglist.nccrent.com header.s=mail header.b=hq3tw8ch; dmarc=none; spf=pass (mx1.freebsd.org: domain of noreply@mailinglist.nccrent.com designates 77.32.154.111 as permitted sender) smtp.mailfrom=noreply@mailinglist.nccrent.com X-Spamd-Result: default: False [2.47 / 15.00]; HAS_REPLYTO(0.00)[booking@nccrent.com]; XM_UA_NO_VERSION(0.01)[]; R_SPF_ALLOW(-0.20)[+ip4:77.32.128.0/18:c]; REPLYTO_ADDR_EQ_FROM(0.00)[]; TO_DN_NONE(0.00)[]; URI_COUNT_ODD(1.00)[13]; DKIM_TRACE(0.00)[mailinglist.nccrent.com:+]; FORGED_SENDER(0.30)[booking@nccrent.com,noreply@mailinglist.nccrent.com]; RCVD_COUNT_ZERO(0.00)[0]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:200484, ipnet:77.32.152.0/22, country:FR]; FROM_NEQ_ENVFROM(0.00)[booking@nccrent.com,noreply@mailinglist.nccrent.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.80)[-0.799]; R_DKIM_ALLOW(-0.20)[mailinglist.nccrent.com:s=mail]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; PRECEDENCE_BULK(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; HTML_SHORT_LINK_IMG_2(1.00)[]; DMARC_NA(0.00)[nccrent.com]; HAS_LIST_UNSUB(-0.01)[]; RCPT_COUNT_ONE(0.00)[1]; MANY_INVISIBLE_PARTS(1.00)[10]; NEURAL_SPAM_SHORT(0.28)[0.275]; NEURAL_SPAM_LONG(0.19)[0.191] Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jul 2020 08:06:47 -0000 [DEFAULT_HEADER][ ]( # ) [ ]( # ) =C2=A0 =C2=A0 [ ]( # ) Non rischiare prendendo i mezzi pubblici per i tuoi spostamen= ti Pensate ai servizi NCC (Noleggio con Conducente) per la vostra sicurezza in= dividuale. Disponibilita' 24/7 Parete divisoria autista/cliente, sanificazione veicoli Registrati, prenota online in 2 minuti o contattaci via chat/email. Tariffe fisse da/per aeroporti. PIU' DI 200 DESTINAZIONI SERVITE* Don't risk by taking public transportation for your travels Think of=C2=A0chauffeur services for your individual safety. Availability 2= 4/7 Driver/customer wall divider, vehicle sanitation Register, book online in 2 minutes or contact us via chat/email Fixed fares from/to airports. MORE THAN 200 DESTINATIONS SERVED* =C2=A0 [ ]( # ) =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 [ ]( # ) =C2=A0 =C2=A0 =C2=A0 [ ]( # ) =C2=A0 [ Prenota online/Book now ]( http://r.mailinglist.ncc= rent.com/mk/cl/f/5_sO75mavaY0CxuiSxoPgRWKi_hSJyNIH0Lj8qlQG7Z0rMQ-5YzeGlSWvg= UGwkSeJxYA0EWZ7ZeZRLSZRgXx3JnaTc8qQ6iZNAuYmzLZT4TjxfiuLWftOC_xScAzzZSlDd6eD= dM5Np4pMqbvaUt1xvjod2R8mPYMJukLFGhZSgHdx5BFK-akxykCd8LOfNw3txsI ) =C2= =A0 [ ]( # ) =C2=A0 NCC Rent Sas Noleggio con conducente Chauffeur Services Email: booking@nccrent.com [ ]( http://r.mailinglist.nccrent.com/mk/cl/f/04JQPjecZZ64275grJjSgYa_5RLv= XeQS5abYtWHMlhlos7qSvE9qR9eYc-hk03IeOvwUWwoZjaovIuLMGCuy7sz5KG0IiM_kaiE1SYh= HAn0swxXTcVAkacLNfm3iShbFQqHCA0A8Ja_4FkWQpezeAVYCxokfYTtvr22rGR0HQbbl23UvaM= jW1BvX ) [ ]( http://r.mailinglist.nccrent.com/mk/cl/f/WImJpEWIHcdtDKx6dRbnQ8YFhENz= XDrfvdOscGn_19CD5WsX4ksGdju9iGALwDl5rANWsZpEQvUKikbaE2xo6IGr0YHgrOmXlEJpf3w= zvv8UX9XfGpPyhJJzz_lxEGRGU6X-4Zm44lFJSVrqY8YPNyo9QNmSHSFr-2OmuFOg9sRaRk_gnG= l8qn5OW6JjRoX12ohjEfT6rvZZcg ) [ ]( http://r.mailinglist.nccrent.com/mk/cl/f/cqSr_6ITWvWtBQRVslDRPePLhTqO= WK8CaLYr7R6XXxmTY_3cA3Uh8KKo4X76tp5L5rdBuV-fQz4gAKgxp6LM7lKRVTHmYO25q2cv8PU= zyK-QxKEHhoQuvYwvtWGgjgrtiQ_lhzxMFVQa1-bBYSLmd8gVIOIsrEqRRG6Va5vIgMf2l1VQlE= nOpQ ) =C2=A0 [ ]( # ) =C2=A0 =C2=A9 2020 Ncc Rent SaS =C2=A0 [ ]( # ) =C2=A0 *Nessun addebito alla prenotazione. Addebito=C2=A0 2 ore prima del servizio= /No charge at time of booking. CC charge 2 hrs prior transfer service. = =C2=A0 [ ]( # ) =C2=A0 Questa email =C3=A8 stata inviata a freebsd-jail@freebsd.org =C2=A0 [ Cancellati qui ]( http://r.mailinglist.nccrent.com/mk/un/dzL5yj6oglWCW34m= Bte123bB-PB58cxtmcG96ud4IC6Jba_OXYWUXMljJZ5ufbiwBb4I1SbFSmpw_UvijIT4IlWP3sD= RsqpiKFYXb0O8PYtd5jpsTVtl1P3gLEupzmJ3hnZ0qPf25ldQ-LSB81mQYjrl ) =C2=A0 [ ]( http://r.mailinglist.nccrent.com/mk/cl/f/59-pwFC0KgfxnBW_k_u1uQKCyB_x= orlsCOUFQr0khdw8Vv7xcanx2oXeyGcW1X0TCKDDnOOZqmcdeFg2X3Tg0HPOgJx-_Cz3ArHDVvO= qM9ejj1jePNUm8laHpDDbzPd3E1hFS8QmM5afenYPcgjc_R73fMAQ3gPGRL2LvlT-7oKRSQIyYE= j6IJBDgfQS6n5yUpPciE3yDCYL7LLdCaItpYQV_ytcaz3Dcod7znpilY5jWkAX8batBmD0pp-7w= TbybpzEpIkE_t7yTkRgBwytVGpvAS8ufz4feTp4MDtadfDF ) =C2=A0 From owner-freebsd-jail@freebsd.org Fri Jul 17 08:09:09 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A130E35CAEA for ; Fri, 17 Jul 2020 08:09:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4B7P0P3rD8z3TVB for ; Fri, 17 Jul 2020 08:09:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 820DF35CAE8; Fri, 17 Jul 2020 08:09:09 +0000 (UTC) Delivered-To: jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 81CEC35CD84 for ; Fri, 17 Jul 2020 08:09:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B7P0P2sBGz3TdH for ; Fri, 17 Jul 2020 08:09:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 414B2161F4 for ; Fri, 17 Jul 2020 08:09:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 06H899Q2003319 for ; Fri, 17 Jul 2020 08:09:09 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 06H899r0003318 for jail@FreeBSD.org; Fri, 17 Jul 2020 08:09:09 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 248029] Allow ability to use socket option SO_REUSEPORT_LB in jail Date: Fri, 17 Jul 2020 08:09:09 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jul 2020 08:09:09 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D248029 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ae@FreeBSD.org --- Comment #1 from Andrey V. Elsukov --- Can you explain the reason you want this feature? It seems to me that this was explicitly disallowed for security reason. E.g. You have host that provides jails and some load-balanced service, and jailed user can not run some bad service to join to load-balanced service. = With your patch this seems possible. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-jail@freebsd.org Fri Jul 17 08:25:36 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F3C4E35D412 for ; Fri, 17 Jul 2020 08:25:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4B7PMN6FXzz3V8t for ; Fri, 17 Jul 2020 08:25:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id D4BF235D1BF; Fri, 17 Jul 2020 08:25:36 +0000 (UTC) Delivered-To: jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D36A735D49D for ; Fri, 17 Jul 2020 08:25:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B7PMN58h5z3VKn for ; Fri, 17 Jul 2020 08:25:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9033C1677D for ; Fri, 17 Jul 2020 08:25:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 06H8PaSN021476 for ; Fri, 17 Jul 2020 08:25:36 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 06H8PaND021475 for jail@FreeBSD.org; Fri, 17 Jul 2020 08:25:36 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 248029] Allow ability to use socket option SO_REUSEPORT_LB in jail Date: Fri, 17 Jul 2020 08:25:36 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: dmitry.wagin@ya.ru X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jul 2020 08:25:37 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D248029 --- Comment #2 from Dmitry Wagin --- (In reply to Andrey V. Elsukov from comment #1) without this it is impossible: * running load-balanced service in single jail * running load-balanced service in multiple jails plus tasks to minimize downtime during upgrades services running in jail --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-jail@freebsd.org Fri Jul 17 11:04:59 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3E72E361245 for ; Fri, 17 Jul 2020 11:04:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4B7SvH0yhSz3fWL for ; Fri, 17 Jul 2020 11:04:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 210F636105E; Fri, 17 Jul 2020 11:04:59 +0000 (UTC) Delivered-To: jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 20D7C3613E6 for ; Fri, 17 Jul 2020 11:04:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B7SvH06kYz3fSt for ; Fri, 17 Jul 2020 11:04:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DD1311847B for ; Fri, 17 Jul 2020 11:04:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 06HB4wLS096304 for ; Fri, 17 Jul 2020 11:04:58 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 06HB4wug096303 for jail@FreeBSD.org; Fri, 17 Jul 2020 11:04:58 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 248029] Allow ability to use socket option SO_REUSEPORT_LB in jail Date: Fri, 17 Jul 2020 11:04:59 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: dmitry.wagin@ya.ru X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jul 2020 11:04:59 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D248029 --- Comment #3 from Dmitry Wagin --- (In reply to Andrey V. Elsukov from comment #1) > E.g. You have host that provides jails and some load-balanced service, and > jailed user can not run some bad service to join to load-balanced service. > With your patch this seems possible. VNET should solve this problem? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-jail@freebsd.org Fri Jul 17 12:46:10 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 132793644BB; Fri, 17 Jul 2020 12:46:10 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-qk1-x741.google.com (mail-qk1-x741.google.com [IPv6:2607:f8b0:4864:20::741]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B7W814CgXz41wV; Fri, 17 Jul 2020 12:46:09 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-qk1-x741.google.com with SMTP id b185so8583415qkg.1; Fri, 17 Jul 2020 05:46:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-transfer-encoding; bh=gPA+tKFYP2hBRc6WnYLOWfhCRggyBeoS6G5xnJ73gF0=; b=MvZp6VGJM44reysiUfEovSIq3YuS366BP61AHkA/uOpxthSpZ0d1lNZ9YUsTw8rwXH 6YoiW7z7SVOl+64iXFWEWQirofHuKFr1qI9+PT4yf8IwlOlkxMrPQijraSq7T+VcT7bR 3tiZagT/Xj7DcDAgGeqZB65d7MT/G+WuANKPk85NbM+Bxi+t2IDl5x+5L9nRL8yZrtBm 3nrhymbq56SCFt0xzEh6rGMIZNtl+kk60uD2E5bgTcgBtI6BIPrTL3TQwr1HB6OSo+f2 n2DqufmAgLsOK4oTo1ZQet0GG1R7ys2odhPLDNq0fEXR8jHv+3IEKKRcGva8fY0Dolot npkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-transfer-encoding; bh=gPA+tKFYP2hBRc6WnYLOWfhCRggyBeoS6G5xnJ73gF0=; b=AUjpa7FJEr12G0HTLm7yWXuXd6wSarVDGv7IwqOvqPeOuqEua2QOj9kztn2KYHrBRf yrREIN7K97o+gpK8DfUks/rptV9uj2gk5A/EZvsFr0CIWWifo71nkZAapusTK8fJIN1m Q0ne5+pDQr6TtSpa0zylRLUv3THvzw91Sx8057jypvVaPeUuCWbTbsTJZnD16lIIcXKz pYmLej0V6CppuQJe35Yg27QRUn2nIBWMS01UPPNHHgtxXct28MdRA+1CCXkfcFm8WDMf kHtlKbvmA9M7WuGIJpKc6UUjHFARsZFZj/EzyWZ+A5WJ6nIRS1fqFOc+eJvx/OrO7ddV SHLQ== X-Gm-Message-State: AOAM532HQN34l6QUtvHEQWjsCPvf+4G3hI3BPOdv6SwN0b4zboTnNX/D XITcucgB7tzlKZQG0b/j5rDQBExp X-Google-Smtp-Source: ABdhPJwm8hhsxClwrNC3fJDSWgEe3IOrdT2HyfcajyHUj8FTYQ40OdjPxX4fuo6OKbBiTk/+pJqCfw== X-Received: by 2002:a37:345:: with SMTP id 66mr8218543qkd.272.1594989968559; Fri, 17 Jul 2020 05:46:08 -0700 (PDT) Received: from [10.0.10.8] (cpe-65-25-51-0.neo.res.rr.com. [65.25.51.0]) by smtp.googlemail.com with ESMTPSA id f54sm12160030qte.76.2020.07.17.05.46.07 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 17 Jul 2020 05:46:08 -0700 (PDT) Message-ID: <5F119D8F.7030407@gmail.com> Date: Fri, 17 Jul 2020 08:46:07 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: "freebsd-questions@freebsd.org" , "freebsd-jail@freebsd.org" , David Mehler , Ernie Luzar Subject: vnet jail for local only or public access References: <5EFCD605.4000409@gmail.com> <5EFD095F.4040507@gmail.com> <5F0119F3.40806@gmail.com> <5F049E65.8000701@gmail.com> <5F0DEE4A.6080600@gmail.com> <5F0F00EB.5010403@gmail.com> <5F0F0FBC.9020200@gmail.com> <5F0F152C.3040908@gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4B7W814CgXz41wV X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=MvZp6VGJ; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of luzar722@gmail.com designates 2607:f8b0:4864:20::741 as permitted sender) smtp.mailfrom=luzar722@gmail.com X-Spamd-Result: default: False [-2.94 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.00)[-0.000]; FREEMAIL_TO(0.00)[freebsd.org,gmail.com]; RECEIVED_SPAMHAUS_PBL(0.00)[65.25.51.0:received]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.978]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-0.97)[-0.965]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::741:from]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jul 2020 12:46:10 -0000 Trying to figure out how to configure a vnet jail so it is restricted to only being able to talk to other vnet jails on the same host IE: local only vnet jails. As different to being able to access the public internet type of vnet jails. Using the bridge/epair method of connecting vnet jails to the host. [ based on this how-to ] https://forums.freebsd.org/threads/vnet-jail-with-public-internet-access-using-the-bridge-epair-method.76071/ It's my understanding that this behavior is controlled by if the hosts interface connected to the public internet is added as a member to the bridge the vnet jails epairXa interfaces were members of. I tested this on a remote vm and found that it made no difference one way or the other if the hosts interface connected to the public internet was added as a member to the bridge or not. In both cases the vnet jail had public internet access. On my home server I set up this scenario and observed the same behavior. This behavior raises some questions. Is it technically possible to segregate vnet jails into groups of vnet jails that are restricted to local host only access and another group that has public access? If so what is the mechanism that controls this ability? If I wanted both local only and public vnet jails on the same host I would think each group would need its own bridge. Where do we go from there? Is my understanding correct and this is a bug in if_bridge? From owner-freebsd-jail@freebsd.org Fri Jul 17 13:23:16 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C2B7C36550E; Fri, 17 Jul 2020 13:23:16 +0000 (UTC) (envelope-from Alexander@leidinger.net) Received: from mailgate.Leidinger.net (mailgate.leidinger.net [IPv6:2a00:1828:2000:313::1:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4B7Wyq1H0lz4459; Fri, 17 Jul 2020 13:23:14 +0000 (UTC) (envelope-from Alexander@leidinger.net) Received: from outgoing.leidinger.net (p5b165597.dip0.t-ipconnect.de [91.22.85.151]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (Client did not present a certificate) by mailgate.Leidinger.net (Postfix) with ESMTPSA id 3EE7215C1; Fri, 17 Jul 2020 15:23:05 +0200 (CEST) Received: from webmail.leidinger.net (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (Client did not present a certificate) by outgoing.leidinger.net (Postfix) with ESMTPS id 4463B1555; Fri, 17 Jul 2020 15:22:44 +0200 (CEST) Date: Fri, 17 Jul 2020 15:22:43 +0200 Message-ID: <20200717152243.Horde.9H9QDqj9GtGFk_mayhRBsvs@webmail.leidinger.net> From: Alexander Leidinger To: Ernie Luzar Cc: freebsd-questions@freebsd.org, freebsd-jail@freebsd.org, David Mehler Subject: Re: vnet jail for local only or public access References: <5EFCD605.4000409@gmail.com> <5EFD095F.4040507@gmail.com> <5F0119F3.40806@gmail.com> <5F049E65.8000701@gmail.com> <5F0DEE4A.6080600@gmail.com> <5F0F00EB.5010403@gmail.com> <5F0F0FBC.9020200@gmail.com> <5F0F152C.3040908@gmail.com> <5F119D8F.7030407@gmail.com> In-Reply-To: <5F119D8F.7030407@gmail.com> Accept-Language: de,en Content-Type: multipart/signed; boundary="=_mYbDGekQFzpq8P4LMXcRkxV"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 X-Rspamd-Queue-Id: 4B7Wyq1H0lz4459 X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.38 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[leidinger.net:s=outgoing-alex]; NEURAL_HAM_MEDIUM(-1.01)[-1.014]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; NEURAL_HAM_LONG(-0.97)[-0.974]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[leidinger.net:+]; DMARC_POLICY_ALLOW(-0.50)[leidinger.net,quarantine]; NEURAL_HAM_SHORT(-0.30)[-0.295]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:34240, ipnet:2a00:1828::/32, country:DE]; FREEMAIL_CC(0.00)[freebsd.org,gmail.com]; RCVD_TLS_ALL(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[91.22.85.151:received] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jul 2020 13:23:16 -0000 This message is in MIME format and has been PGP signed. --=_mYbDGekQFzpq8P4LMXcRkxV Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoting Ernie Luzar (from Fri, 17 Jul 2020=20=20 08:46:07=20-0400): > Trying to figure out how to configure a vnet jail so it is=20=20 >=20restricted to only being able to talk to other vnet jails on the=20=20 >=20same host IE: local only vnet jails. As different to being able to=20= =20 >=20access the public internet type of vnet jails. > > Using the bridge/epair method of connecting vnet jails to the host. > [ based on this how-to ] > https://forums.freebsd.org/threads/vnet-jail-with-public-internet-access-= using-the-bridge-epair-method.76071/ > > It's my understanding that this behavior is controlled by if the=20=20 >=20hosts interface connected to the public internet is added as a=20=20 >=20member to the bridge the vnet jails epairXa interfaces were members=20= =20 >=20of. Partly correct. You can also have a setup where your host is routing=20=20 between=20what you call the public internet and the local only vnets. > I tested this on a remote vm and found that it made no difference=20=20 >=20one way or the other if the hosts interface connected to the public=20= =20 >=20internet was added as a member to the bridge or not. In both cases=20= =20 >=20the vnet jail had public internet access. It shouldn't, if there is no routing involved. Please show us "ifconfig -a" and "netstat -rn" of the host. Bye, Alexander. --=20 http://www.Leidinger.net=20Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_mYbDGekQFzpq8P4LMXcRkxV Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJfEaYjAAoJEBINsJsD+NiGJFYP/1vE8iUmokaZJ94r37L32pX/ mVcEYQVRf38uiCZK3P6XfSdYvMcLCCCxf8L9dgLqWMNjvpMVkMO4wjTc3gqQipuG 7z8vhQiR2Gppy9Ty8ZZLhzmZaCOOGQSUpi2HI0EQPRvNe0XTNa5bzgF5ktJRdOKu CGDd0BU7M2b47xandWN6pRLqK9dbLf6Ax8rsDhqshSjzqSDFB99eztlfP7j22UXm mOlct9P6VwRUnJrgJrKLyH/C+CvFaIJpDiURxxjOugq0q9h996oPgGM4RD8GZ4fc gwFTlwmNitXDhG3Ak6tbU5tyemaT9PJNx4GN2+GNFzZHqOBLU1bXJE6Yc2VNSdXv rOzR7LDaYRtUO6A1x5qSLMimQoVJxfotoFI6ZJ6IsCJi2I8jgrxFkXn9YVJNU5Mj oAt8JtsOhnnow5K4WWkQzvP199F5M7DX7S0214/UZZXSJDK4f0QsighcnfKdrmUC US9tiY1Id98RFWLETkj5Ft1k0o7aKzj/psustP+qx9mGm8P2FClmR/jT19HkmAH7 VqrzV1CFvWidTQuocNHvIS9O4jJ0vYcWNjH/tZgzA09CrlQ8v7AeBcLmTcG0qGnP xNrouaqWMWLuYT3nQ15Rm8gKMXxb4pb7HRCOquYmIzwAv5acOg5DTKmUSv+avq7P ADgLKcxW2pL3uepGg00x =hWez -----END PGP SIGNATURE----- --=_mYbDGekQFzpq8P4LMXcRkxV-- From owner-freebsd-jail@freebsd.org Fri Jul 17 20:31:55 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7670636E2E8; Fri, 17 Jul 2020 20:31:55 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-qk1-x741.google.com (mail-qk1-x741.google.com [IPv6:2607:f8b0:4864:20::741]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B7jTQ4r92z4VdQ; Fri, 17 Jul 2020 20:31:54 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-qk1-x741.google.com with SMTP id z15so3201871qki.10; Fri, 17 Jul 2020 13:31:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=SgvsygJsi5OaXTUgFAk+j13YmwPzP7z1fQVefExCQZo=; b=FD2qIn1HACOSzL72xKi4Cmf4AjledlPB1KhfjF5JSuLO+2v59KmTRrmsHfcOy93pBU Hp3khGfZpwg1CLnYKbq0sAPwwjLvJXJ7FLjXxfs094Pd5ZSIAygnYkbxTPGSLLj/0fy1 Q/BpP1zKnYut5hYxwK72mkJ6s/F6zpBPYm8yr6eTo1A5gBZdVFTEuhBqQ9FlkJ6lxjfq UXJXqaBC9E9Ydz1MRkNHm7gSUyEBaDxbeX1bj+XJCj/aBn8E+8Hhs/VOcImpBuhHdjTE PBQg8O+NCMFpNq0cSBpNYKw9mNyNGzJ+6vZ5ivCusyiXmrXUq2A7fqZDvxbhoTNRU65r IwPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=SgvsygJsi5OaXTUgFAk+j13YmwPzP7z1fQVefExCQZo=; b=jDDJULZNp3o700ks6Jt+ZkinP9u10ApqdUcvc056i5kqQ11zhagA7ZbUigE7GDDvAi NfZTuyg+IVlOL2CpgO9zk0ldH7tXGrVtRhBtsbLUTTp+uDffIwXiry4Opnwb0ZWjiBpE OfyH+x1I3YcyOtuPHA1hgzDqx3DmjBFy2qiA8o92qoioYl5bvme/dF6exXikf/tDHP4N 9iqDsFCMYjFDz9e5f4gPRJcD/BB42F2Phuzdm56n1P9ymU8u6jhbQFv9RsYH48lVfYLp v5gXQUA0ibGs4F3t1C3HliBoo0A7yprG3dytX0WrA488KmbprJNE6IZWyMU6CP30S32k AWSQ== X-Gm-Message-State: AOAM531dEY71HQqLnUYSUgs7uVm2Yje5PPJFj5m8M+vivMwkOyRuCj3t DGaXfBWMMasp3tFo+/mkDvM= X-Google-Smtp-Source: ABdhPJzxbb1uq1HLZAfEa/5YzjL1Y3ew3nttuz7roU+4xG6B9Sc4KHYhM17uG2v15O+Ca2ZBXEil1A== X-Received: by 2002:a37:3cd:: with SMTP id 196mr10799742qkd.458.1595017913735; Fri, 17 Jul 2020 13:31:53 -0700 (PDT) Received: from [10.0.10.8] (cpe-65-25-51-0.neo.res.rr.com. [65.25.51.0]) by smtp.googlemail.com with ESMTPSA id t9sm11314995qke.68.2020.07.17.13.31.52 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 17 Jul 2020 13:31:53 -0700 (PDT) Message-ID: <5F120AB9.8060209@gmail.com> Date: Fri, 17 Jul 2020 16:31:53 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Alexander Leidinger CC: freebsd-questions@freebsd.org, freebsd-jail@freebsd.org, David Mehler Subject: Re: vnet jail for local only or public access References: <5EFCD605.4000409@gmail.com> <5EFD095F.4040507@gmail.com> <5F0119F3.40806@gmail.com> <5F049E65.8000701@gmail.com> <5F0DEE4A.6080600@gmail.com> <5F0F00EB.5010403@gmail.com> <5F0F0FBC.9020200@gmail.com> <5F0F152C.3040908@gmail.com> <5F119D8F.7030407@gmail.com> <20200717152243.Horde.9H9QDqj9GtGFk_mayhRBsvs@webmail.leidinger.net> In-Reply-To: <20200717152243.Horde.9H9QDqj9GtGFk_mayhRBsvs@webmail.leidinger.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4B7jTQ4r92z4VdQ X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=FD2qIn1H; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of luzar722@gmail.com designates 2607:f8b0:4864:20::741 as permitted sender) smtp.mailfrom=luzar722@gmail.com X-Spamd-Result: default: False [-2.41 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.89)[-0.888]; RECEIVED_SPAMHAUS_PBL(0.00)[65.25.51.0:received]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MID_RHS_MATCH_FROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.04)[-1.044]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-0.98)[-0.978]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::741:from]; FREEMAIL_CC(0.00)[freebsd.org,gmail.com]; RCVD_TLS_ALL(0.00)[]; SUSPICIOUS_RECIPS(1.50)[] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jul 2020 20:31:55 -0000 Alexander Leidinger wrote: > Quoting Ernie Luzar (from Fri, 17 Jul 2020 08:46:07 > -0400): > >> Trying to figure out how to configure a vnet jail so it is restricted >> to only being able to talk to other vnet jails on the same host IE: >> local only vnet jails. As different to being able to access the public >> internet type of vnet jails. >> >> Using the bridge/epair method of connecting vnet jails to the host. >> [ based on this how-to ] >> https://forums.freebsd.org/threads/vnet-jail-with-public-internet-access-using-the-bridge-epair-method.76071/ >> >> >> It's my understanding that this behavior is controlled by if the hosts >> interface connected to the public internet is added as a member to the >> bridge the vnet jails epairXa interfaces were members of. > > Partly correct. You can also have a setup where your host is routing > between what you call the public internet and the local only vnets. > >> I tested this on a remote vm and found that it made no difference one >> way or the other if the hosts interface connected to the public >> internet was added as a member to the bridge or not. In both cases the >> vnet jail had public internet access. > > It shouldn't, if there is no routing involved. > > Please show us "ifconfig -a" and "netstat -rn" of the host. > > Bye, > Alexander. > root >netstat -rn4 Routing tables Internet: Destination Gateway Flags Netif Expire default 65.25.48.1 UGS re0 10.0.0.0/8 link#1 U em0 10.0.10.2 link#1 UHS lo0 10.0.20.0/24 link#5 U bridge10 10.0.20.2 link#5 UHS lo0 xxx.25.48.0/20 link#2 U re0 xxx.25.51.0 link#2 UHS lo0 127.0.0.1 link#3 UH lo0 /root > /root >ifconfig -a em0: flags=8843 metric 0 mtu 1500 options=81249b ether d0:50:99:93:75:98 inet 10.0.10.2 netmask 0xff000000 broadcast 10.255.255.255 media: Ethernet autoselect (1000baseT ) status: active nd6 options=29 re0: flags=8843 metric 0 mtu 1500 options=8209b ether 50:3e:aa:06:11:22 inet xxx.25.51.0 netmask 0xfffff000 broadcast 255.255.255.255 media: Ethernet autoselect (1000baseT ) status: active nd6 options=29 lo0: flags=8049 metric 0 mtu 16384 options=680003 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff000000 groups: lo nd6 options=21 bridge10: flags=8843 metric 0 mtu 1500 description: qjail-vnet-jail-only-bridge ether 02:3e:ba:a7:58:0a inet 10.0.20.2 netmask 0xffffff00 broadcast 255.255.255.0 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: epair4a flags=143 ifmaxaddr 0 port 6 priority 128 path cost 2000 groups: bridge nd6 options=1 epair4a: flags=8943 metric 0 mtu 1500 description: qjail-vnet-jail-dir10 options=8 ether 02:f6:61:9a:b4:0a inet6 fe80::f6:61ff:fe9a:b40a%epair4a prefixlen 64 scopeid 0x6 groups: epair media: Ethernet 10Gbase-T (10Gbase-T ) status: active nd6 options=21 Vnet jail can ping the public internet.