From owner-freebsd-jail@freebsd.org Wed Jan 27 02:59:11 2021 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2E9A34EB223 for ; Wed, 27 Jan 2021 02:59:11 +0000 (UTC) (envelope-from peter.garshtja@ambient-md.com) Received: from mail-qt1-x82b.google.com (mail-qt1-x82b.google.com [IPv6:2607:f8b0:4864:20::82b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DQSxB3FF1z4rLJ for ; Wed, 27 Jan 2021 02:59:09 +0000 (UTC) (envelope-from peter.garshtja@ambient-md.com) Received: by mail-qt1-x82b.google.com with SMTP id o18so461407qtp.10 for ; Tue, 26 Jan 2021 18:59:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ambient-md-com.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=HQsUhRytFo2nUIVUR9xTvKQdE577hYQODRAEsgtzWOo=; b=qTxJcIDJuFPrfaiEe9hbFfHOLEwvXVBGNgQi4uMKmU23LZSSnoCZ6LeI16C4PqOKB9 +ICQvNo98X0vWGn55Y1vUZkiKamoytc/H1PRknv7xY2Jwl/Grbp1pW5luhX6oM9/BIFV eyHHuoSbB56qXsqS0oidWxh9T6hjfZDP1aXZviJTp1SxGhIjNmbe2si0ypufaSacKx7n bq/0FaaldvPgNaPNBvo7aWM4Oc3zfA9yTYNYViuKLMh31VLTfUZWbXRAgcbsGTnGadcg gwHKc4aCsAqqlDz4yrg8p1cVkb4Is+FnUUxGSazHAFphFc6umTsCQ4yO12Qv6izggz/L J5XA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=HQsUhRytFo2nUIVUR9xTvKQdE577hYQODRAEsgtzWOo=; b=ZeUyF+jD9cxZz7TrQFtlNZcV/fa+eLKWBHWTWpP9xzjnZY50uOn9vjYpRd0UQ72NOn eWjylsu6SOXUfYsJTnvY/DuysH5JtRlc7tS2GW7K7Z0gZwcHMy9ZvdMyez1kx5vv3MsQ kZhuEuqTh0ozSfCayhRWWh3px7+MkHQxplAGmgYC+gU4+aGefFVA33MnYdV6LfQ6IlxB 701L6oZPri5pHQg7G6EjaLzoDvs13YYuTgT2pXgTNxlt7QQGIP683nMbAbuKxbPmupkR U2b27btfwBEsSPQMJHZOScpLU6KLYjlDtKGDT55hed8co0CofNLbHXZf5ANKbstaZUCc 22oA== X-Gm-Message-State: AOAM5329GZ/a0Daup6+2sFOZm3/hhzQjB5vkL0BlAneRh+/BAVQCzq/t 01qtQ1m4nHabgz7FbKGzjO8y7IlCAziUhLjI8l8= X-Google-Smtp-Source: ABdhPJw2J508XiZhihg9F3LBV3rtPNf1+BzKSpMqxSL8BfCDXiCqbEc16AxMujFfREhDTTGNOwPh0w== X-Received: by 2002:ac8:5448:: with SMTP id d8mr8169324qtq.6.1611716349048; Tue, 26 Jan 2021 18:59:09 -0800 (PST) Received: from ?IPv6:2001:470:1c:38d::4? ([2001:470:1c:38d::4]) by smtp.gmail.com with ESMTPSA id w42sm511701qtw.22.2021.01.26.18.59.07 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 26 Jan 2021 18:59:08 -0800 (PST) Subject: Re: Jails - vnet- netgraph To: Ernie Luzar Cc: freebsd-jail@freebsd.org References: <5eebbbcf-9912-d980-21e3-c5628005421b@ambient-md.com> <60105725.3010703@gmail.com> From: petru garstea Message-ID: <1cdee0f4-a684-0c7d-f4b7-377d5a29d722@ambient-md.com> Date: Tue, 26 Jan 2021 21:59:05 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: <60105725.3010703@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: 4DQSxB3FF1z4rLJ X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ambient-md-com.20150623.gappssmtp.com header.s=20150623 header.b=qTxJcIDJ; dmarc=none; spf=none (mx1.freebsd.org: domain of peter.garshtja@ambient-md.com has no SPF policy when checking 2607:f8b0:4864:20::82b) smtp.mailfrom=peter.garshtja@ambient-md.com X-Spamd-Result: default: False [-3.30 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[ambient-md-com.20150623.gappssmtp.com:+]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::82b:from]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[ambient-md-com.20150623.gappssmtp.com:s=20150623]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; DMARC_NA(0.00)[ambient-md.com]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::82b:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::82b:from]; R_SPF_NA(0.00)[no SPF record]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-jail] X-Mailman-Approved-At: Wed, 27 Jan 2021 09:29:11 +0000 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jan 2021 02:59:11 -0000 Hi Ernie,     jib script is working fine, however in my current setup I need to emulate bridge interface with netgraph subsystem, I tried to manage that part with jng script with no luck then I decided to create the netgraph bridge manually using ngctl client and in the end the result was the same. In the recent FreeBSD magazines it was mentioned that "bridging" was refactored and I would like to know if that might be impacted the netgraph bridge. Please advise Cheers, Petru Garstea On 1/26/21 12:53 PM, Ernie Luzar wrote: > petru garstea wrote: >> Greetings FreeBSD community, >> >> >>     OS: FreeBSD sun 12.2-RELEASE-p1 FreeBSD 12.2-RELEASE-p1 >> GENERIC  amd64 >> >> >> I am trying to build a netgraph vnet jail with support of official >> jng script that comes with FreeBSD and developed by Devin Teske. >> >> jail.conf file >> >> netgraph { >>   devfs_ruleset = 13; >>   enforce_statfs = 2; >>   exec.clean; >>   exec.consolelog = /var/log/bastille/netgraph_console.log; >>   exec.start = '/bin/sh /etc/rc'; >>   exec.stop = '/bin/sh /etc/rc.shutdown'; >>   host.hostname = netgraph; >>   mount.devfs; >>   mount.fstab = /usr/local/bastille/jails/netgraph/fstab; >>   path = /usr/local/bastille/jails/netgraph/root; >>   securelevel = 2; >> >>   vnet; >>   vnet.interface = e0b_bastille0; >> # exec.prestart += "jib addm bastille0 re0"; >> # exec.poststop += "jib destroy bastille0"; >>   exec.prestart += "jng bridge netgraph re0"; >>   exec.poststop += "jng shutdown netgraph" ; >> } >> >> When I start the jail, netgraph subsystem raise the following exception >> >> ngctl: send msg: No such file or directory >> jail: netgraph: jng bridge netgraph re0: failed >> >> I tried also to create the netgraph bridge with not using jng script >> >> ngctl mkpeer re0: bridge lower link0 >> ngctl: send msg: No such file or directory >> >>  From what I found it looks it used to work on FreeBSD 11.x and >> stopped working in version 12. >> >> Any thoughts ? >> >> Please advise >> >> >> Cheers, >> >> Petru Garstea >> > > Don't see any reply so I will try to help you. > If I remember correctly the jib and jng was added as documentation > back around freebsd 10.00. I have tried to get it to work 10+, 11+ > ,12+ with no joy. There is something missing but can not tell what it > is. The jail environment has gone through many changes over time so no > wonder jib/jng don't work now. > > Netgraph is a complete subsystem for network configuration that has > it's own syntax and commands. The learning curve is pretty great. > There is a outstanding bug and Devin Teske & (she) has taken up the > bug. Hopping 13 holds the bug fix. > > > > > > > > >