From owner-freebsd-net@freebsd.org  Tue Apr 27 13:57:02 2021
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 43F3E5F26B0
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Tue, 27 Apr 2021 13:57:02 +0000 (UTC)
 (envelope-from ozkan.kirik@gmail.com)
Received: from mail-vk1-xa2c.google.com (mail-vk1-xa2c.google.com
 [IPv6:2607:f8b0:4864:20::a2c])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4FV3Gj2wQvz4Tgp
 for <freebsd-net@freebsd.org>; Tue, 27 Apr 2021 13:57:01 +0000 (UTC)
 (envelope-from ozkan.kirik@gmail.com)
Received: by mail-vk1-xa2c.google.com with SMTP id u200so10364317vku.3
 for <freebsd-net@freebsd.org>; Tue, 27 Apr 2021 06:57:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=kfMjk7daXZ3/jPk6LmtxlSDZcV4VmU7NehyBsu+HAdk=;
 b=deHXG8qseHDrBE1Li9+5vWz+Wg+fH1ukdDnXyWpt+poP9kgNfNc2rwsURquDbOm1S5
 2DpB3Vn5jivzyJAkoaU78AQPAI6sqhM7Oj1ZTfDc8scxlXfaaISD2B/3xZe6ShsI++Tj
 5lLxfF9Z+2ByOQ4SFo26wDg6ShkgckiUNscsDjrLU1nB/jy+QSa9jDUFWiSU6TP7jmnz
 R/vhY9C9LdlTpLqSsHAV72K/SbZHjL/OfJZUrP9VEb4aIQJxQvO7qWrib1nBDzp+PFzE
 MmtXW1m/cGl6Q0witKnkPQu+A7qa7G4uPq960kzMgWjXXN6BJNNe4oYrJP7sQL/iSoMg
 6xmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=kfMjk7daXZ3/jPk6LmtxlSDZcV4VmU7NehyBsu+HAdk=;
 b=eYoTYVjlHR4xQop+HwfI/TGC8YGaILz8ro2Ouyi+gybRt3oNV1Hg9j26WlBofhDCJl
 XC89TaAAN8KcwxlMsb30fFqwrY5Zrme/bXumWyctgBGXG9AFNPHH/KEdxHnmE50TOPoH
 N5F8bP7jMInkeY9wChT9yEJ3jlhz8bKVejI38bHxUk3ehxn9WmwFvsum6+wwBSYivPFf
 0jIx3jJYjHjNs+GccFrmyBS6uzpplAIOaS2jF4RbiXXlo+QzbGm1rK78cryj4cJSoiXj
 C2ceKK7mNP/c3wawTLhQgxwKnNBQbsw4xcGKcDrF0Rj6S9xWqrpJYD5GsLxkCuqVcvtn
 Jp9Q==
X-Gm-Message-State: AOAM5322S/dHpuMpq43lbH8Cg4u9cKb+2mjdGiXVCnKi105oSL8SlaAU
 hSPyki4i1RdEFAIZHxqljpsnrz6UtSyLRgJ6yQIYCBXnG7E=
X-Google-Smtp-Source: ABdhPJwlT+eF/WJ45uw9nlthwl1ohObAQyy+14mCgnrw9MVw4u+7EBTBIzNz3mDtHCv4CtmpE1XenSndBm64JDmXW+o=
X-Received: by 2002:a1f:a8d4:: with SMTP id r203mr6369075vke.4.1619531820150; 
 Tue, 27 Apr 2021 06:57:00 -0700 (PDT)
MIME-Version: 1.0
References: <CAAcX-AGd0=Kf-VnwywyHFEM9jUocO+ZP4LK0XYBijgz-Pd+UGg@mail.gmail.com>
 <20210412125222.16610891@bsd64.grem.de>
 <CAAcX-AGuzUvjTTgPELUYoYhOsoQSmWevmsM=QZr_LnvOZ3yMgA@mail.gmail.com>
 <20210412143852.2c856a0b@bsd64.grem.de>
 <CAAcX-AEuOr6OsxDOPmUVf=6AP-E6zipqzepszvV7Ku1_d033Mw@mail.gmail.com>
 <20210412195740.33efe288@bsd64.grem.de>
 <20210412212016.4828daa4@bsd64.grem.de>
In-Reply-To: <20210412212016.4828daa4@bsd64.grem.de>
From: =?UTF-8?B?w5Z6a2FuIEtJUklL?= <ozkan.kirik@gmail.com>
Date: Tue, 27 Apr 2021 16:56:49 +0300
Message-ID: <CAAcX-AGzSO3w-9E2cy0MSP4dBxvJ2UyinCEKqSLnWjt=Zkun1g@mail.gmail.com>
Subject: Re: jail - vnet bug - ping: UDP connect: No route to host
To: Michael Gmelin <freebsd@grem.de>
Cc: FreeBSD Net <freebsd-net@freebsd.org>
X-Rspamd-Queue-Id: 4FV3Gj2wQvz4Tgp
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=deHXG8qs;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of ozkankirik@gmail.com designates
 2607:f8b0:4864:20::a2c as permitted sender)
 smtp.mailfrom=ozkankirik@gmail.com
X-Spamd-Result: default: False [-4.00 / 15.00]; FREEMAIL_FROM(0.00)[gmail.com];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+];
 RCPT_COUNT_TWO(0.00)[2];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:~];
 RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::a2c:from];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org];
 SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::a2c:from:127.0.2.255];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::a2c:from];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[];
 MAILMAN_DEST(0.00)[freebsd-net]
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.34
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2021 13:57:02 -0000

Hello Michael,

Sorry for late reply. It works after starting ip6addrctl service.
Thank you.


On Mon, Apr 12, 2021 at 10:20 PM Michael Gmelin <freebsd@grem.de> wrote:

>
>
> On Mon, 12 Apr 2021 19:57:40 +0200
> Michael Gmelin <freebsd@grem.de> wrote:
>
> > On Mon, 12 Apr 2021 17:45:36 +0300
> > =C3=96zkan KIRIK <ozkan.kirik@gmail.com> wrote:
> >
> > > root@f13:~ # jls -s -j client
> > > devfs_ruleset=3D0 enforce_statfs=3D2 host=3Dnew ip4=3Dinherit ip6=3Di=
nherit
> > > jid=3D2 name=3Dclient osreldate=3D1300139 osrelease=3D13.0-RC5 path=
=3D/
> > > persist securelevel=3D-1 sysvmsg=3Ddisable sysvsem=3Ddisable
> > > sysvshm=3Ddisable vnet=3Dnew allow.nochflags allow.nomlock allow.nomo=
unt
> > > allow.mount.nodevfs allow.mount.noprocfs allow.mount.notmpfs
> > > allow.noquotas allow.noraw_sockets allow.noread_msgbuf
> > > allow.reserved_ports allow.set_hostname allow.nosocket_af
> > > allow.suser allow.nosysvipc allow.unprivileged_proc_debug
> > > children.max=3D0 host.domainname=3D"" host.hostid=3D0 host.hostname=
=3D""
> > > host.hostuuid=3D00000000-0000-0000-0000-000000000000
> >
> > I can reproduce the issue now, I'll try to dig deeper into it.
> >
> > -m
> >
> > [...snipsnap...]
> >
>
> Hi =C3=96zkan,
>
> This is caused by ping using getaddrinfo to determine the address
> family to be used. You can check this by running
>
>   getaddrinfo www.google.com
>
> inside and outside of your jail and compare the results.
>
> Inside your jail, inet6 entries are on top, while on your host, inet
> entries are on top.
>
> Configuration of address selection is done using /etc/rc.d/ip6addrctl,
> which is enabled by default using a policy of AUTO (see
> /etc/defaults/rc.conf).
>
> As your simple jail doesn't call any rc scripts, your missing this step.
>
> The easiest way to workaround the issue is to explicitly call:
>
>   service ip6addrctl start
>
> after creating your vnet jail, or creating your vnet jail using:
>
>   jail -c name=3Dclient persist vnet vnet.interface=3Dem1 \
>     exec.start=3D"service ip6addrctl start"
>
> Best,
> Michael
>
> --
> Michael Gmelin
>