From owner-freebsd-net@freebsd.org Thu May 7 07:32:16 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 79E8D13A385 for ; Thu, 7 May 2020 07:32:16 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward101j.mail.yandex.net (forward101j.mail.yandex.net [IPv6:2a02:6b8:0:801:2::101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49HlXZ51Hmz3DTX; Thu, 7 May 2020 07:32:14 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback3o.mail.yandex.net (mxback3o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1d]) by forward101j.mail.yandex.net (Yandex) with ESMTP id 314E11BE0C59; Thu, 7 May 2020 10:32:11 +0300 (MSK) Received: from iva4-bca95d3b11b1.qloud-c.yandex.net (iva4-bca95d3b11b1.qloud-c.yandex.net [2a02:6b8:c0c:4e8e:0:640:bca9:5d3b]) by mxback3o.mail.yandex.net (mxback/Yandex) with ESMTP id XMqzZBENjV-WALWo4MT; Thu, 07 May 2020 10:32:11 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1588836731; bh=JUTuBjhkSWQDCqS9+G2Qyq6ty796SZeElm7QGw4J/6Q=; h=In-Reply-To:Cc:To:From:Subject:Date:References:Message-ID; b=fdJLlADJCyY0cM2jeGL8k8sPStBk5s9B8O8SL+FXSUb6LoAAyRttHW9VNdHziC0GP F1PppUANgb0WJjkOCdUDoThgBwnAkpPmzdfL3+XqVCyp9DAhL5zoF7mC2QHTzezkVw mV4KWDUMKmNqk/g8xtmRsb+N7muktifXHRh5uMds= Received: by iva4-bca95d3b11b1.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id ky5aBsrcHv-WAUWvGPX; Thu, 07 May 2020 10:32:10 +0300 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client certificate not present) Subject: Re: RUNNING flag remains unset upon reinserting a gre into VNET jail From: "Andrey V. Elsukov" To: "John W. O'Brien" , FreeBSD Net Cc: "Bjoern A. Zeeb" References: <9d81897c-79af-1da3-f142-88bee5b6522e@FreeBSD.org> Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= mQENBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAG0JUFuZHJleSBWLiBFbHN1a292IDxidTdjaGVyQHlhbmRleC5ydT6JATgEEwECACIFAkwB F1kCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAHF6gQQyKF6qmYIAI6ekfm1VA4T vqankI1ISE6ku4jV7UlpIQlEbE7/8n3Zd6teJ+pGOQhN5qk8QE7utdPdbktAzi+x7LIJVzUw 4TywZLXGrkP7VKYkfg6oyCGyzITghefQeJtr2TN4hYCkzPWpylkue8MtmqfZv/6royqwTbN+ +E09FQNvTgRUYJYTeQ1qOsxNRycwvw3dr2rOfuxShbzaHBB1pBIjGrMg8fC5pd65ACH5zuFV A0CoTNGMDrEZSfBkTW604UUHFFXeCoC3dwDZRKOWJ3GmMXns65Ai5YkA63BSHEE1Qle3VBhd cG1w0CB5FBV3pB27UVnf0jEbysrDqW4qN7XMRFSWNAy5AQ0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAYkBHwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: <5c2571d4-e42c-4a56-8a96-90f065d36afa@yandex.ru> Date: Thu, 7 May 2020 10:27:04 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <9d81897c-79af-1da3-f142-88bee5b6522e@FreeBSD.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="rr9Gkzpyt11QjRVMrD6UB1DIBgw9AyOHD" X-Rspamd-Queue-Id: 49HlXZ51Hmz3DTX X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yandex.ru header.s=mail header.b=fdJLlADJ; dmarc=pass (policy=none) header.from=yandex.ru; spf=pass (mx1.freebsd.org: domain of bu7cher@yandex.ru designates 2a02:6b8:0:801:2::101 as permitted sender) smtp.mailfrom=bu7cher@yandex.ru X-Spamd-Result: default: False [-5.10 / 15.00]; FREEMAIL_FROM(0.00)[yandex.ru]; R_SPF_ALLOW(-0.20)[+ip6:2a02:6b8:0::/52]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[yandex.ru:+]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (-9.63), ipnet: 2a02:6b8::/32(-4.77), asn: 13238(-3.85), country: RU(0.01)]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; ASN(0.00)[asn:13238, ipnet:2a02:6b8::/32, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[yandex.ru.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[yandex.ru:s=mail]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; RCVD_TLS_LAST(0.00)[]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[1.0.1.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.8.0.0.0.0.0.8.b.6.0.2.0.a.2.list.dnswl.org : 127.0.5.0] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 May 2020 07:32:16 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --rr9Gkzpyt11QjRVMrD6UB1DIBgw9AyOHD Content-Type: multipart/mixed; boundary="loiQBINRkARUG0vVPq1OTxo5WdPDESze0"; protected-headers="v1" From: "Andrey V. Elsukov" To: "John W. O'Brien" , FreeBSD Net Cc: "Bjoern A. Zeeb" Message-ID: <5c2571d4-e42c-4a56-8a96-90f065d36afa@yandex.ru> Subject: Re: RUNNING flag remains unset upon reinserting a gre into VNET jail References: <9d81897c-79af-1da3-f142-88bee5b6522e@FreeBSD.org> In-Reply-To: <9d81897c-79af-1da3-f142-88bee5b6522e@FreeBSD.org> --loiQBINRkARUG0vVPq1OTxo5WdPDESze0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 06.05.2020 10:00, Andrey V. Elsukov wrote: >> # create a gre outside the jail, configure its tunnel endpoints >> >> ifconfig gre0 create tunnel 10.1.1.1 10.2.2.2 >> ifconfig gre0 # not RUNNING (OK) >> >> # place the gre into the jail, it should be running now >> >> ifconfig gre0 vnet demo >> jexec demo ifconfig gre0 # not RUNNING (not OK) >=20 > Hi, >=20 > I'm not an advanced jail user, so this is my conclusion from a quick > code look. It looks to me that all IPv4/IPv6 addresses should be purged= > from the interface that was moved from one vnet to another. The fact > that tunnel's config still here is due to it is stored in the private > interface's softc. Thus when you move ifnet from one vnet to another, > ifaddr_event_ext is not handled properly and interface doesn't change > its state. >=20 > If my conclusion is correct, I see two ways to fix this: > 1. Add if_reassign() method to all tunneling interfaces and clear > tunnel config when ifnet is moved to new jail. This will force you > reconfigure interface after moving. Probably this is POLA violation. Hi, I think this patch should help: https://people.freebsd.org/~ae/gre.diff It is untested, if you have time please, test and report back. The patch will clear tunnel config after moving from one vnet to another. Thus you need to reconfigure all addresses. > 2. Add if_reassign() method to all tunneling interfaces, that will > invoke ifaddr_evnet_ext handler. This requires more code and looks > hackish to me. :) --=20 WBR, Andrey V. Elsukov --loiQBINRkARUG0vVPq1OTxo5WdPDESze0-- --rr9Gkzpyt11QjRVMrD6UB1DIBgw9AyOHD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl6zuEgACgkQAcXqBBDI oXrKeQgAukJoCOwHETkUNOZJTl8niERTZXv3UQzsjcNW1An+DNNpXcRZj0acZhH0 iScvbxQiHB3K/BVCvSuQ85Cwh0gE6rKJns9Gyt0cgkQ0cp7EHY+HRHaNy96rtcpF y1bJPPW2+IDkiV1PIDasJEUann4GmwOdlBegV4Is9pBxbgGR0qhjJiNoj9d0+NK2 5X94iB3diXNaeT8p/d7P3OD84KYzLWymTA3JGkIKRqby0d8lXK65pQJDlb4b0trG fB0o/NiyLE6gNB7oCyJ9nfrm9DtWyC9zgjAz9if6N8e/OxotugksT8q989+/E0rk At/NfqrKud4Qru9cRI6kxX5sUDUKyQ== =rqaS -----END PGP SIGNATURE----- --rr9Gkzpyt11QjRVMrD6UB1DIBgw9AyOHD--