From owner-freebsd-net@freebsd.org Thu May 7 12:03:59 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2A47E2C681B for ; Thu, 7 May 2020 12:03:59 +0000 (UTC) (envelope-from john@saltant.com) Received: from twaddle.saltant.net (twaddle.saltant.net [IPv6:2001:470:8d6f:1001::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49HsZ55XV7z45CR; Thu, 7 May 2020 12:03:57 +0000 (UTC) (envelope-from john@saltant.com) Received: from dither.saltant.net (dither.saltant.net [IPv6:2001:470:8d6f:1001::3]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by twaddle.saltant.net (Postfix) with ESMTPSA id 964454BA3; Thu, 7 May 2020 08:03:51 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=saltant.com; s=twaddle; t=1588853031; bh=Lb57OTGtwWIZw5cXoQ7bxKqEzuJMVchDLDj8LB934hw=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=cX9X+z5O6ZyGQIh3o1nouupdzLOkE0WVEHFmWfVhPxNJtl5BGy+K52FKJUjKLPo8T jHuxdh4YCbGa/LW6n1Hq7M5UPfTgE48UnB3d5SDdLXsdZ7FR1DWQ/D20I9k/CO0GFX pLNhANuaPqQnieq9bFVVJZBSu/grL5l/4pXMFfRkRCvOD05TsIiy+jnWZaHd7LHYNs Rig1k1T8tkDIXsp4IMtjIWUc0Gw1wmK5cyZ/XUOPnp9+vt6cyYbl3tyzjdLqIrQfPz ci/iAu6wXm5RyL/r4R4HW3/HQJCOvyTncxkSmUqic87XOyQ16X3mENaI6r7x9qgqBM 6qYRMLLLdl/CQ== Subject: Re: RUNNING flag remains unset upon reinserting a gre into VNET jail To: "Andrey V. Elsukov" , FreeBSD Net Cc: "Bjoern A. Zeeb" References: <9d81897c-79af-1da3-f142-88bee5b6522e@FreeBSD.org> <5c2571d4-e42c-4a56-8a96-90f065d36afa@yandex.ru> From: "John W. O'Brien" Autocrypt: addr=john@saltant.com; prefer-encrypt=mutual; keydata= mQINBFpcMG0BEACeAEQ0ZTUEH+6B8XIBid2H8g1yY+niHxVphqz8JwnQtYX+bS+Kl3vr783F HH81DEbfPtYgHY53NF9FjSzCyj13lXVnEGQOdxXzZVKsN1nyuXCN2hDOFH7Yc5yQ8h85T4Hv sqPIGIXOztu4MX14iUAcTgLhfibNQBeKDeNI+BBeaE9lPuNVeiM+xsI4JYcjmDbjFzAHRpBo ull0koUFh6RZAKE7u17yLej1pTIQQVjQpWdK37BAq4hdkLwjGDY8mDGo3ZwGdNibxIAxv/wi KU6u2DfUg8+kLHIhOqk/+kFQ/uK5YA1azsyD5eIbNAs4W7LglA6SkiGBglTwkP0VCrkPdD14 6sx3U7uFgexDWbVuhLIkcPQ0SRmnjgUKHgk7px/jMvAPKSKoL0JQNdP/+pnO9CDLGmoHx9gE 5kVr5dQK8c/WauEfimAdE9qLuN6vb0Iei73q3e3OOHAUusR5wC5SwXt4iilbaK4r04NKXyfb SB3+qWST07F9cmMscfEStSBhpez3awB+1jz8gr40tkEGsFZGvD2KKAgZdKpoxv6IrZepclWz HpqHF01SRFORYMsd1d83XlEu/S1/Z9YJ87RoCdZuYCkjnoRPtpTi9d+JD/u3ZiQFwLUz/Ne3 VqiGKvY66EGcO3tvANMg6GWD9sqlnBDp9Lls0ChEY3dgDYd6DQARAQABtCJKb2huIFcuIE8n QnJpZW4gPGpvaG5Ac2FsdGFudC5jb20+iQJUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMB Ah4BAheAFiEENPkbBr3zmPAVSH2HM8TWS4ldvzsFAlpcMTMFCQX2qcYACgkQM8TWS4ldvztT xQ//eHb1mgd40Z0fN2GnJti6/9uJ771IO6slFQ02GZcXZI+FIQo8Yd1dHe0e0Codu78qvJNr ggUtqdxH6SVp7K1AWHeLH5S0PF6iG5B+YUux080wEv/Mr8PPMgAD8gS3wiPDDgB/kUXO52bn DC3Fc0dUrFE/JAOByVEEDL5nLF6SQNpAtIUnaAIIuhKxi0d40LMcLUwuJ6jExynw8Iu7OVtu Y1PRAH5ESt6wYZq8ro8ukh4rMOxiWtT1yNEgHgnq3N4jKErVo87YJijHSSj80IKxUiKb/T6K tGTEBTKiSUV3OFj0ZoPxcbUmhIg2sBCNHaUCiI0KabqN1NyK2glKtcK6NpWy3JIHvtr3+VL1 /tvQTwlVUIacmsuxkGzm5vJPs/i2RtwsJXEXPmIRNgJ1EwZgpg5VqqEUDlmSyRLb48QcDrdv utKLA1MKLib1fD+0XmxZTbCMlFMlvJjAoBlVq60mvB/Jnv1TTnZ2eN6DKMWoxHKmPICh5F1q esmT/aJRIUoCiAgcChi4Ol4XmW3dM7ypjKCGHzyr6emCky5pjqSQZyFzg0RN5UjUQBISAGmJ E8hCFZIy7tf8meqIDbtkONh+JShN6u3t02JrnzSOQjZCh5WQW9Pnu7unJlIsYB10aZ6rvuAK YjghT8QLG8QVgJj/U9oeVG1Ag60fmLZdOFjRGmm5AQ0EXiI+pwEIAN/gCLz555dMl/I+kul4 ptLPm5oe0Yxp6pMI81+p8qJY6HoDlkHN/eB88FvaX1eQR6tTJu9kEHc0nnqjtj7M9kMm6ujb hXjTDY+EFck9V5XDV9eaHUvsDujq/srxHtpFtsWZRUiseTrtcKBt5yfrDlIvNPW/F1rtuHuH 7gIvB8rgBWwyO0v8/ZPfCDwV6zqCZ6TWT9hGzvODdSZN6gQipIrLvz2RFhtJ4+a8QCCBJpzl nWKKZmfmTiPElDM/POIwyO4pn2Hr0aSV4q1wShtwYhPpF3BvwTB59BqmyoW82oYk6ymokooU h1gsCs6D9hzX/jFCkbX0ywwW2jDEjYj04fMAEQEAAYkDcgQYAQoAJhYhBDT5Gwa985jwFUh9 hzPE1kuJXb87BQJeIj6nAhsCBQkFo5qAAUAJEDPE1kuJXb87wHQgBBkBCgAdFiEEUgT925O8 rsvNs2oHIjgwc/pAJtYFAl4iPqcACgkQIjgwc/pAJtYjKggAndvnwqRinsemX5KhK9MOdgNM SqhWHqNuuh3YaL7NK1lwMCubXgBag4LcOXZQ2m09bgtoXcbPh5g+ZPeqPGF28vaw6mU79dzU 2xkVC+456lBlU5VvmSNGXCGEVoRuMSQ4sT/GVvq2CJd4wUXxyaeqoqDXQGU1rspKsRroA0tJ RrCJOO1fs0hC7Ft4xx3nOwuxpE2Hp94g1zFA/MQs6SXjRiKJ7hOAPLIDIc79ZbPTc1YFxThd L1G27lq2ZtIuYuxiqdrhfTTe5cKFkm84FKSz+lhBNb3JiVb0ulnR2Bfi0lOxJ91b3dMLtuiu Du7wqHZax5FVQVJFIQpVvSJ+FZSnn91hD/91TeM+aR0zFq0BnkDBkt5X/tMuRm0IzkOLxjY4 Bi4y7e2N4CX1XklPybVW3QieiBRlfN2D7OhhHeXZk9rXzpCN/CC0aq4C/hfzLdOCcz7KaAFP dWZCH7xKPQUcIZyjHG7hx+M/5VKg86tiVln6gxEWNJp9+H+V2k04DH9b3UQ+aCXerbmIn7f8 dfHYOjPSXnmfso8rNSH8AOH5qrJp7VTTuxEYmt5yUc34GsVRUrj7wg/LHX3AMM5ZtAbHorYB lRZruleEzrJXbvb5/WbB4s8rHeA9IA7tXKNz83p7L8MaJ2LaJS/DeiwgrMpMUcbprgv9ejDw RO7P/jmvvRcnOADhfQBUmK1C+N6pzPX5gMUjYInH9T1JeIbh0kHrviAvHW8FYIcZSt3jKiM6 ZQNEuyv1wjpYULDfz/P1rHl1wq3RqYyO+o5rrIhyq4DDsNvvFAvifwFFoUv/eWOyhhd7zewv 0hVHcKIxHIPy7F+QSG1pOpedNEHKJBe7kxFuKA0/3r0I1fA0qJaISCtjRytv3mJVdE8SzVj1 J3B76AB+VChcr+VDLC4kQYtclMe50eoLCmwB1Y+c6QItIu6u8G9LNtTaTDorhtKHU+XM5/k6 wgmrC699KBxvM+oNbOfz3KDsZ4owIpBsBvMax8EW/ws78fnsHCi7tOdqrGl0xUG9+z7XI7kC DQReIj7QARAAyNbQ/m2GgioxKzPr73JEWHFMGUJbCka5lPtoO82qpb/NIRr6Ii+7e5TljOek hdueLNyiDJBxc9BK5v1BC/0aI+5TWrlB5oZGRZl1Qa3a8x9FH8Rya4fD0dfmQGarmu91vfgb MrBQrYGfwsZiS8MiT/ytJ1NzjHBXm1TMczZYYL7i5JSgqTNDqamBJODVa3lipKP9FY9XX/T3 cQEi7B1Om+8xgm87PtqsXr7fFyb2l84fnUv3g5Glznpfqk5Poshm5leJm/SVKkZZKfyo1P5+ BKi2zGAsLXgFbl6jiEnRIjyawpMuKaFclmBH8riuQGNK0wEeyqo9WlUY+WU3HUyE/fQ3h5Tk 80q+tT6wj7JQ8ywt4EAnIrJN/ik0H2ShthzAzWzAnZ5evQqXfhNIGD0LLJ1TglGyOYuqrSny g81lfjvhSLJqCCwILEBe1n3gITwTnpYMJu6DNk06xJJ9B4Oz8GLGTUWZcPafWAbzk5GZTf2N cSpxOqQV8/u2goMULyzXCzGrtB6YfDM/adZOAvpWad2qTgcpxpHALWY6T9aiKDIiURDJf04P 8X8xfzcc8ZFtGH+PwLDXMdeviMaPzfRTfvwn+LYuHY+liu0dlZa40SUx/9ugECSFcvPgTOEB SI/FoR2PwgcOauvY6AJ1HONsir8spMgcM5JgBqfIbcdsE4kAEQEAAYkCPAQYAQoAJhYhBDT5 Gwa985jwFUh9hzPE1kuJXb87BQJeIj7QAhsMBQkFo5qAAAoJEDPE1kuJXb87j9AP/0jvvPR0 8yAtQgzSb3A99LcsY3Zl+QGNZYkmdb0/C8feRMw9CUb6a/6liaj7CCKwadSULiVWSuMP3zT3 5Vit+2W/5GuO6C4fmOyeXquCi8qamhTG+orZYBw0dy3s1MhrfRwbQkDjWEoG2BbztPbCY5ZP VYGZU+sIwQhEyco+ddv+RL8o7gFDf58nNOgdi03Plsv2N+JpPaU6uoZy4hfzMY/PMhlWaO32 qM0HLyOuojB+RDPZ7oKQbwyavH6YHPcF/aix0DArvCh7nwW0CR/B5YgwD7FtTgE9ZcTof7am IR0ZVQ40kCyanLXp/qHiY9mR0g8Ggy9/rGA5fUsu1/ugyvJPBU/usmQfz3TcTNiuefVrh+Xh cuTc5dDP0d2MHfnKPxnj9F9+9sjJIgD1TbMDtbDhhCw3xkRnR3tbXM2hfDm2CyGKsCYIqDhb Isguy0R5IoW4gL2fHztgtFu3kvYbd45QUuopJhqK/fyRPaEhDx0FE2/jhYdFPJo90DmqL5Pm LJPsa12ActP1cArwAeXFLejxsjfTZeQ49Ww7GK2ZXnoEXFp5fmy2zoCUy12f9245Hvx8ea2y Z9nB+f1CWOPLRctjUqqBWXyQI1cErN9lhJIaCbDFGs61JOBzgFq2q+VnYtWmUJzOtGOGcEfX Nckeve7ALaUiFxGje9zepN2d/xKj Message-ID: <03c2215a-2a05-24c1-fe59-ccfd3e934bfe@saltant.com> Date: Thu, 7 May 2020 08:03:47 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 In-Reply-To: <5c2571d4-e42c-4a56-8a96-90f065d36afa@yandex.ru> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="B2LPNHQPnt46GfexWMdJ7fpWDAiGNsrkU" X-Rspamd-Queue-Id: 49HsZ55XV7z45CR X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=saltant.com header.s=twaddle header.b=cX9X+z5O; dmarc=none; spf=pass (mx1.freebsd.org: domain of john@saltant.com designates 2001:470:8d6f:1001::2 as permitted sender) smtp.mailfrom=john@saltant.com X-Spamd-Result: default: False [-8.08 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[saltant.com:s=twaddle]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip6:2001:470:8d6f::/48]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; HAS_ATTACHMENT(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; DMARC_NA(0.00)[saltant.com]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[saltant.com:+]; SIGNED_PGP(-2.00)[]; FREEMAIL_TO(0.00)[yandex.ru]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; IP_SCORE(-3.48)[ip: (-9.91), ipnet: 2001:470::/32(-4.22), asn: 6939(-3.24), country: US(-0.05)]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 May 2020 12:03:59 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --B2LPNHQPnt46GfexWMdJ7fpWDAiGNsrkU Content-Type: multipart/mixed; boundary="vVVzOUJoVcmdfmcSiM7t2O4Amb2pXH3lu" --vVVzOUJoVcmdfmcSiM7t2O4Amb2pXH3lu Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2020/05/07 03:27, Andrey V. Elsukov wrote: > On 06.05.2020 10:00, Andrey V. Elsukov wrote: >>> # create a gre outside the jail, configure its tunnel endpoints >>> >>> ifconfig gre0 create tunnel 10.1.1.1 10.2.2.2 >>> ifconfig gre0 # not RUNNING (OK) >>> >>> # place the gre into the jail, it should be running now >>> >>> ifconfig gre0 vnet demo >>> jexec demo ifconfig gre0 # not RUNNING (not OK) >> >> Hi, >> >> I'm not an advanced jail user, so this is my conclusion from a quick >> code look. It looks to me that all IPv4/IPv6 addresses should be purge= d >> from the interface that was moved from one vnet to another. The fact >> that tunnel's config still here is due to it is stored in the private >> interface's softc. Thus when you move ifnet from one vnet to another, >> ifaddr_event_ext is not handled properly and interface doesn't change >> its state. >> >> If my conclusion is correct, I see two ways to fix this: >> 1. Add if_reassign() method to all tunneling interfaces and clear >> tunnel config when ifnet is moved to new jail. This will force you >> reconfigure interface after moving. Probably this is POLA violation. >=20 > Hi, >=20 > I think this patch should help: > https://people.freebsd.org/~ae/gre.diff >=20 > It is untested, if you have time please, test and report back. > The patch will clear tunnel config after moving from one vnet to > another. Thus you need to reconfigure all addresses. >=20 >> 2. Add if_reassign() method to all tunneling interfaces, that will >> invoke ifaddr_evnet_ext handler. This requires more code and looks >> hackish to me. :) Hi Andrey, Your assessment and choice of fix sound right to me. If ordinary addresses are removed upon iface movement between VNETs, then it makes sense that tunnel addresses would be too. I will do my best to test in the coming days. --=20 John W. O'Brien OpenPGP keys: 0x33C4D64B895DBF3B --vVVzOUJoVcmdfmcSiM7t2O4Amb2pXH3lu-- --B2LPNHQPnt46GfexWMdJ7fpWDAiGNsrkU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEUgT925O8rsvNs2oHIjgwc/pAJtYFAl6z+SMACgkQIjgwc/pA JtbG9AgAvB8BeeH4PLSbUa1u8gY16PuUKkXT5edgZwi9ieQ7fGUIt6URzTH1WfAj +0tHQbDbNoiItXdNNODvjEK+OsWDxTiapY8QbGZmWNQFYvXDUVZg9w/LTMc0wNIQ YqKPAtfwn9tGWaNJdV2a9iy38g9uODQY9K7EwIT6fkcRxk/SH3T1TJbLpGdSPgJ2 aIsZLva+vUkLAVVUx521QlObaoiBlrS3WVHEYOqb+Zo3oadI58XeepSSJHQBmC91 lRT0oxT3YbezcBVk4U7CmEOkXf3cyu+u7CiiFBAk6PDnmWgd5NA4qMdo1fIZrkJF g/e5RYrDgFvRiJCL0W4WG54SpHtEPA== =HcrL -----END PGP SIGNATURE----- --B2LPNHQPnt46GfexWMdJ7fpWDAiGNsrkU--