Date: Thu, 7 May 2020 08:03:47 -0400 From: "John W. O'Brien" <john@saltant.com> To: "Andrey V. Elsukov" <bu7cher@yandex.ru>, FreeBSD Net <freebsd-net@freebsd.org> Cc: "Bjoern A. Zeeb" <bz@FreeBSD.org> Subject: Re: RUNNING flag remains unset upon reinserting a gre into VNET jail Message-ID: <03c2215a-2a05-24c1-fe59-ccfd3e934bfe@saltant.com> In-Reply-To: <5c2571d4-e42c-4a56-8a96-90f065d36afa@yandex.ru> References: <eeee7437-2ed9-1d75-1750-82a9babf2e83@saltant.com> <cf170c7f-938b-32d7-089a-e5da853b292a@saltant.com> <9d81897c-79af-1da3-f142-88bee5b6522e@FreeBSD.org> <5c2571d4-e42c-4a56-8a96-90f065d36afa@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --B2LPNHQPnt46GfexWMdJ7fpWDAiGNsrkU Content-Type: multipart/mixed; boundary="vVVzOUJoVcmdfmcSiM7t2O4Amb2pXH3lu" --vVVzOUJoVcmdfmcSiM7t2O4Amb2pXH3lu Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2020/05/07 03:27, Andrey V. Elsukov wrote: > On 06.05.2020 10:00, Andrey V. Elsukov wrote: >>> # create a gre outside the jail, configure its tunnel endpoints >>> >>> ifconfig gre0 create tunnel 10.1.1.1 10.2.2.2 >>> ifconfig gre0 # not RUNNING (OK) >>> >>> # place the gre into the jail, it should be running now >>> >>> ifconfig gre0 vnet demo >>> jexec demo ifconfig gre0 # not RUNNING (not OK) >> >> Hi, >> >> I'm not an advanced jail user, so this is my conclusion from a quick >> code look. It looks to me that all IPv4/IPv6 addresses should be purge= d >> from the interface that was moved from one vnet to another. The fact >> that tunnel's config still here is due to it is stored in the private >> interface's softc. Thus when you move ifnet from one vnet to another, >> ifaddr_event_ext is not handled properly and interface doesn't change >> its state. >> >> If my conclusion is correct, I see two ways to fix this: >> 1. Add if_reassign() method to all tunneling interfaces and clear >> tunnel config when ifnet is moved to new jail. This will force you >> reconfigure interface after moving. Probably this is POLA violation. >=20 > Hi, >=20 > I think this patch should help: > https://people.freebsd.org/~ae/gre.diff >=20 > It is untested, if you have time please, test and report back. > The patch will clear tunnel config after moving from one vnet to > another. Thus you need to reconfigure all addresses. >=20 >> 2. Add if_reassign() method to all tunneling interfaces, that will >> invoke ifaddr_evnet_ext handler. This requires more code and looks >> hackish to me. :) Hi Andrey, Your assessment and choice of fix sound right to me. If ordinary addresses are removed upon iface movement between VNETs, then it makes sense that tunnel addresses would be too. I will do my best to test in the coming days. --=20 John W. O'Brien OpenPGP keys: 0x33C4D64B895DBF3B --vVVzOUJoVcmdfmcSiM7t2O4Amb2pXH3lu-- --B2LPNHQPnt46GfexWMdJ7fpWDAiGNsrkU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEUgT925O8rsvNs2oHIjgwc/pAJtYFAl6z+SMACgkQIjgwc/pA JtbG9AgAvB8BeeH4PLSbUa1u8gY16PuUKkXT5edgZwi9ieQ7fGUIt6URzTH1WfAj +0tHQbDbNoiItXdNNODvjEK+OsWDxTiapY8QbGZmWNQFYvXDUVZg9w/LTMc0wNIQ YqKPAtfwn9tGWaNJdV2a9iy38g9uODQY9K7EwIT6fkcRxk/SH3T1TJbLpGdSPgJ2 aIsZLva+vUkLAVVUx521QlObaoiBlrS3WVHEYOqb+Zo3oadI58XeepSSJHQBmC91 lRT0oxT3YbezcBVk4U7CmEOkXf3cyu+u7CiiFBAk6PDnmWgd5NA4qMdo1fIZrkJF g/e5RYrDgFvRiJCL0W4WG54SpHtEPA== =HcrL -----END PGP SIGNATURE----- --B2LPNHQPnt46GfexWMdJ7fpWDAiGNsrkU--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?03c2215a-2a05-24c1-fe59-ccfd3e934bfe>