Site Navigation

Date:      Thu, 24 Feb 2022 22:05:27 +0200
From:      Sami Halabi <sodynet1@gmail.com>
To:        freebsd-jail@freebsd.org, freebsd-net@freebsd.org,  freebsd-emulation@freebsd.org, FreeBSD Current <freebsd-current@freebsd.org>
Subject:   Re: linux debian jail - network problems
Message-ID:  <CAEW%2BogZTfDYOm9dfkrp=Go5tAY2FsGuM2zTDRVcH41WNG2eR6A@mail.gmail.com>
In-Reply-To: <CAEW%2BogZpopx%2B9EPDY5hddqh5BfsVmZcZJrYtYLRF7gPgvHg%2BvA@mail.gmail.com>
References:  <CAEW%2BogZpopx%2B9EPDY5hddqh5BfsVmZcZJrYtYLRF7gPgvHg%2BvA@mail.gmail.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--000000000000ffa55705d8c91ab9
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi,
Added Current, maybe will be lucky ;)

Anyone have idea how approach and fix this?

Sami

=D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A =D7=99=D7=95=D7=9D =D7=92=D7=B3, 22 =
=D7=91=D7=A4=D7=91=D7=A8=D7=B3 2022, 23:30, =D7=9E=D7=90=D7=AA Sami Halabi =
=E2=80=8F<sodynet1@gmail.com>:

> Hi all,
> sorry for the cross post but I need help and I'm not sure where it hangs.
>
> I create linux jail (debian bullseye) via cbsd.
> the jail is being populated with the debian userland..
> so far so good... services running (sshd) and I can login to the jail, I
> also can update packages and I can install apache httpd and all works fin=
e
> (apt install or make from src).
> I also manage to install packages even if their scripts depend on "ip"
> command that fails:
> cbsd@j2> ip
> Cannot open netlink socket: Address family not supported by protocol
>
> ifconfig show empty interfaces:
> cbsd@j2> ifconfig
> eth0: flags=3D4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
>         ether 00:50:56:0a:b3:a0  (Ethernet)
>         RX packets 139798314  bytes 12029597009 (11.2 GiB)
>         RX errors 0  dropped 0  overruns 0  frame 0
>         TX packets 26879143  bytes 34400160833 (32.0 GiB)
>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>
> lo0: flags=3D4169<UP,LOOPBACK,RUNNING,MULTICAST>  mtu 16384
>         loop  (Local Loopback)
>         RX packets 28548  bytes 160312960 (152.8 MiB)
>         RX errors 0  dropped 0  overruns 0  frame 0
>         TX packets 28548  bytes 160312960 (152.8 MiB)
>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>
> I know linux emulation doesn't implement netlink.. so what I do is fake
> the response by replacing /bin/ip by a bash script that prints the correc=
t
> IP and fakes some other (needed by packages i Installed):
> #!/bin/bash
> if [ "$1" =3D "-o" ]; then
> echo "1: eth0 inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0"
> elif [ "$1" =3D "route" ]; then
>         if [ "$2" =3D "get" ]; then
>                 echo "8.8.8.8 via  192.168.1.2   dev eth0  src
> 192.168.1.2  "
>         else
>                 echo "default via  192.168.1.2   dev eth0"
>         fi
> else
> echo "1: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state
> UP qlen 1000"
> echo "  inet  192.168.1.2  /24 brd  192.168.1.255 scope global eth0"
>
>
> still ifconfig shows no IP... its time to say it a regular jail and *NOT*
> VNET.
>
> *however* package that pull ips via libraries fail..
> eg: installed bind916 (name) in the logs I see these errors (relevant
> only):
> cbsd@j2> service named start
> Starting domain name service...: namednamed: prctl(PR_SET_DUMPABLE)
> failed: Invalid argument
> cbsd@j2>
>
>
> log file shows:
> 22-Feb-2022 23:11:58.705 general: notice: BIND 9 is maintained by Interne=
t
> Systems Consortium,
> 22-Feb-2022 23:11:58.705 general: notice: Inc. (ISC), a non-profit
> 501(c)(3) public-benefit
> 22-Feb-2022 23:11:58.705 general: notice: corporation.  Support and
> training for BIND 9 are
> 22-Feb-2022 23:11:58.705 general: notice: available at
> https://www.isc.org/support
> 22-Feb-2022 23:11:58.705 general: notice:
> ----------------------------------------------------
> 22-Feb-2022 23:11:58.705 general: info: found 6 CPUs, using 6 worker
> threads
> 22-Feb-2022 23:11:58.705 general: info: using 6 UDP listeners per interfa=
ce
> 22-Feb-2022 23:11:58.705 general: info: using up to 21000 sockets
> 22-Feb-2022 23:11:58.715 general: info: loading configuration from
> '/etc/bind/named.conf'
> 22-Feb-2022 23:11:58.715 general: info: reading built-in trust anchors
> from file '/etc/bind/bind.keys'
> 22-Feb-2022 23:11:58.715 general: info: looking for GeoIP2 databases in
> '/usr/share/GeoIP'
> 22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv4 port range=
:
> [1024, 65535]
> 22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv6 port range=
:
> [1024, 65535]
> 22-Feb-2022 23:11:58.715 network: info: no IPv6 interfaces found
> 22-Feb-2022 23:11:58.715 general: error: ifiter_getifaddrs.c:79:
> unexpected error:
> 22-Feb-2022 23:11:58.715 general: error: getting interface addresses:
> getifaddrs: Address family not supported by protocol
> 22-Feb-2022 23:11:58.715 network: warning: not listening on any interface=
s
> *snip*
> *snip*
> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
> 22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS)
> failed: Protocol not available
> 22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel
> 127.0.0.1#953: permission denied
> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
> 22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS)
> failed: Protocol not available
> 22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel
> 127.0.0.1#953: permission denied
> 22-Feb-2022 23:11:58.735 zoneload: info: managed-keys-zone: loaded serial
> 24
> 22-Feb-2022 23:11:58.735 zoneload: info: zone 0.in-addr.arpa/IN: loaded
> serial 1
> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
> 22-Feb-2022 23:11:58.735 general: error: setsockopt(512, IP_RECVTOS)
> failed: Protocol not available
> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
> 22-Feb-2022 23:11:58.735 general: error: setsockopt(513, IP_RECVTOS)
> failed: Protocol not available
> 22-Feb-2022 23:11:58.745 zoneload: info: zone 255.in-addr.arpa/IN: loaded
> serial 1
> 22-Feb-2022 23:11:58.745 zoneload: info: zone j1.royalshells.com/IN:
> loaded serial 2022022106
> 22-Feb-2022 23:11:58.745 notify: info: zone j1.royalshells.com/IN:
> sending notifies (serial 2022022106)
> 22-Feb-2022 23:11:58.745 general: error: socket.c:2405: unexpected error:
> 22-Feb-2022 23:11:58.745 general: error: setsockopt(514, IP_RECVTOS)
> failed: Protocol not available
> 22-Feb-2022 23:11:58.745 zoneload: info: zone localhost/IN: loaded serial=
 2
> 22-Feb-2022 23:11:58.745 general: error: socket.c:2405: unexpected error:
> 22-Feb-2022 23:11:58.745 general: error: setsockopt(515, IP_RECVTOS)
> failed: Protocol not available
> 22-Feb-2022 23:11:58.745 zoneload: info: zone 127.in-addr.arpa/IN: loaded
> serial 1
> 22-Feb-2022 23:11:58.745 general: notice: all zones loaded
> 22-Feb-2022 23:11:58.745 general: notice: running
> 22-Feb-2022 23:11:58.795 general: error: socket.c:2405: unexpected error:
> 22-Feb-2022 23:11:58.795 general: error: setsockopt(50, IP_RECVTOS)
> failed: Protocol not available
> 22-Feb-2022 23:12:58.811 general: error: ifiter_getifaddrs.c:79:
> unexpected error:
> 22-Feb-2022 23:12:58.811 general: error: getting interface addresses:
> getifaddrs: Address family not supported by protocol
> 22-Feb-2022 23:12:58.811 network: warning: not listening on any interface=
s
>
> Any Idea how to fix this??
>
> cbsd@j2> named -V
> BIND 9.16.22-Debian (Extended Support Version) <id:59bfaba>
> running on Linux x86_64 3.2.0 FreeBSD 12.3-RELEASE-p1 GENERIC
>
> installing newer versions
>
> I have also problems with dovecot mail package.. but will leave it for no=
w
>
> Thanks in advance,
> Sami
>
>

--000000000000ffa55705d8c91ab9
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto">Hi,<div dir=3D"auto">Added Current, maybe will be lucky ;=
)</div><div dir=3D"auto"><br></div><div dir=3D"auto">Anyone have idea how a=
pproach and fix this?</div><div dir=3D"auto"><br></div><div dir=3D"auto">Sa=
mi</div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmai=
l_attr">=D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A =D7=99=D7=95=D7=9D =D7=92=D7=
=B3, 22 =D7=91=D7=A4=D7=91=D7=A8=D7=B3 2022, 23:30, =D7=9E=D7=90=D7=AA Sami=
 Halabi =E2=80=8F&lt;<a href=3D"mailto:sodynet1@gmail.com">sodynet1@gmail.c=
om</a>&gt;:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 =
0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr">Hi all=
,<div>sorry for the cross post but I need help and I&#39;m not sure where i=
t hangs.</div><div><br></div><div>I create linux jail (debian bullseye) via=
 cbsd.</div><div>the jail is being populated with the debian userland..</di=
v><div>so far so good... services running (sshd) and I can login to the jai=
l, I also can update packages=C2=A0and I can install apache httpd and all w=
orks fine (apt install or make from src).</div><div>I also manage to instal=
l packages even if their scripts depend on &quot;ip&quot; command that fail=
s:</div><div>cbsd@j2&gt; ip<br>Cannot open netlink socket: Address family n=
ot supported by protocol<br></div><div><br></div><div>ifconfig show empty i=
nterfaces:</div><div>cbsd@j2&gt; ifconfig<br>eth0: flags=3D4163&lt;UP,BROAD=
CAST,RUNNING,MULTICAST&gt; =C2=A0mtu 1500<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 et=
her 00:50:56:0a:b3:a0 =C2=A0(Ethernet)<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 RX pa=
ckets 139798314 =C2=A0bytes 12029597009 (11.2 GiB)<br>=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 RX errors 0 =C2=A0dropped 0 =C2=A0overruns 0 =C2=A0frame 0<br>=C2=A0=
 =C2=A0 =C2=A0 =C2=A0 TX packets 26879143 =C2=A0bytes 34400160833 (32.0 GiB=
)<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 TX errors 0 =C2=A0dropped 0 overruns 0 =C2=
=A0carrier 0 =C2=A0collisions 0<br><br>lo0: flags=3D4169&lt;UP,LOOPBACK,RUN=
NING,MULTICAST&gt; =C2=A0mtu 16384<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 loop =C2=
=A0(Local Loopback)<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 RX packets 28548 =C2=A0b=
ytes 160312960 (152.8 MiB)<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 RX errors 0 =C2=
=A0dropped 0 =C2=A0overruns 0 =C2=A0frame 0<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =
TX packets 28548 =C2=A0bytes 160312960 (152.8 MiB)<br>=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 TX errors 0 =C2=A0dropped 0 overruns 0 =C2=A0carrier 0 =C2=A0collisi=
ons 0<br></div><div><br></div><div>I know linux emulation doesn&#39;t imple=
ment netlink.. so what I do is fake the response by replacing /bin/ip by a =
bash script that prints the correct IP and fakes some other (needed by pack=
ages i Installed):<br></div><div>#!/bin/bash<br>if [ &quot;$1&quot; =3D &qu=
ot;-o&quot; ]; then<br>echo &quot;1: eth0 inet <a href=3D"http://192.168.1.=
2/24" target=3D"_blank" rel=3D"noreferrer">192.168.1.2/24</a> brd 192.168.1=
.255 scope global eth0&quot;<br>elif [ &quot;$1&quot; =3D &quot;route&quot;=
 ]; then<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 if [ &quot;$2&quot; =3D &quot;get&q=
uot; ]; then<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ech=
o &quot;8.8.8.8 via=C2=A0

192.168.1.2=C2=A0=C2=A0=C2=A0dev eth0 =C2=A0src=C2=A0

192.168.1.2=C2=A0 &quot;<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 else<br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 echo &quot;default via=C2=A0

192.168.1.2=C2=A0=C2=A0=C2=A0dev eth0&quot;<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =
fi<br>else<br>echo &quot;1: eth0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; m=
tu 1500 qdisc mq state UP qlen 1000&quot;<br>echo &quot; =C2=A0inet=C2=A0

192.168.1.2=C2=A0 /24 brd=C2=A0

192.168.1.255 scope global eth0&quot;<br></div><div><div><br></div><div><br=
></div><div>still ifconfig shows no IP... its time to say it a regular jail=
 and *NOT* VNET.</div><div><br></div><div>*however* package that pull ips v=
ia libraries fail..</div><div>eg: installed bind916 (name) in the logs I se=
e these errors (relevant only):</div><div>cbsd@j2&gt; service named start<b=
r>Starting domain name service...: namednamed: prctl(PR_SET_DUMPABLE) faile=
d: Invalid argument<br>cbsd@j2&gt;<br></div><div><br></div><div><br></div><=
div>log file shows:</div><div>22-Feb-2022 23:11:58.705 general: notice: BIN=
D 9 is maintained by Internet Systems Consortium,<br>22-Feb-2022 23:11:58.7=
05 general: notice: Inc. (ISC), a non-profit 501(c)(3) public-benefit<br>22=
-Feb-2022 23:11:58.705 general: notice: corporation.=C2=A0 Support and trai=
ning for BIND 9 are<br>22-Feb-2022 23:11:58.705 general: notice: available =
at <a href=3D"https://www.isc.org/support" target=3D"_blank" rel=3D"norefer=
rer">https://www.isc.org/support</a><br>22-Feb-2022 23:11:58.705 general: n=
otice: ----------------------------------------------------<br>22-Feb-2022 =
23:11:58.705 general: info: found 6 CPUs, using 6 worker threads<br>22-Feb-=
2022 23:11:58.705 general: info: using 6 UDP listeners per interface<br>22-=
Feb-2022 23:11:58.705 general: info: using up to 21000 sockets<br>22-Feb-20=
22 23:11:58.715 general: info: loading configuration from &#39;/etc/bind/na=
med.conf&#39;<br>22-Feb-2022 23:11:58.715 general: info: reading built-in t=
rust anchors from file &#39;/etc/bind/bind.keys&#39;<br>22-Feb-2022 23:11:5=
8.715 general: info: looking for GeoIP2 databases in &#39;/usr/share/GeoIP&=
#39;<br>22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv4 port=
 range: [1024, 65535]<br>22-Feb-2022 23:11:58.715 general: info: using defa=
ult UDP/IPv6 port range: [1024, 65535]<br>22-Feb-2022 23:11:58.715 network:=
 info: no IPv6 interfaces found<br>22-Feb-2022 23:11:58.715 general: error:=
 ifiter_getifaddrs.c:79: unexpected error:<br>22-Feb-2022 23:11:58.715 gene=
ral: error: getting interface addresses: getifaddrs: Address family not sup=
ported by protocol<br>22-Feb-2022 23:11:58.715 network: warning: not listen=
ing on any interfaces<br></div><div>*snip*</div><div>*snip*</div><div>22-Fe=
b-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:<br>22-=
Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) failed: Pr=
otocol not available<br>22-Feb-2022 23:11:58.735 general: notice: couldn&#3=
9;t add command channel 127.0.0.1#953: permission denied<br></div><div>22-F=
eb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:<br>22=
-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) failed: P=
rotocol not available<br>22-Feb-2022 23:11:58.735 general: notice: couldn&#=
39;t add command channel 127.0.0.1#953: permission denied<br>22-Feb-2022 23=
:11:58.735 zoneload: info: managed-keys-zone: loaded serial 24<br>22-Feb-20=
22 23:11:58.735 zoneload: info: zone 0.in-addr.arpa/IN: loaded serial 1<br>=
22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:<b=
r>22-Feb-2022 23:11:58.735 general: error: setsockopt(512, IP_RECVTOS) fail=
ed: Protocol not available<br>22-Feb-2022 23:11:58.735 general: error: sock=
et.c:2405: unexpected error:<br>22-Feb-2022 23:11:58.735 general: error: se=
tsockopt(513, IP_RECVTOS) failed: Protocol not available<br>22-Feb-2022 23:=
11:58.745 zoneload: info: zone 255.in-addr.arpa/IN: loaded serial 1<br>22-F=
eb-2022 23:11:58.745 zoneload: info: zone <a href=3D"http://j1.royalshells.=
com/IN" target=3D"_blank" rel=3D"noreferrer">j1.royalshells.com/IN</a>: loa=
ded serial 2022022106<br>22-Feb-2022 23:11:58.745 notify: info: zone <a hre=
f=3D"http://j1.royalshells.com/IN" target=3D"_blank" rel=3D"noreferrer">j1.=
royalshells.com/IN</a>: sending notifies (serial 2022022106)<br>22-Feb-2022=
 23:11:58.745 general: error: socket.c:2405: unexpected error:<br>22-Feb-20=
22 23:11:58.745 general: error: setsockopt(514, IP_RECVTOS) failed: Protoco=
l not available<br>22-Feb-2022 23:11:58.745 zoneload: info: zone localhost/=
IN: loaded serial 2<br>22-Feb-2022 23:11:58.745 general: error: socket.c:24=
05: unexpected error:<br>22-Feb-2022 23:11:58.745 general: error: setsockop=
t(515, IP_RECVTOS) failed: Protocol not available<br>22-Feb-2022 23:11:58.7=
45 zoneload: info: zone 127.in-addr.arpa/IN: loaded serial 1<br>22-Feb-2022=
 23:11:58.745 general: notice: all zones loaded<br>22-Feb-2022 23:11:58.745=
 general: notice: running<br>22-Feb-2022 23:11:58.795 general: error: socke=
t.c:2405: unexpected error:<br>22-Feb-2022 23:11:58.795 general: error: set=
sockopt(50, IP_RECVTOS) failed: Protocol not available<br></div><div>22-Feb=
-2022 23:12:58.811 general: error: ifiter_getifaddrs.c:79: unexpected error=
:<br>22-Feb-2022 23:12:58.811 general: error: getting interface addresses: =
getifaddrs: Address family not supported by protocol<br></div><div>22-Feb-2=
022 23:12:58.811 network: warning: not listening on any interfaces<br></div=
><div><br></div><div>Any Idea how to fix this??</div><div><br></div><div>cb=
sd@j2&gt; named -V<br>BIND 9.16.22-Debian (Extended Support Version) &lt;id=
:59bfaba&gt;<br>running on Linux x86_64 3.2.0 FreeBSD 12.3-RELEASE-p1 GENER=
IC<br></div><div><br></div><div>installing newer=C2=A0versions=C2=A0</div><=
div><br></div><div>I have also problems with dovecot mail package.. but wil=
l leave it for now</div><div><br></div><div>Thanks in advance,</div><div>Sa=
mi</div><br></div></div>
</blockquote></div>

--000000000000ffa55705d8c91ab9--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEW%2BogZTfDYOm9dfkrp=Go5tAY2FsGuM2zTDRVcH41WNG2eR6A>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact