From owner-freebsd-stable@FreeBSD.ORG  Tue Jan 15 19:54:51 2013
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id BFD0B6F7
 for <freebsd-stable@freebsd.org>; Tue, 15 Jan 2013 19:54:51 +0000 (UTC)
 (envelope-from mauzo@anubis.morrow.me.uk)
Received: from isis.morrow.me.uk (isis.morrow.me.uk [204.109.63.142])
 by mx1.freebsd.org (Postfix) with ESMTP id 8B26F242
 for <freebsd-stable@freebsd.org>; Tue, 15 Jan 2013 19:54:51 +0000 (UTC)
Received: from anubis.morrow.me.uk
 (host109-150-212-220.range109-150.btcentralplus.com [109.150.212.220])
 (Authenticated sender: mauzo)
 by isis.morrow.me.uk (Postfix) with ESMTPSA id 3ACC6450C2;
 Tue, 15 Jan 2013 19:54:49 +0000 (UTC)
X-DKIM: OpenDKIM Filter v2.4.1 isis.morrow.me.uk 3ACC6450C2
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=morrow.me.uk;
 s=dkim201101; t=1358279690;
 bh=VbHQjFe2xRDeeOaQ0sD7/krOpOymSdlVEzqp0vBEyXg=;
 h=Date:From:To:Subject:Message-ID:References:MIME-Version:
 Content-Type:In-Reply-To;
 b=O1hwUdQURSJTv8nmL6zwr1H6BnLpuEwD3etMmpaVOL5wax1yC3RxdIAL0Ji86cNQX
 bxOTsfxaL39QjGHcnM0iY/cplB9jiCBXFShGlwYMYvWErE+Al+obnHYcU5QrlWS89s
 5AipxGX/bL7OJk53i/weLHqnszQpZucRxKdEYL5I=
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.97.5 at isis.morrow.me.uk
Received: by anubis.morrow.me.uk (Postfix, from userid 5001)
 id CBF1687AD; Tue, 15 Jan 2013 19:54:44 +0000 (GMT)
Date: Tue, 15 Jan 2013 19:54:44 +0000
From: Ben Morrow <ben@morrow.me.uk>
To: lattera@gmail.com, freebsd-stable@freebsd.org
Subject: Re: IPv6 Tunnel Shared With Jails via epair Devices
Message-ID: <20130115195444.GA92522@anubis.morrow.me.uk>
References: <CADt0fhxG-EqZq_cYq3YvkYGd=yY4o7FTxW6fmra0Zt06oyAO=A@mail.gmail.com>
 <20130115052937.GA44328@anubis.morrow.me.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CADt0fhxCuy8xrahJAcGTSqXWFd4DHT7TwcXYtYYLV77BSFUsqw@mail.gmail.com>
X-Newsgroups: gmane.os.freebsd.stable
Organization: morrow.me.uk
User-Agent: Mutt/1.5.21 (2010-09-15)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jan 2013 19:54:51 -0000

Quoth Shawn Webb <lattera@gmail.com>:
> On Tue, Jan 15, 2013 at 12:29 AM, Ben Morrow <ben@morrow.me.uk> wrote:
> > Quoth Shawn Webb <lattera@gmail.com>:
> > >
> > > # ifconfig bridge0
> > > bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
> > > 1500
> > > ether 02:fe:21:34:d3:00
> > > inet6 2001:470:8142:1::1 prefixlen 64
> > > nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
> > > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
> > > maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
> > > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
> > > member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> > >        ifmaxaddr 0 port 19 priority 128 path cost 2000
> > > member: epair1a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> > >        ifmaxaddr 0 port 21 priority 128 path cost 2000
> > > member: bge0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> > >        ifmaxaddr 0 port 5 priority 128 path cost 200000
> >
> > Why have you added the physical interface to the bridge? AFAICT you
> > don't need to: a bridge will bridge epairs just fine, and as you
> > explained in that blog post you have to route rather than bridge into
> > the tunnel, since the tunnel isn't an Ethernet device.
> 
> I did it so that I have an IPv4 address directly on the LAN for each of my
> jails.

Hmm, OK. 

> > > # jexec "Dev Template" ifconfig epair0b
> > > epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
> > > 1500
> > > options=8<VLAN_MTU>
> > > ether 02:80:03:00:14:0b
> > > inet6 2001:470:8142:1::5 prefixlen 64 tentative
> > > inet6 fe80::80:3ff:fe00:140b%epair0b prefixlen 64 tentative scopeid 0x2
> > > inet 10.7.1.92 netmask 0xfffffe00 broadcast 10.7.1.255
> > > nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> >
> > I suspect the addresses are only marked tentative because the interface
> > has been marked IFDISABLED. This causes all current addresses to be
> > marked tentative, because the kernel isn't allowed to send or receive
> > IPv6 packets and so can't defend the addresses any more.
> >
> > Is it possible something in the jail's startup scripts is causing the
> > interface to be marked IFDISABLED after the inet6 address has been
> > assigned? Some of the functions in network.subr mark interfaces
> > IFDISABLED automatically if they don't think they have IPv6 addresses.
> 
> I was thinking the same thing. One problem is that I can't remove the
> IFDISABLED flag. This is what happens when I try:
> 
> # jexec "Dev Template" ifconfig epair0b -ifdisabled
> ifconfig: ioctl(SIOCGIFINFO_IN6): Invalid argument

    ifconfig epair0b inet6 -ifdisabled

I don't know why you get that error when you miss out the 'inet6'; it's
not exactly very clear.

Ben