From owner-freebsd-net@freebsd.org Sat May 9 15:31:23 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4F5B02ECE5F for ; Sat, 9 May 2020 15:31:23 +0000 (UTC) (envelope-from john@saltant.com) Received: from twaddle.saltant.net (twaddle.saltant.net [72.78.188.147]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49KB4T5WrHz3yGx; Sat, 9 May 2020 15:31:21 +0000 (UTC) (envelope-from john@saltant.com) Received: from statler.priv.n.saltant.net (unknown [IPv6:2001:470:8d6f:0:2003:19d:10b2:9e4f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by twaddle.saltant.net (Postfix) with ESMTPSA id C1C3456DF; Sat, 9 May 2020 11:31:14 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=saltant.com; s=twaddle; t=1589038274; bh=x/XfpxDw3huNeK+JYKlx6E15gGKjSG0XR/ijvHewAbs=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=FnIl9fsF/seY/ujPN1kwli+LVl1qwX8jyOiwuv4acAnsm+xE2ldvzuCv9CEBOq4Ih m1kpzI2GcP32YK1bqbCsVvMjVvCtMOIXpEZWyrL+g3/cpk+kqSKsSK6fJ6HvmrMOwb BtWHSuhwma5ouqc7FBDpiSL+LbChursMK9oNEncD/v/BJ5CZoD/eg/GP+peIct/o99 JGF3Zg2DTPZrMzP8EyUrlICOwUvsH0W15Qt0ypt0y68sGwf3T/jCyDolz/GDBuF7Hs x731dFn778FsATJhb6n3P+OUZWLDcX7hc85RRQWhBXanby2m9C77VuYjJmqwTs/cCY gIKk1nlg7rHZQ== Subject: Re: RUNNING flag remains unset upon reinserting a gre into VNET jail To: "Andrey V. Elsukov" , FreeBSD Net Cc: "Bjoern A. Zeeb" References: <9d81897c-79af-1da3-f142-88bee5b6522e@FreeBSD.org> <5c2571d4-e42c-4a56-8a96-90f065d36afa@yandex.ru> From: "John W. O'Brien" Autocrypt: addr=john@saltant.com; prefer-encrypt=mutual; keydata= mQINBFpcMG0BEACeAEQ0ZTUEH+6B8XIBid2H8g1yY+niHxVphqz8JwnQtYX+bS+Kl3vr783F HH81DEbfPtYgHY53NF9FjSzCyj13lXVnEGQOdxXzZVKsN1nyuXCN2hDOFH7Yc5yQ8h85T4Hv sqPIGIXOztu4MX14iUAcTgLhfibNQBeKDeNI+BBeaE9lPuNVeiM+xsI4JYcjmDbjFzAHRpBo ull0koUFh6RZAKE7u17yLej1pTIQQVjQpWdK37BAq4hdkLwjGDY8mDGo3ZwGdNibxIAxv/wi KU6u2DfUg8+kLHIhOqk/+kFQ/uK5YA1azsyD5eIbNAs4W7LglA6SkiGBglTwkP0VCrkPdD14 6sx3U7uFgexDWbVuhLIkcPQ0SRmnjgUKHgk7px/jMvAPKSKoL0JQNdP/+pnO9CDLGmoHx9gE 5kVr5dQK8c/WauEfimAdE9qLuN6vb0Iei73q3e3OOHAUusR5wC5SwXt4iilbaK4r04NKXyfb SB3+qWST07F9cmMscfEStSBhpez3awB+1jz8gr40tkEGsFZGvD2KKAgZdKpoxv6IrZepclWz HpqHF01SRFORYMsd1d83XlEu/S1/Z9YJ87RoCdZuYCkjnoRPtpTi9d+JD/u3ZiQFwLUz/Ne3 VqiGKvY66EGcO3tvANMg6GWD9sqlnBDp9Lls0ChEY3dgDYd6DQARAQABtCJKb2huIFcuIE8n QnJpZW4gPGpvaG5Ac2FsdGFudC5jb20+iQJUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMB Ah4BAheAFiEENPkbBr3zmPAVSH2HM8TWS4ldvzsFAlpcMTMFCQX2qcYACgkQM8TWS4ldvztT xQ//eHb1mgd40Z0fN2GnJti6/9uJ771IO6slFQ02GZcXZI+FIQo8Yd1dHe0e0Codu78qvJNr ggUtqdxH6SVp7K1AWHeLH5S0PF6iG5B+YUux080wEv/Mr8PPMgAD8gS3wiPDDgB/kUXO52bn DC3Fc0dUrFE/JAOByVEEDL5nLF6SQNpAtIUnaAIIuhKxi0d40LMcLUwuJ6jExynw8Iu7OVtu Y1PRAH5ESt6wYZq8ro8ukh4rMOxiWtT1yNEgHgnq3N4jKErVo87YJijHSSj80IKxUiKb/T6K tGTEBTKiSUV3OFj0ZoPxcbUmhIg2sBCNHaUCiI0KabqN1NyK2glKtcK6NpWy3JIHvtr3+VL1 /tvQTwlVUIacmsuxkGzm5vJPs/i2RtwsJXEXPmIRNgJ1EwZgpg5VqqEUDlmSyRLb48QcDrdv utKLA1MKLib1fD+0XmxZTbCMlFMlvJjAoBlVq60mvB/Jnv1TTnZ2eN6DKMWoxHKmPICh5F1q esmT/aJRIUoCiAgcChi4Ol4XmW3dM7ypjKCGHzyr6emCky5pjqSQZyFzg0RN5UjUQBISAGmJ E8hCFZIy7tf8meqIDbtkONh+JShN6u3t02JrnzSOQjZCh5WQW9Pnu7unJlIsYB10aZ6rvuAK YjghT8QLG8QVgJj/U9oeVG1Ag60fmLZdOFjRGmm5AQ0EXiI+pwEIAN/gCLz555dMl/I+kul4 ptLPm5oe0Yxp6pMI81+p8qJY6HoDlkHN/eB88FvaX1eQR6tTJu9kEHc0nnqjtj7M9kMm6ujb hXjTDY+EFck9V5XDV9eaHUvsDujq/srxHtpFtsWZRUiseTrtcKBt5yfrDlIvNPW/F1rtuHuH 7gIvB8rgBWwyO0v8/ZPfCDwV6zqCZ6TWT9hGzvODdSZN6gQipIrLvz2RFhtJ4+a8QCCBJpzl nWKKZmfmTiPElDM/POIwyO4pn2Hr0aSV4q1wShtwYhPpF3BvwTB59BqmyoW82oYk6ymokooU h1gsCs6D9hzX/jFCkbX0ywwW2jDEjYj04fMAEQEAAYkDcgQYAQoAJhYhBDT5Gwa985jwFUh9 hzPE1kuJXb87BQJeIj6nAhsCBQkFo5qAAUAJEDPE1kuJXb87wHQgBBkBCgAdFiEEUgT925O8 rsvNs2oHIjgwc/pAJtYFAl4iPqcACgkQIjgwc/pAJtYjKggAndvnwqRinsemX5KhK9MOdgNM SqhWHqNuuh3YaL7NK1lwMCubXgBag4LcOXZQ2m09bgtoXcbPh5g+ZPeqPGF28vaw6mU79dzU 2xkVC+456lBlU5VvmSNGXCGEVoRuMSQ4sT/GVvq2CJd4wUXxyaeqoqDXQGU1rspKsRroA0tJ RrCJOO1fs0hC7Ft4xx3nOwuxpE2Hp94g1zFA/MQs6SXjRiKJ7hOAPLIDIc79ZbPTc1YFxThd L1G27lq2ZtIuYuxiqdrhfTTe5cKFkm84FKSz+lhBNb3JiVb0ulnR2Bfi0lOxJ91b3dMLtuiu Du7wqHZax5FVQVJFIQpVvSJ+FZSnn91hD/91TeM+aR0zFq0BnkDBkt5X/tMuRm0IzkOLxjY4 Bi4y7e2N4CX1XklPybVW3QieiBRlfN2D7OhhHeXZk9rXzpCN/CC0aq4C/hfzLdOCcz7KaAFP dWZCH7xKPQUcIZyjHG7hx+M/5VKg86tiVln6gxEWNJp9+H+V2k04DH9b3UQ+aCXerbmIn7f8 dfHYOjPSXnmfso8rNSH8AOH5qrJp7VTTuxEYmt5yUc34GsVRUrj7wg/LHX3AMM5ZtAbHorYB lRZruleEzrJXbvb5/WbB4s8rHeA9IA7tXKNz83p7L8MaJ2LaJS/DeiwgrMpMUcbprgv9ejDw RO7P/jmvvRcnOADhfQBUmK1C+N6pzPX5gMUjYInH9T1JeIbh0kHrviAvHW8FYIcZSt3jKiM6 ZQNEuyv1wjpYULDfz/P1rHl1wq3RqYyO+o5rrIhyq4DDsNvvFAvifwFFoUv/eWOyhhd7zewv 0hVHcKIxHIPy7F+QSG1pOpedNEHKJBe7kxFuKA0/3r0I1fA0qJaISCtjRytv3mJVdE8SzVj1 J3B76AB+VChcr+VDLC4kQYtclMe50eoLCmwB1Y+c6QItIu6u8G9LNtTaTDorhtKHU+XM5/k6 wgmrC699KBxvM+oNbOfz3KDsZ4owIpBsBvMax8EW/ws78fnsHCi7tOdqrGl0xUG9+z7XI7kC DQReIj7QARAAyNbQ/m2GgioxKzPr73JEWHFMGUJbCka5lPtoO82qpb/NIRr6Ii+7e5TljOek hdueLNyiDJBxc9BK5v1BC/0aI+5TWrlB5oZGRZl1Qa3a8x9FH8Rya4fD0dfmQGarmu91vfgb MrBQrYGfwsZiS8MiT/ytJ1NzjHBXm1TMczZYYL7i5JSgqTNDqamBJODVa3lipKP9FY9XX/T3 cQEi7B1Om+8xgm87PtqsXr7fFyb2l84fnUv3g5Glznpfqk5Poshm5leJm/SVKkZZKfyo1P5+ BKi2zGAsLXgFbl6jiEnRIjyawpMuKaFclmBH8riuQGNK0wEeyqo9WlUY+WU3HUyE/fQ3h5Tk 80q+tT6wj7JQ8ywt4EAnIrJN/ik0H2ShthzAzWzAnZ5evQqXfhNIGD0LLJ1TglGyOYuqrSny g81lfjvhSLJqCCwILEBe1n3gITwTnpYMJu6DNk06xJJ9B4Oz8GLGTUWZcPafWAbzk5GZTf2N cSpxOqQV8/u2goMULyzXCzGrtB6YfDM/adZOAvpWad2qTgcpxpHALWY6T9aiKDIiURDJf04P 8X8xfzcc8ZFtGH+PwLDXMdeviMaPzfRTfvwn+LYuHY+liu0dlZa40SUx/9ugECSFcvPgTOEB SI/FoR2PwgcOauvY6AJ1HONsir8spMgcM5JgBqfIbcdsE4kAEQEAAYkCPAQYAQoAJhYhBDT5 Gwa985jwFUh9hzPE1kuJXb87BQJeIj7QAhsMBQkFo5qAAAoJEDPE1kuJXb87j9AP/0jvvPR0 8yAtQgzSb3A99LcsY3Zl+QGNZYkmdb0/C8feRMw9CUb6a/6liaj7CCKwadSULiVWSuMP3zT3 5Vit+2W/5GuO6C4fmOyeXquCi8qamhTG+orZYBw0dy3s1MhrfRwbQkDjWEoG2BbztPbCY5ZP VYGZU+sIwQhEyco+ddv+RL8o7gFDf58nNOgdi03Plsv2N+JpPaU6uoZy4hfzMY/PMhlWaO32 qM0HLyOuojB+RDPZ7oKQbwyavH6YHPcF/aix0DArvCh7nwW0CR/B5YgwD7FtTgE9ZcTof7am IR0ZVQ40kCyanLXp/qHiY9mR0g8Ggy9/rGA5fUsu1/ugyvJPBU/usmQfz3TcTNiuefVrh+Xh cuTc5dDP0d2MHfnKPxnj9F9+9sjJIgD1TbMDtbDhhCw3xkRnR3tbXM2hfDm2CyGKsCYIqDhb Isguy0R5IoW4gL2fHztgtFu3kvYbd45QUuopJhqK/fyRPaEhDx0FE2/jhYdFPJo90DmqL5Pm LJPsa12ActP1cArwAeXFLejxsjfTZeQ49Ww7GK2ZXnoEXFp5fmy2zoCUy12f9245Hvx8ea2y Z9nB+f1CWOPLRctjUqqBWXyQI1cErN9lhJIaCbDFGs61JOBzgFq2q+VnYtWmUJzOtGOGcEfX Nckeve7ALaUiFxGje9zepN2d/xKj Message-ID: <7bd71bc3-26c6-edf3-2218-8502e305e13c@saltant.com> Date: Sat, 9 May 2020 11:31:10 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 MIME-Version: 1.0 In-Reply-To: <5c2571d4-e42c-4a56-8a96-90f065d36afa@yandex.ru> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="YfPr5y6NQG26GOB8PmiE8mm41IHSlaFe1" X-Rspamd-Queue-Id: 49KB4T5WrHz3yGx X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=saltant.com header.s=twaddle header.b=FnIl9fsF; dmarc=none; spf=pass (mx1.freebsd.org: domain of john@saltant.com designates 72.78.188.147 as permitted sender) smtp.mailfrom=john@saltant.com X-Spamd-Result: default: False [-7.39 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[saltant.com:s=twaddle]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip4:72.78.188.144/29]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; HAS_ATTACHMENT(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; DMARC_NA(0.00)[saltant.com]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[saltant.com:+]; SIGNED_PGP(-2.00)[]; FREEMAIL_TO(0.00)[yandex.ru]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; IP_SCORE(-2.79)[ip: (-9.91), ipnet: 72.78.0.0/16(-4.92), asn: 701(0.93), country: US(-0.05)]; ASN(0.00)[asn:701, ipnet:72.78.0.0/16, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.32 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 May 2020 15:31:23 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --YfPr5y6NQG26GOB8PmiE8mm41IHSlaFe1 Content-Type: multipart/mixed; boundary="8QmPoOab4GFGePXUoJ6Ve2hUa0gyWBnDF" --8QmPoOab4GFGePXUoJ6Ve2hUa0gyWBnDF Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2020/05/07 03:27, Andrey V. Elsukov wrote: > On 06.05.2020 10:00, Andrey V. Elsukov wrote: >>> # create a gre outside the jail, configure its tunnel endpoints >>> >>> ifconfig gre0 create tunnel 10.1.1.1 10.2.2.2 >>> ifconfig gre0 # not RUNNING (OK) >>> >>> # place the gre into the jail, it should be running now >>> >>> ifconfig gre0 vnet demo >>> jexec demo ifconfig gre0 # not RUNNING (not OK) >> >> Hi, >> >> I'm not an advanced jail user, so this is my conclusion from a quick >> code look. It looks to me that all IPv4/IPv6 addresses should be purge= d >> from the interface that was moved from one vnet to another. The fact >> that tunnel's config still here is due to it is stored in the private >> interface's softc. Thus when you move ifnet from one vnet to another, >> ifaddr_event_ext is not handled properly and interface doesn't change >> its state. >> >> If my conclusion is correct, I see two ways to fix this: >> 1. Add if_reassign() method to all tunneling interfaces and clear >> tunnel config when ifnet is moved to new jail. This will force you >> reconfigure interface after moving. Probably this is POLA violation. >=20 > Hi, >=20 > I think this patch should help: > https://people.freebsd.org/~ae/gre.diff >=20 > It is untested, if you have time please, test and report back. > The patch will clear tunnel config after moving from one vnet to > another. Thus you need to reconfigure all addresses. Looks good. root@freebsd:~ # uname -a FreeBSD freebsd 13.0-CURRENT FreeBSD 13.0-CURRENT #1 r360848M: Sat May 9 15:23:00 UTC 2020 root@freebsd:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 root@freebsd:~ # jail -c name=3Ddemo vnet persist root@freebsd:~ # ifconfig ena1 vnet demo root@freebsd:~ # ifconfig gre0 create tunnel 10.1.1.1 10.2.2.2 root@freebsd:~ # ifconfig gre0 vnet demo root@freebsd:~ # jexec demo ifconfig gre0 gre0: flags=3D8010 metric 0 mtu 1476 options=3D80000 groups: gre nd6 options=3D21 root@freebsd:~ # jexec demo ifconfig gre0 tunnel 10.1.1.1 10.2.2.2 root@freebsd:~ # jexec demo ifconfig ena1 inet 10.1.1.1 root@freebsd:~ # jexec demo ifconfig gre0 gre0: flags=3D8050 metric 0 mtu 1476 options=3D80000 tunnel inet 10.1.1.1 --> 10.2.2.2 groups: gre nd6 options=3D21 root@freebsd:~ # ifconfig gre0 -vnet demo root@freebsd:~ # ifconfig gre0 gre0: flags=3D8011 metric 0 mtu 1476 options=3D80000 inet6 fe80::1427:e888:767c:dce1%gre0 prefixlen 64 tentative scopeid 0x2 nd6 options=3D23 --=20 John W. O'Brien OpenPGP keys: 0x33C4D64B895DBF3B --8QmPoOab4GFGePXUoJ6Ve2hUa0gyWBnDF-- --YfPr5y6NQG26GOB8PmiE8mm41IHSlaFe1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEUgT925O8rsvNs2oHIjgwc/pAJtYFAl62zL4ACgkQIjgwc/pA Jta9wQgAo6TXMhcDvvWwWCye1QhAeU3JZ7IOEg7Zirt4ViwrX/RpOeVfWY2eaFg8 SW/p/+gHs6CiuSXX6m/nM7hBvIV2lwKyZjPZ+tIuQnS9T/drzmFSGnWah7FOe4cD PEgosLKj12YhIVfHUiqaPdhlOAhU2erkEex+ZxLFDYKprc+ZWn4axUo5yi3W/QQT jpUzAIQpNi/VCvwRm1BaU1adx2Zev5gKwnbaKioOLnDd0nvTncqbvwiJY6WNxNeF 2jLAfWwIiYurPtq6XUaWLubM2RXmdixLE7m5vR/SASXYSey8cIA7TTYHdT389NVP r+gj5idX3OC8NPrPFTUv5E1KDS8lJw== =sP73 -----END PGP SIGNATURE----- --YfPr5y6NQG26GOB8PmiE8mm41IHSlaFe1--