Date: Thu, 15 May 2025 22:03:48 +0200 From: Kristof Provost <kp@FreeBSD.org> To: Cy Schubert <Cy.Schubert@cschubert.com> Cc: ivy@freebsd.org, freebsd-current@freebsd.org Subject: Re: epair(4) Message-ID: <ED9223EB-9AD3-4F8E-A98F-3326DCE1A012@FreeBSD.org> In-Reply-To: <20250515194006.A69EAB6@slippy.cwsent.com> References: <20250515162552.9209B20E@slippy.cwsent.com> <20250515185919.87008219@slippy.cwsent.com> <406249F9-B0FC-4E22-9402-683531321E72@FreeBSD.org> <20250515194006.A69EAB6@slippy.cwsent.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
On 15 May 2025, at 21:40, Cy Schubert wrote:
> In message <406249F9-B0FC-4E22-9402-683531321E72@FreeBSD.org>, Kristof
> Provost
> writes:
>> On 15 May 2025, at 20:59, Cy Schubert wrote:
>>> In message <20250515162552.9209B20E@slippy.cwsent.com>, Cy Schubert
>>> wri=
>> tes:
>>>> Over the last couple of days epair(4) fails to set up when an IP
>>>> addre=
>> ss is
>>>> specified.
>>>>
>>>> bob# service jail onestart test2
>>>> Starting jails: cannot start jail "test2":
>>>> epair0a
>>>> ifconfig: ioctl (SIOCAIFADDR): Invalid argument
>>>> jail: test2: /sbin/ifconfig epair0a inet 10.1.1.70 netmask
>>>> 0xffffff00 =
>> up:
>>>> failed
>>>> .
>>>> bob# ifconfig epair0a inet 10.1.1.70 netmask 0xffffff00
>>>> ifconfig: ioctl (SIOCAIFADDR): Invalid argument
>>>> bob# ifconfig epair0a inet up
>>>> bob#
>>>
>>> This regression is caused by b61850c4e6f6.
>>>
>> Is epair0a a member of a bridge? If so, that=E2=80=99s a
>> configuration er=
>> ror which is now prevented (by default).
>
> Yes, epair0a, member of bridge0 is prevented from coming up.
>
> My jail configuration:
>
> test2 {
> $if = "0"; # Jail ID number
> $ip_addr = "10.1.1.71"; # Jail ipv4 address
> $netmask = "0xffffff00";
> $ip_host = "10.1.1.70"; # Gateway or host's ipv4
> address
> $ip_route = "10.1.1.254"; # Gateway or host's
> ipv4
> address
> $ip6_addr = "fc00:1:1:1::47"; # Jail ipv6 address
> $ip6_route = "fc00:1:1:1::fffe"; # Gateway or host's ipv6
> address
> vnet;
> vnet.interface = "epair${if}b";
> allow.set_hostname = "1";
> exec.prestart = "/sbin/sysctl kern.sugid_coredump=1";
> exec.prestart = "ifconfig epair${if} create up";
> exec.prestart += "ifconfig bridge0 addm epair${if}a";
> # exec.prestart += "ifconfig bridge0 addm sk0";
> exec.prestart += "/sbin/ifconfig epair${if}a inet ${ip_host}
> netmask
> ${netmask} up";
> # exec.prestart += "/sbin/route change -host ${ip_host} -iface
> epair${if}a";
> # exec.prestart += "/sbin/route add -host ${ip_addr} -iface
> epair${if}a";
> exec.start = "/sbin/ifconfig epair${if}b inet ${ip_addr}
> netmask
> ${netmask} up";
> exec.start += "/sbin/ifconfig epair${if}b inet6 ${ip6_addr}
> up";
> exec.start += "/sbin/route add default -gateway
> ${ip_route}";
> exec.start += "/sbin/route add -inet6 default -gateway
> ${ip6_route}";
> exec.start += "/bin/sh /etc/rc";
> exec.stop = "/bin/sh /etc/rc.shutdown";
> exec.poststop = "ifconfig epair${if}a destroy";
> # exec.poststop += "ifconfig bridge0 deletem sk0";
> }
>
>
You’ll want to assign the IP address to the bridge, not to epair0a.
It’s less obvious with IPv4 than it would be with IPv6, but assigning
the address to epair0a breaks multicast.
Best regards,
Kristof
[-- Attachment #2 --]
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/xhtml; charset=utf-8">
</head>
<body><div style="font-family: sans-serif;"><div class="markdown" style="white-space: normal;">
<p dir="auto">On 15 May 2025, at 21:40, Cy Schubert wrote:</p>
<blockquote style="margin: 0 0 5px; padding-left: 5px; border-left: 2px solid #136BCE; color: #136BCE;">
<p dir="auto">In message <a href="mailto:406249F9-B0FC-4E22-9402-683531321E72@FreeBSD.org">406249F9-B0FC-4E22-9402-683531321E72@FreeBSD.org</a>, Kristof<br>
Provost<br>
writes:</p>
<blockquote style="margin: 0 0 5px; padding-left: 5px; border-left: 2px solid #136BCE; border-left-color: #4B89CF; color: #4B89CF;">
<p dir="auto">On 15 May 2025, at 20:59, Cy Schubert wrote:</p>
<blockquote style="margin: 0 0 5px; padding-left: 5px; border-left: 2px solid #136BCE; border-left-color: #4B89CF; color: #4B89CF;">
<p dir="auto">In message <a href="mailto:20250515162552.9209B20E@slippy.cwsent.com">20250515162552.9209B20E@slippy.cwsent.com</a>, Cy Schubert wri=</p>
</blockquote>
<p dir="auto">tes:</p>
<blockquote style="margin: 0 0 5px; padding-left: 5px; border-left: 2px solid #136BCE; border-left-color: #4B89CF; color: #4B89CF;">
<blockquote style="margin: 0 0 5px; padding-left: 5px; border-left: 2px solid #136BCE; border-left-color: #4B89CF; color: #4B89CF;">
<p dir="auto">Over the last couple of days epair(4) fails to set up when an IP addre=</p>
</blockquote>
</blockquote>
<p dir="auto">ss is</p>
<blockquote style="margin: 0 0 5px; padding-left: 5px; border-left: 2px solid #136BCE; border-left-color: #4B89CF; color: #4B89CF;">
<blockquote style="margin: 0 0 5px; padding-left: 5px; border-left: 2px solid #136BCE; border-left-color: #4B89CF; color: #4B89CF;">
<p dir="auto">specified.</p>
<p dir="auto">bob# service jail onestart test2<br>
Starting jails: cannot start jail "test2":<br>
epair0a<br>
ifconfig: ioctl (SIOCAIFADDR): Invalid argument<br>
jail: test2: /sbin/ifconfig epair0a inet 10.1.1.70 netmask 0xffffff00 =</p>
</blockquote>
</blockquote>
<p dir="auto">up:</p>
<blockquote style="margin: 0 0 5px; padding-left: 5px; border-left: 2px solid #136BCE; border-left-color: #4B89CF; color: #4B89CF;">
<blockquote style="margin: 0 0 5px; padding-left: 5px; border-left: 2px solid #136BCE; border-left-color: #4B89CF; color: #4B89CF;">
<p dir="auto">failed<br>
.<br>
bob# ifconfig epair0a inet 10.1.1.70 netmask 0xffffff00<br>
ifconfig: ioctl (SIOCAIFADDR): Invalid argument<br>
bob# ifconfig epair0a inet up<br>
bob#</p>
</blockquote>
<p dir="auto">This regression is caused by b61850c4e6f6.</p>
</blockquote>
<p dir="auto">Is epair0a a member of a bridge? If so, that=E2=80=99s a configuration er=<br>
ror which is now prevented (by default).</p>
</blockquote>
<p dir="auto">Yes, epair0a, member of bridge0 is prevented from coming up.</p>
<p dir="auto">My jail configuration:</p>
<p dir="auto">test2 {<br>
$if = "0"; # Jail ID number<br>
$ip_addr = "10.1.1.71"; # Jail ipv4 address<br>
$netmask = "0xffffff00";<br>
$ip_host = "10.1.1.70"; # Gateway or host's ipv4<br>
address<br>
$ip_route = "10.1.1.254"; # Gateway or host's ipv4<br>
address<br>
$ip6_addr = "fc00:1:1:1::47"; # Jail ipv6 address<br>
$ip6_route = "fc00:1:1:1::fffe"; # Gateway or host's ipv6<br>
address<br>
vnet;<br>
vnet.interface = "epair${if}b";<br>
allow.set_hostname = "1";<br>
exec.prestart = "/sbin/sysctl kern.sugid_coredump=1";<br>
exec.prestart = "ifconfig epair${if} create up";<br>
exec.prestart += "ifconfig bridge0 addm epair${if}a";</p>
<h2>exec.prestart += "ifconfig bridge0 addm sk0";</h2>
<p dir="auto">exec.prestart += "/sbin/ifconfig epair${if}a inet ${ip_host} netmask<br>
${netmask} up";</p>
<h2>exec.prestart += "/sbin/route change -host ${ip_host} -iface</h2>
<p dir="auto">epair${if}a";</p>
<h2>exec.prestart += "/sbin/route add -host ${ip_addr} -iface</h2>
<p dir="auto">epair${if}a";<br>
exec.start = "/sbin/ifconfig epair${if}b inet ${ip_addr} netmask<br>
${netmask} up";<br>
exec.start += "/sbin/ifconfig epair${if}b inet6 ${ip6_addr} up";<br>
exec.start += "/sbin/route add default -gateway ${ip_route}";<br>
exec.start += "/sbin/route add -inet6 default -gateway<br>
${ip6_route}";<br>
exec.start += "/bin/sh /etc/rc";<br>
exec.stop = "/bin/sh /etc/rc.shutdown";<br>
exec.poststop = "ifconfig epair${if}a destroy";</p>
<h2>exec.poststop += "ifconfig bridge0 deletem sk0";</h2>
<p dir="auto">}</p>
</blockquote>
<p dir="auto">You’ll want to assign the IP address to the bridge, not to epair0a.<br>
It’s less obvious with IPv4 than it would be with IPv6, but assigning the address to epair0a breaks multicast.</p>
<p dir="auto">Best regards,<br>
Kristof</p>
</div>
</div>
</body>
</html>
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ED9223EB-9AD3-4F8E-A98F-3326DCE1A012>