Date: Mon, 12 Apr 2021 21:20:16 +0200 From: Michael Gmelin <freebsd@grem.de> To: =?UTF-8?B?w5Z6a2Fu?= KIRIK <ozkan.kirik@gmail.com> Cc: Michael Gmelin <freebsd@grem.de>, FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: jail - vnet bug - ping: UDP connect: No route to host Message-ID: <20210412212016.4828daa4@bsd64.grem.de> In-Reply-To: <20210412195740.33efe288@bsd64.grem.de> References: <CAAcX-AGd0=Kf-VnwywyHFEM9jUocO%2BZP4LK0XYBijgz-Pd%2BUGg@mail.gmail.com> <20210412125222.16610891@bsd64.grem.de> <CAAcX-AGuzUvjTTgPELUYoYhOsoQSmWevmsM=QZr_LnvOZ3yMgA@mail.gmail.com> <20210412143852.2c856a0b@bsd64.grem.de> <CAAcX-AEuOr6OsxDOPmUVf=6AP-E6zipqzepszvV7Ku1_d033Mw@mail.gmail.com> <20210412195740.33efe288@bsd64.grem.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 12 Apr 2021 19:57:40 +0200
Michael Gmelin <freebsd@grem.de> wrote:
> On Mon, 12 Apr 2021 17:45:36 +0300
> =C3=96zkan KIRIK <ozkan.kirik@gmail.com> wrote:
>=20
> > root@f13:~ # jls -s -j client
> > devfs_ruleset=3D0 enforce_statfs=3D2 host=3Dnew ip4=3Dinherit ip6=3Dinh=
erit
> > jid=3D2 name=3Dclient osreldate=3D1300139 osrelease=3D13.0-RC5 path=3D/
> > persist securelevel=3D-1 sysvmsg=3Ddisable sysvsem=3Ddisable
> > sysvshm=3Ddisable vnet=3Dnew allow.nochflags allow.nomlock allow.nomount
> > allow.mount.nodevfs allow.mount.noprocfs allow.mount.notmpfs
> > allow.noquotas allow.noraw_sockets allow.noread_msgbuf
> > allow.reserved_ports allow.set_hostname allow.nosocket_af
> > allow.suser allow.nosysvipc allow.unprivileged_proc_debug
> > children.max=3D0 host.domainname=3D"" host.hostid=3D0 host.hostname=3D""
> > host.hostuuid=3D00000000-0000-0000-0000-000000000000 =20
>=20
> I can reproduce the issue now, I'll try to dig deeper into it.
>=20
> -m
>=20
> [...snipsnap...]
>=20
Hi =C3=96zkan,
This is caused by ping using getaddrinfo to determine the address
family to be used. You can check this by running
getaddrinfo www.google.com
inside and outside of your jail and compare the results.
Inside your jail, inet6 entries are on top, while on your host, inet
entries are on top.
Configuration of address selection is done using /etc/rc.d/ip6addrctl,
which is enabled by default using a policy of AUTO (see
/etc/defaults/rc.conf).
As your simple jail doesn't call any rc scripts, your missing this step.
The easiest way to workaround the issue is to explicitly call:
service ip6addrctl start
after creating your vnet jail, or creating your vnet jail using:
jail -c name=3Dclient persist vnet vnet.interface=3Dem1 \
exec.start=3D"service ip6addrctl start"
Best,
Michael
--=20
Michael Gmelin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210412212016.4828daa4>