From owner-freebsd-net@freebsd.org Mon Apr 12 19:21:02 2021 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E30FB5DBBC9 for ; Mon, 12 Apr 2021 19:21:02 +0000 (UTC) (envelope-from freebsd@grem.de) Received: from mail.evolve.de (mail.evolve.de [213.239.217.29]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail.evolve.de", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FJz9T4s1Yz4nkg for ; Mon, 12 Apr 2021 19:21:01 +0000 (UTC) (envelope-from freebsd@grem.de) Received: by mail.evolve.de (OpenSMTPD) with ESMTP id 79c8dffc; Mon, 12 Apr 2021 19:20:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=grem.de; h=date:from:to:cc :subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; s=20180501; bh=q1+x/odn PNZzfPl8WVUsQCA2gYM=; b=b2sapKh56u8jNwmBjiqRqKe9t90dPb9OIjhI7Dag vH+EBXE8wqtZIog7L+h47I8eKaHPo9xUVT2ZKawYwCzOnIS4bL5cTPPAnUIo8frP cC65LPJ4MK1yAZH/NvDdKX5GJXyPiYuF0IE1Vp/xB0Xptcc73hiOSE5a4MSXavrt 7Np+RAlXEtwLL7EKylumwlNbSGpb4HQ2f7omvSSBcAmOwYXxmd7+vVT3euqNB35N SGeA/fqgSYCeq3cp7XwhivMx+v4Wt/G7qduM0wVjQDxGkjiwHAS1SJmdm3a26Gt4 03f/Yq0qOFc7xfv750IoI2GEm0gE2nn3HoOUu70gMcziSg== DomainKey-Signature: a=rsa-sha1; c=nofws; d=grem.de; h=date:from:to:cc :subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; q=dns; s=20180501; b=Ec 13bWh9IRSZj0bWNAi6a0uaR8wupRUo1xBXfWgB8TCpaigbGmlQ7UPP/YCwDQgEZT Yq675cNPYIk0em/Zm7+avK7ONw6jXxW/ni9xatce8WCxLQo665BinFfOKgkoYpN6 ii6+BmgMVLVCZcI/qyNw01DDFJ1kZnfY2MKo/6c0pYoRmECHTfc64nVyPi/PIg3+ nOwvnT/mjZs0Cpa5FKrHClj4uqDJca+Ds/8ZxJriDAdTX1+RiDBmbkp0al/IdVzP 7YPQNsJmA1EU18yUTlzhsI1IYZKiCEIc+FGr5pS6qqJTwNmgw31peI6oLFu81Dd4 Pltm72SAGIqWAiJU6XGA== Received: by mail.evolve.de (OpenSMTPD) with ESMTPSA id abb13529 (TLSv1.3:AEAD-CHACHA20-POLY1305-SHA256:256:NO); Mon, 12 Apr 2021 19:20:56 +0000 (UTC) Date: Mon, 12 Apr 2021 21:20:16 +0200 From: Michael Gmelin To: =?UTF-8?B?w5Z6a2Fu?= KIRIK Cc: Michael Gmelin , FreeBSD Net Subject: Re: jail - vnet bug - ping: UDP connect: No route to host Message-ID: <20210412212016.4828daa4@bsd64.grem.de> In-Reply-To: <20210412195740.33efe288@bsd64.grem.de> References: <20210412125222.16610891@bsd64.grem.de> <20210412143852.2c856a0b@bsd64.grem.de> <20210412195740.33efe288@bsd64.grem.de> X-Face: $wrgCtfdVw_H9WAY?S&9+/F"!41z'L$uo*WzT8miX?kZ~W~Lr5W7v?j0Sde\mwB&/ypo^}> +a'4xMc^^KroE~+v^&^#[B">soBo1y6(TW6#UZiC]o>C6`ej+i Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJFBMVEWJBwe5BQDl LASZU0/LTEWEfHbyj0Txi32+sKrp1Mv944X8/fm1rS+cAAAACXBIWXMAAAsTAAAL EwEAmpwYAAAAB3RJTUUH3wESCxwC7OBhbgAAACFpVFh0Q29tbWVudAAAAAAAQ3Jl YXRlZCB3aXRoIFRoZSBHSU1QbbCXAAAAAghJREFUOMu11DFvEzEUAGCfEhBVFzuq AKkLd0O6VrIQsLXVSZXoWE5N1K3DobBBA9fQpRWc8OkWouaIjedWKiyREOKs+3PY fvalCNjgLVHeF7/3bMtBzV8C/VsQ8tecEgCcDgrzjekwKZ7TwsJZd/ywEKwwP+ZM 8P3drTsAwWn2mpWuDDuYiK1bFs6De0KUUFw0tWxm+D4AIhuuvZqtyWYeO7jQ4Aea 7jUqI+ixhQoHex4WshEvSXdood7stlv4oSuFOC4tqGcr0NjEqXgV4mMJO38nld4+ xKNxRDon7khyKVqY7YR4d+Cg0OMrkWXZOM7YDkEfKiilCn1qYv4mighZiynuHHOA Wq9QJq+BIES7lMFUtcikMnkDGHUoncA+uHgrP0ctIEqfwLHzeSo+eUA66AqzwN6n 2ZHJhw6Qh/PoyC/QENyEyC/AyNjq74Bs+3UH0xYwzDUC4B97HgLocg1QLYgDDO1v f3UX9Y307Ew4AHh67YAFFsxEpkXwpXY3eIgMhAAE3R19L919nNnuD2wlPcDE3UeT L2ytEICQib9BXgS2fU8PrD82ToYO1OEmMSnYTjSqSv9wdC0tPYC+rQRQD9ESnldF CyqfmiYW+tlALt8gH2xrMdC/youbjzPXEun+/ReXsMCDyve3dZc09fn2Oas8oXGc Jj6/fOeK5UmSMPmf/jL+GD8BEj0k/Fn6IO4AAAAASUVORK5CYII= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4FJz9T4s1Yz4nkg X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=grem.de header.s=20180501 header.b=b2sapKh5; dmarc=none; spf=pass (mx1.freebsd.org: domain of freebsd@grem.de designates 213.239.217.29 as permitted sender) smtp.mailfrom=freebsd@grem.de X-Spamd-Result: default: False [-1.50 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[grem.de:s=20180501]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip4:213.239.217.29/32]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grem.de]; SPAMHAUS_ZRD(0.00)[213.239.217.29:from:127.0.2.255]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[grem.de:+]; NEURAL_SPAM_LONG(1.00)[1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[213.239.217.29:from]; ASN(0.00)[asn:24940, ipnet:213.239.192.0/18, country:DE]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-net] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Apr 2021 19:21:02 -0000 On Mon, 12 Apr 2021 19:57:40 +0200 Michael Gmelin wrote: > On Mon, 12 Apr 2021 17:45:36 +0300 > =C3=96zkan KIRIK wrote: >=20 > > root@f13:~ # jls -s -j client > > devfs_ruleset=3D0 enforce_statfs=3D2 host=3Dnew ip4=3Dinherit ip6=3Dinh= erit > > jid=3D2 name=3Dclient osreldate=3D1300139 osrelease=3D13.0-RC5 path=3D/ > > persist securelevel=3D-1 sysvmsg=3Ddisable sysvsem=3Ddisable > > sysvshm=3Ddisable vnet=3Dnew allow.nochflags allow.nomlock allow.nomount > > allow.mount.nodevfs allow.mount.noprocfs allow.mount.notmpfs > > allow.noquotas allow.noraw_sockets allow.noread_msgbuf > > allow.reserved_ports allow.set_hostname allow.nosocket_af > > allow.suser allow.nosysvipc allow.unprivileged_proc_debug > > children.max=3D0 host.domainname=3D"" host.hostid=3D0 host.hostname=3D"" > > host.hostuuid=3D00000000-0000-0000-0000-000000000000 =20 >=20 > I can reproduce the issue now, I'll try to dig deeper into it. >=20 > -m >=20 > [...snipsnap...] >=20 Hi =C3=96zkan, This is caused by ping using getaddrinfo to determine the address family to be used. You can check this by running getaddrinfo www.google.com inside and outside of your jail and compare the results. Inside your jail, inet6 entries are on top, while on your host, inet entries are on top. Configuration of address selection is done using /etc/rc.d/ip6addrctl, which is enabled by default using a policy of AUTO (see /etc/defaults/rc.conf). As your simple jail doesn't call any rc scripts, your missing this step. The easiest way to workaround the issue is to explicitly call: service ip6addrctl start after creating your vnet jail, or creating your vnet jail using: jail -c name=3Dclient persist vnet vnet.interface=3Dem1 \ exec.start=3D"service ip6addrctl start" Best, Michael --=20 Michael Gmelin