FreeBSD Mail Archives

Date:      Tue, 22 Feb 2022 23:30:21 +0200
From:      Sami Halabi <sodynet1@gmail.com>
To:        freebsd-jail@freebsd.org, freebsd-net@freebsd.org,  freebsd-emulation@freebsd.org
Subject:   linux debian jail - network problems
Message-ID:  <CAEW%2BogZpopx%2B9EPDY5hddqh5BfsVmZcZJrYtYLRF7gPgvHg%2BvA@mail.gmail.com>

next in thread | raw e-mail | index | archive | help


[-- Attachment #1 --]
Hi all,
sorry for the cross post but I need help and I'm not sure where it hangs.

I create linux jail (debian bullseye) via cbsd.
the jail is being populated with the debian userland..
so far so good... services running (sshd) and I can login to the jail, I
also can update packages and I can install apache httpd and all works fine
(apt install or make from src).
I also manage to install packages even if their scripts depend on "ip"
command that fails:
cbsd@j2> ip
Cannot open netlink socket: Address family not supported by protocol

ifconfig show empty interfaces:
cbsd@j2> ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 00:50:56:0a:b3:a0  (Ethernet)
        RX packets 139798314  bytes 12029597009 (11.2 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 26879143  bytes 34400160833 (32.0 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo0: flags=4169<UP,LOOPBACK,RUNNING,MULTICAST>  mtu 16384
        loop  (Local Loopback)
        RX packets 28548  bytes 160312960 (152.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 28548  bytes 160312960 (152.8 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

I know linux emulation doesn't implement netlink.. so what I do is fake the
response by replacing /bin/ip by a bash script that prints the correct IP
and fakes some other (needed by packages i Installed):
#!/bin/bash
if [ "$1" = "-o" ]; then
echo "1: eth0 inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0"
elif [ "$1" = "route" ]; then
        if [ "$2" = "get" ]; then
                echo "8.8.8.8 via  192.168.1.2   dev eth0  src
192.168.1.2  "
        else
                echo "default via  192.168.1.2   dev eth0"
        fi
else
echo "1: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
qlen 1000"
echo "  inet  192.168.1.2  /24 brd  192.168.1.255 scope global eth0"


still ifconfig shows no IP... its time to say it a regular jail and *NOT*
VNET.

*however* package that pull ips via libraries fail..
eg: installed bind916 (name) in the logs I see these errors (relevant only):
cbsd@j2> service named start
Starting domain name service...: namednamed: prctl(PR_SET_DUMPABLE) failed:
Invalid argument
cbsd@j2>


log file shows:
22-Feb-2022 23:11:58.705 general: notice: BIND 9 is maintained by Internet
Systems Consortium,
22-Feb-2022 23:11:58.705 general: notice: Inc. (ISC), a non-profit
501(c)(3) public-benefit
22-Feb-2022 23:11:58.705 general: notice: corporation.  Support and
training for BIND 9 are
22-Feb-2022 23:11:58.705 general: notice: available at
https://www.isc.org/support
22-Feb-2022 23:11:58.705 general: notice:
----------------------------------------------------
22-Feb-2022 23:11:58.705 general: info: found 6 CPUs, using 6 worker threads
22-Feb-2022 23:11:58.705 general: info: using 6 UDP listeners per interface
22-Feb-2022 23:11:58.705 general: info: using up to 21000 sockets
22-Feb-2022 23:11:58.715 general: info: loading configuration from
'/etc/bind/named.conf'
22-Feb-2022 23:11:58.715 general: info: reading built-in trust anchors from
file '/etc/bind/bind.keys'
22-Feb-2022 23:11:58.715 general: info: looking for GeoIP2 databases in
'/usr/share/GeoIP'
22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv4 port range:
[1024, 65535]
22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv6 port range:
[1024, 65535]
22-Feb-2022 23:11:58.715 network: info: no IPv6 interfaces found
22-Feb-2022 23:11:58.715 general: error: ifiter_getifaddrs.c:79: unexpected
error:
22-Feb-2022 23:11:58.715 general: error: getting interface addresses:
getifaddrs: Address family not supported by protocol
22-Feb-2022 23:11:58.715 network: warning: not listening on any interfaces
*snip*
*snip*
22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) failed:
Protocol not available
22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel
127.0.0.1#953: permission denied
22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) failed:
Protocol not available
22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel
127.0.0.1#953: permission denied
22-Feb-2022 23:11:58.735 zoneload: info: managed-keys-zone: loaded serial 24
22-Feb-2022 23:11:58.735 zoneload: info: zone 0.in-addr.arpa/IN: loaded
serial 1
22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
22-Feb-2022 23:11:58.735 general: error: setsockopt(512, IP_RECVTOS)
failed: Protocol not available
22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
22-Feb-2022 23:11:58.735 general: error: setsockopt(513, IP_RECVTOS)
failed: Protocol not available
22-Feb-2022 23:11:58.745 zoneload: info: zone 255.in-addr.arpa/IN: loaded
serial 1
22-Feb-2022 23:11:58.745 zoneload: info: zone j1.royalshells.com/IN: loaded
serial 2022022106
22-Feb-2022 23:11:58.745 notify: info: zone j1.royalshells.com/IN: sending
notifies (serial 2022022106)
22-Feb-2022 23:11:58.745 general: error: socket.c:2405: unexpected error:
22-Feb-2022 23:11:58.745 general: error: setsockopt(514, IP_RECVTOS)
failed: Protocol not available
22-Feb-2022 23:11:58.745 zoneload: info: zone localhost/IN: loaded serial 2
22-Feb-2022 23:11:58.745 general: error: socket.c:2405: unexpected error:
22-Feb-2022 23:11:58.745 general: error: setsockopt(515, IP_RECVTOS)
failed: Protocol not available
22-Feb-2022 23:11:58.745 zoneload: info: zone 127.in-addr.arpa/IN: loaded
serial 1
22-Feb-2022 23:11:58.745 general: notice: all zones loaded
22-Feb-2022 23:11:58.745 general: notice: running
22-Feb-2022 23:11:58.795 general: error: socket.c:2405: unexpected error:
22-Feb-2022 23:11:58.795 general: error: setsockopt(50, IP_RECVTOS) failed:
Protocol not available
22-Feb-2022 23:12:58.811 general: error: ifiter_getifaddrs.c:79: unexpected
error:
22-Feb-2022 23:12:58.811 general: error: getting interface addresses:
getifaddrs: Address family not supported by protocol
22-Feb-2022 23:12:58.811 network: warning: not listening on any interfaces

Any Idea how to fix this??

cbsd@j2> named -V
BIND 9.16.22-Debian (Extended Support Version) <id:59bfaba>
running on Linux x86_64 3.2.0 FreeBSD 12.3-RELEASE-p1 GENERIC

installing newer versions

I have also problems with dovecot mail package.. but will leave it for now

Thanks in advance,
Sami

[-- Attachment #2 --]
<div dir="ltr">Hi all,<div>sorry for the cross post but I need help and I&#39;m not sure where it hangs.</div><div><br></div><div>I create linux jail (debian bullseye) via cbsd.</div><div>the jail is being populated with the debian userland..</div><div>so far so good... services running (sshd) and I can login to the jail, I also can update packages and I can install apache httpd and all works fine (apt install or make from src).</div><div>I also manage to install packages even if their scripts depend on &quot;ip&quot; command that fails:</div><div>cbsd@j2&gt; ip<br>Cannot open netlink socket: Address family not supported by protocol<br></div><div><br></div><div>ifconfig show empty interfaces:</div><div>cbsd@j2&gt; ifconfig<br>eth0: flags=4163&lt;UP,BROADCAST,RUNNING,MULTICAST&gt;  mtu 1500<br>        ether 00:50:56:0a:b3:a0  (Ethernet)<br>        RX packets 139798314  bytes 12029597009 (11.2 GiB)<br>        RX errors 0  dropped 0  overruns 0  frame 0<br>        TX packets 26879143  bytes 34400160833 (32.0 GiB)<br>        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0<br><br>lo0: flags=4169&lt;UP,LOOPBACK,RUNNING,MULTICAST&gt;  mtu 16384<br>        loop  (Local Loopback)<br>        RX packets 28548  bytes 160312960 (152.8 MiB)<br>        RX errors 0  dropped 0  overruns 0  frame 0<br>        TX packets 28548  bytes 160312960 (152.8 MiB)<br>        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0<br></div><div><br></div><div>I know linux emulation doesn&#39;t implement netlink.. so what I do is fake the response by replacing /bin/ip by a bash script that prints the correct IP and fakes some other (needed by packages i Installed):<br></div><div>#!/bin/bash<br>if [ &quot;$1&quot; = &quot;-o&quot; ]; then<br>echo &quot;1: eth0 inet <a href="http://192.168.1.2/24">192.168.1.2/24</a>; brd 192.168.1.255 scope global eth0&quot;<br>elif [ &quot;$1&quot; = &quot;route&quot; ]; then<br>        if [ &quot;$2&quot; = &quot;get&quot; ]; then<br>                echo &quot;8.8.8.8 via 

192.168.1.2   dev eth0  src 

192.168.1.2  &quot;<br>        else<br>                echo &quot;default via 

192.168.1.2   dev eth0&quot;<br>        fi<br>else<br>echo &quot;1: eth0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc mq state UP qlen 1000&quot;<br>echo &quot;  inet 

192.168.1.2  /24 brd 

192.168.1.255 scope global eth0&quot;<br></div><div><div><br></div><div><br></div><div>still ifconfig shows no IP... its time to say it a regular jail and *NOT* VNET.</div><div><br></div><div>*however* package that pull ips via libraries fail..</div><div>eg: installed bind916 (name) in the logs I see these errors (relevant only):</div><div>cbsd@j2&gt; service named start<br>Starting domain name service...: namednamed: prctl(PR_SET_DUMPABLE) failed: Invalid argument<br>cbsd@j2&gt;<br></div><div><br></div><div><br></div><div>log file shows:</div><div>22-Feb-2022 23:11:58.705 general: notice: BIND 9 is maintained by Internet Systems Consortium,<br>22-Feb-2022 23:11:58.705 general: notice: Inc. (ISC), a non-profit 501(c)(3) public-benefit<br>22-Feb-2022 23:11:58.705 general: notice: corporation.  Support and training for BIND 9 are<br>22-Feb-2022 23:11:58.705 general: notice: available at <a href="https://www.isc.org/support">https://www.isc.org/support</a><br>22-Feb-2022 23:11:58.705 general: notice: ----------------------------------------------------<br>22-Feb-2022 23:11:58.705 general: info: found 6 CPUs, using 6 worker threads<br>22-Feb-2022 23:11:58.705 general: info: using 6 UDP listeners per interface<br>22-Feb-2022 23:11:58.705 general: info: using up to 21000 sockets<br>22-Feb-2022 23:11:58.715 general: info: loading configuration from &#39;/etc/bind/named.conf&#39;<br>22-Feb-2022 23:11:58.715 general: info: reading built-in trust anchors from file &#39;/etc/bind/bind.keys&#39;<br>22-Feb-2022 23:11:58.715 general: info: looking for GeoIP2 databases in &#39;/usr/share/GeoIP&#39;<br>22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv4 port range: [1024, 65535]<br>22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv6 port range: [1024, 65535]<br>22-Feb-2022 23:11:58.715 network: info: no IPv6 interfaces found<br>22-Feb-2022 23:11:58.715 general: error: ifiter_getifaddrs.c:79: unexpected error:<br>22-Feb-2022 23:11:58.715 general: error: getting interface addresses: getifaddrs: Address family not supported by protocol<br>22-Feb-2022 23:11:58.715 network: warning: not listening on any interfaces<br></div><div>*snip*</div><div>*snip*</div><div>22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:<br>22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) failed: Protocol not available<br>22-Feb-2022 23:11:58.735 general: notice: couldn&#39;t add command channel 127.0.0.1#953: permission denied<br></div><div>22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:<br>22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) failed: Protocol not available<br>22-Feb-2022 23:11:58.735 general: notice: couldn&#39;t add command channel 127.0.0.1#953: permission denied<br>22-Feb-2022 23:11:58.735 zoneload: info: managed-keys-zone: loaded serial 24<br>22-Feb-2022 23:11:58.735 zoneload: info: zone 0.in-addr.arpa/IN: loaded serial 1<br>22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:<br>22-Feb-2022 23:11:58.735 general: error: setsockopt(512, IP_RECVTOS) failed: Protocol not available<br>22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:<br>22-Feb-2022 23:11:58.735 general: error: setsockopt(513, IP_RECVTOS) failed: Protocol not available<br>22-Feb-2022 23:11:58.745 zoneload: info: zone 255.in-addr.arpa/IN: loaded serial 1<br>22-Feb-2022 23:11:58.745 zoneload: info: zone <a href="http://j1.royalshells.com/IN">j1.royalshells.com/IN</a>: loaded serial 2022022106<br>22-Feb-2022 23:11:58.745 notify: info: zone <a href="http://j1.royalshells.com/IN">j1.royalshells.com/IN</a>: sending notifies (serial 2022022106)<br>22-Feb-2022 23:11:58.745 general: error: socket.c:2405: unexpected error:<br>22-Feb-2022 23:11:58.745 general: error: setsockopt(514, IP_RECVTOS) failed: Protocol not available<br>22-Feb-2022 23:11:58.745 zoneload: info: zone localhost/IN: loaded serial 2<br>22-Feb-2022 23:11:58.745 general: error: socket.c:2405: unexpected error:<br>22-Feb-2022 23:11:58.745 general: error: setsockopt(515, IP_RECVTOS) failed: Protocol not available<br>22-Feb-2022 23:11:58.745 zoneload: info: zone 127.in-addr.arpa/IN: loaded serial 1<br>22-Feb-2022 23:11:58.745 general: notice: all zones loaded<br>22-Feb-2022 23:11:58.745 general: notice: running<br>22-Feb-2022 23:11:58.795 general: error: socket.c:2405: unexpected error:<br>22-Feb-2022 23:11:58.795 general: error: setsockopt(50, IP_RECVTOS) failed: Protocol not available<br></div><div>22-Feb-2022 23:12:58.811 general: error: ifiter_getifaddrs.c:79: unexpected error:<br>22-Feb-2022 23:12:58.811 general: error: getting interface addresses: getifaddrs: Address family not supported by protocol<br></div><div>22-Feb-2022 23:12:58.811 network: warning: not listening on any interfaces<br></div><div><br></div><div>Any Idea how to fix this??</div><div><br></div><div>cbsd@j2&gt; named -V<br>BIND 9.16.22-Debian (Extended Support Version) &lt;id:59bfaba&gt;<br>running on Linux x86_64 3.2.0 FreeBSD 12.3-RELEASE-p1 GENERIC<br></div><div><br></div><div>installing newer versions </div><div><br></div><div>I have also problems with dovecot mail package.. but will leave it for now</div><div><br></div><div>Thanks in advance,</div><div>Sami</div><br></div></div>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEW%2BogZpopx%2B9EPDY5hddqh5BfsVmZcZJrYtYLRF7gPgvHg%2BvA>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation