Date: Tue, 10 Jan 2023 06:51:06 +0100 From: Mathias Picker <Mathias.Picker@virtual-earth.de> To: freebsd-emulation@freebsd.org Subject: Linux jail 14-CURRENT: DNS does not work for *some* programs? Message-ID: <CA4C4A0C-F394-473C-9FC2-3EF5B1E2F1FD@virtual-earth.de>
next in thread | raw e-mail | index | archive | help
------0YMTFLJNZJNNVYLKHC663FYMB9TF3L Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi all, I=E2=80=99m testing a few linux triplestore in a linux jail, and used 13= =2E1 which worked fine most of the time=2E Now one of the stores shows dropped connections with many clients, and as = I can see logs of netlink errors in the logs, I thought I=E2=80=99d try -CU= RRENT=2E Sadly, my linux jail (Ubuntu 16=2E04=2E7) now shows an irritating behaviou= r, some programs seem to hang indefinitely waiting for name resolution: Inside the jail: Working version with ping root@bayerlinux:/home/mathiasp/triplestore-analysis/tmp# ping google=2Ede WARNING: setsockopt(ICMP_FILTER): Protocol not available PING google=2Ede (172=2E217=2E16=2E131) 56(84) bytes of data=2E Outside: root@kap:/usr/home/mathiasp # tcpdump -ni bayerlinux_b tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on bayerlinux_b, link-type EN10MB (Ethernet), capture size 26214= 4 bytes 20:17:10=2E852625 IP 192=2E168=2E100=2E10=2E13809 > 192=2E168=2E100=2E1=2E= 53: 3191+ [1au] A? google=2Ede=2E (38) 20:17:10=2E852668 IP 192=2E168=2E100=2E1=2E53 > 192=2E168=2E100=2E10=2E138= 09: 3191 1/0/1 A 172=2E217=2E16=2E131 (54) Non-working with wget (same for curl and others) Inside the jail: root@bayerlinux:/home/mathiasp/triplestore-analysis/tmp# wget http://googl= e=2Ede/ --2023-01-09 19:21:58-- http://google=2Ede/ Resolving google=2Ede (google=2Ede)=2E=2E=2E (waitet for max 5 minutes, no= change) Outside the jail: root@kap:/usr/home/mathiasp # tcpdump -ni bayerlinux_b tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on bayerlinux_b, link-type EN10MB (Ethernet), capture size 26214= 4 bytes 20:17:02=2E738570 IP 192=2E168=2E100=2E10=2E60967 > 192=2E168=2E100=2E1=2E= 53: 30219+ A? google=2Ede=2E (27) 20:17:02=2E738893 IP 192=2E168=2E100=2E1=2E53 > 192=2E168=2E100=2E10=2E609= 67: 30219 1/0/0 A 172=2E217=2E16=2E131 (43) So, this tcpdump looks pretty much as if both got answers from unbound=2E Why is wget (and host, and curl, and sudo) not =E2=80=9Cgetting=E2=80=9D t= his answer? Any ideas where to look or questions about my setup welcome! This Jail works fine on 13=2E1 This is on a recent current: FreeBSD kap=2Evirtual-earth=2Ede 14=2E0-CURRENT FreeBSD 14=2E0-CURRENT #0 = main-n259979-9408f36627b7: Mon Jan 9 16:36:51 CET 2023 root@kap=2Evirtual-= earth=2Ede:/usr/obj/usr/src/amd64=2Eamd64/sys/GENERIC-NODEBUG amd64 /etc/jail=2Econf looks like this: $iface=3D"igb0"; $j=3D"/jail"; path=3D"/jails/$name"; mount=2Edevfs; exec=2Eclean; exec=2Estart=3D"sh /etc/rc"; exec=2Estop=3D"sh /etc/rc=2Eshutdown"; exec=2Eprestart=3D"logger starting jail $name =2E=2E=2E"; exec=2Epoststart=3D"logger jail $name has started"; exec=2Eprestop=3D"logger shutting down jail $name"; exec=2Epoststop=3D"logger jail $name has shut down"; # generic hostnames host=2Ehostname=3D"$name=2Ekap=2Elocal"; # vnet jails vnet; vnet=2Einterface=3D"${name}_j"; exec=2Eprestart+=3D"/usr/local/sbin/jailtobridge $name jailbridge0"; exec=2Epoststop+=3D"/sbin/ifconfig jailbridge0 deletem ${name}_b;/sbin/ifc= onfig ${name}_b destroy"; exec=2Econsolelog=3D"/var/log/jails/$name-console=2Elog"; # linux jails # needs FreeBSD ifconfig and route from /rescue to work! bayerlinux { mount=2Efstab=3D"/jails/fstabs/bayerlinux"; allow=2Emount; allow=2Eraw_sockets; allow=2Eread_msgbuf; allow=2Esocket_af; sysvmsg; sysvsem; sysvshm; exec=2Estart =3D "/etc/init=2Ed/rc 3"; exec=2Estop =3D "/etc/init=2Ed/rc 0"; persist; } Thanks, Mathias Mathias Picker Gesch=C3=A4ftsf=C3=BChrer virtual earth Gesellschaft f=C3=BCr Wissens re/pr=C3=A4 sentation mbH Westendstr=2E 142 80339 M=C3=BCnchen +4915256178344 ------0YMTFLJNZJNNVYLKHC663FYMB9TF3L Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html><html><body>Hi all,<br><br>I=E2=80=99m testing a few linux t= riplestore in a linux jail, and used 13=2E1 which worked fine most of the t= ime=2E<br><br>Now one of the stores shows dropped connections with many cli= ents, and as I can see logs of netlink errors in the logs, I thought I=E2= =80=99d try -CURRENT=2E<br><br>Sadly, my linux jail (Ubuntu 16=2E04=2E7) no= w shows an irritating behaviour, some programs seem to hang indefinitely wa= iting for name resolution:<br><br>Inside the jail:<br><br>Working version w= ith ping<br><br>root@bayerlinux:/home/mathiasp/triplestore-analysis/tmp# pi= ng google=2Ede<br>WARNING: setsockopt(ICMP_FILTER): Protocol not available<= br>PING google=2Ede (172=2E217=2E16=2E131) 56(84) bytes of data=2E<br>Outsi= de:<br>root@kap:/usr/home/mathiasp # tcpdump -ni bayerlinux_b<br>tcpdump: v= erbose output suppressed, use -v or -vv for full protocol decode<br>listeni= ng on bayerlinux_b, link-type EN10MB (Ethernet), capture size 262144 bytes<= br>20:17:10=2E852625 IP 192=2E168=2E100=2E10=2E13809 > 192=2E168=2E100= =2E1=2E53: 3191+ [1au] A? google=2Ede=2E (38)<br>20:17:10=2E852668 IP 192= =2E168=2E100=2E1=2E53 > 192=2E168=2E100=2E10=2E13809: 3191 1/0/1 A 172= =2E217=2E16=2E131 (54)<br><br>Non-working with wget (same for curl and othe= rs)<br><br>Inside the jail:<br>root@bayerlinux:/home/mathiasp/triplestore-a= nalysis/tmp# wget <a href=3D"http://google=2Ede/">http://google=2Ede/</a><b= r>--2023-01-09 19:21:58--=C2=A0 <a href=3D"http://google=2Ede/">http://goog= le=2Ede/</a><br>Resolving google=2Ede (google=2Ede)=2E=2E=2E (waitet for ma= x 5 minutes, no change)<br>Outside the jail:<br>root@kap:/usr/home/mathiasp= # tcpdump -ni bayerlinux_b<br>tcpdump: verbose output suppressed, use -v o= r -vv for full protocol decode<br>listening on bayerlinux_b, link-type EN10= MB (Ethernet), capture size 262144 bytes<br>20:17:02=2E738570 IP 192=2E168= =2E100=2E10=2E60967 > 192=2E168=2E100=2E1=2E53: 30219+ A? google=2Ede=2E= (27)<br>20:17:02=2E738893 IP 192=2E168=2E100=2E1=2E53 > 192=2E168=2E100= =2E10=2E60967: 30219 1/0/0 A 172=2E217=2E16=2E131 (43)<br><br>So, this tcpd= ump looks pretty much as if both got answers from unbound=2E<br>Why is wget= (and host, and curl, and sudo) not =E2=80=9Cgetting=E2=80=9D this answer?<= br><br>Any ideas where to look or questions about my setup welcome!<br><br>= This Jail works fine on 13=2E1<br><br>This is on a recent current:<br><br>F= reeBSD kap=2Evirtual-earth=2Ede 14=2E0-CURRENT FreeBSD 14=2E0-CURRENT #0 ma= in-n259979-9408f36627b7: Mon Jan=C2=A0 9 16:36:51 CET 2023 root@kap=2Evirtu= al-earth=2Ede:/usr/obj/usr/src/amd64=2Eamd64/sys/GENERIC-NODEBUG amd64<br><= br>/etc/jail=2Econf looks like this:<br><br>$iface=3D"igb0";<br>$j=3D"/jail= ";<br>path=3D"/jails/$name";<br><br>mount=2Edevfs;<br><br>exec=2Eclean;<br>= exec=2Estart=3D"sh /etc/rc";<br>exec=2Estop=3D"sh /etc/rc=2Eshutdown";<br>e= xec=2Eprestart=3D"logger starting jail $name =2E=2E=2E";<br>exec=2Epoststar= t=3D"logger jail $name has started";<br>exec=2Eprestop=3D"logger shutting d= own jail $name";<br>exec=2Epoststop=3D"logger jail $name has shut down";<br= ><br># generic hostnames<br><br>host=2Ehostname=3D"$name=2Ekap=2Elocal";<br= ><br><br><br># vnet jails<br>vnet;<br>vnet=2Einterface=3D"${name}_j";<br>ex= ec=2Eprestart+=3D"/usr/local/sbin/jailtobridge $name jailbridge0";<br>exec= =2Epoststop+=3D"/sbin/ifconfig jailbridge0 deletem ${name}_b;/sbin/ifconfig= ${name}_b destroy";<br><br>exec=2Econsolelog=3D"/var/log/jails/$name-conso= le=2Elog";<br><br># linux jails<br># needs FreeBSD ifconfig and route from = /rescue to work!<br><br>bayerlinux {<br>mount=2Efstab=3D"/jails/fstabs/baye= rlinux";<br>allow=2Emount;<br>allow=2Eraw_sockets;<br>allow=2Eread_msgbuf;<= br>allow=2Esocket_af;<br>sysvmsg;<br>sysvsem;<br>sysvshm;<br>exec=2Estart = =3D "/etc/init=2Ed/rc 3";<br>exec=2Estop =3D "/etc/init=2Ed/rc 0";<br>persi= st;<br>}<br><br><br>Thanks,<br><br>Mathias<br>Mathias Picker<br>Gesch=C3=A4= ftsf=C3=BChrer<br>virtual earth Gesellschaft f=C3=BCr Wissens re/pr=C3=A4 s= entation mbH<br>Westendstr=2E 142<br>80339 M=C3=BCnchen<br>+4915256178344</= body></html> ------0YMTFLJNZJNNVYLKHC663FYMB9TF3L--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA4C4A0C-F394-473C-9FC2-3EF5B1E2F1FD>