Date: Fri, 25 Feb 2022 08:34:57 +0200 From: Sami Halabi <sodynet1@gmail.com> To: Zhenlei Huang <zlei.huang@gmail.com> Cc: freebsd-jail@freebsd.org, freebsd-net@freebsd.org, freebsd-emulation@freebsd.org, FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: linux debian jail - network problems Message-ID: <CAEW%2Bogbb4Wq8L84jqLNbCWh9dvXruSgOCtHkiFB=zDZLdi0npA@mail.gmail.com> In-Reply-To: <8020452A-63EA-4424-8D20-CC9B9397B603@gmail.com> References: <CAEW%2BogZpopx%2B9EPDY5hddqh5BfsVmZcZJrYtYLRF7gPgvHg%2BvA@mail.gmail.com> <CAEW%2BogZTfDYOm9dfkrp=Go5tAY2FsGuM2zTDRVcH41WNG2eR6A@mail.gmail.com> <8020452A-63EA-4424-8D20-CC9B9397B603@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hi, Thank you for your response.. I wonder if Is it really only netlink problem? Their are fee problems in the logs.. I dont kbow if they all related only to netlink (prctl immutable for example).. I also saw oncompatibilities in socket.c .... Btw: I tried to enter the link you sent and it asked for username and password.. its not public review? Sami בתאריך יום ו׳, 25 בפבר׳ 2022, 04:18, מאת Zhenlei Huang < zlei.huang@gmail.com>: > Hi, > You can also track the WIP netlink feature, > https://reviews.freebsd.org/D33975 > > On Feb 25, 2022, at 4:05 AM, Sami Halabi <sodynet1@gmail.com> wrote: > > Hi, > Added Current, maybe will be lucky ;) > > Anyone have idea how approach and fix this? > > Sami > > בתאריך יום ג׳, 22 בפבר׳ 2022, 23:30, מאת Sami Halabi <sodynet1@gmail.com > >: > >> Hi all, >> sorry for the cross post but I need help and I'm not sure where it hangs. >> >> I create linux jail (debian bullseye) via cbsd. >> the jail is being populated with the debian userland.. >> so far so good... services running (sshd) and I can login to the jail, I >> also can update packages and I can install apache httpd and all works fine >> (apt install or make from src). >> I also manage to install packages even if their scripts depend on "ip" >> command that fails: >> cbsd@j2> ip >> Cannot open netlink socket: Address family not supported by protocol >> >> ifconfig show empty interfaces: >> cbsd@j2> ifconfig >> eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 >> ether 00:50:56:0a:b3:a0 (Ethernet) >> RX packets 139798314 bytes 12029597009 (11.2 GiB) >> RX errors 0 dropped 0 overruns 0 frame 0 >> TX packets 26879143 bytes 34400160833 (32.0 GiB) >> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 >> >> lo0: flags=4169<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 >> loop (Local Loopback) >> RX packets 28548 bytes 160312960 (152.8 MiB) >> RX errors 0 dropped 0 overruns 0 frame 0 >> TX packets 28548 bytes 160312960 (152.8 MiB) >> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 >> >> I know linux emulation doesn't implement netlink.. so what I do is fake >> the response by replacing /bin/ip by a bash script that prints the correct >> IP and fakes some other (needed by packages i Installed): >> #!/bin/bash >> if [ "$1" = "-o" ]; then >> echo "1: eth0 inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0" >> elif [ "$1" = "route" ]; then >> if [ "$2" = "get" ]; then >> echo "8.8.8.8 via 192.168.1.2 dev eth0 src >> 192.168.1.2 " >> else >> echo "default via 192.168.1.2 dev eth0" >> fi >> else >> echo "1: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state >> UP qlen 1000" >> echo " inet 192.168.1.2 /24 brd 192.168.1.255 scope global eth0" >> >> >> still ifconfig shows no IP... its time to say it a regular jail and *NOT* >> VNET. >> >> *however* package that pull ips via libraries fail.. >> eg: installed bind916 (name) in the logs I see these errors (relevant >> only): >> cbsd@j2> service named start >> Starting domain name service...: namednamed: prctl(PR_SET_DUMPABLE) >> failed: Invalid argument >> cbsd@j2> >> >> >> log file shows: >> 22-Feb-2022 23:11:58.705 general: notice: BIND 9 is maintained by >> Internet Systems Consortium, >> 22-Feb-2022 23:11:58.705 general: notice: Inc. (ISC), a non-profit >> 501(c)(3) public-benefit >> 22-Feb-2022 23:11:58.705 general: notice: corporation. Support and >> training for BIND 9 are >> 22-Feb-2022 23:11:58.705 general: notice: available at >> https://www.isc.org/support >> 22-Feb-2022 23:11:58.705 general: notice: >> ---------------------------------------------------- >> 22-Feb-2022 23:11:58.705 general: info: found 6 CPUs, using 6 worker >> threads >> 22-Feb-2022 23:11:58.705 general: info: using 6 UDP listeners per >> interface >> 22-Feb-2022 23:11:58.705 general: info: using up to 21000 sockets >> 22-Feb-2022 23:11:58.715 general: info: loading configuration from >> '/etc/bind/named.conf' >> 22-Feb-2022 23:11:58.715 general: info: reading built-in trust anchors >> from file '/etc/bind/bind.keys' >> 22-Feb-2022 23:11:58.715 general: info: looking for GeoIP2 databases in >> '/usr/share/GeoIP' >> 22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv4 port >> range: [1024, 65535] >> 22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv6 port >> range: [1024, 65535] >> 22-Feb-2022 23:11:58.715 network: info: no IPv6 interfaces found >> 22-Feb-2022 23:11:58.715 general: error: ifiter_getifaddrs.c:79: >> unexpected error: >> 22-Feb-2022 23:11:58.715 general: error: getting interface addresses: >> getifaddrs: Address family not supported by protocol >> 22-Feb-2022 23:11:58.715 network: warning: not listening on any interfaces >> *snip* >> *snip* >> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error: >> 22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) >> failed: Protocol not available >> 22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel >> 127.0.0.1#953: permission denied >> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error: >> 22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) >> failed: Protocol not available >> 22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel >> 127.0.0.1#953: permission denied >> 22-Feb-2022 23:11:58.735 zoneload: info: managed-keys-zone: loaded serial >> 24 >> 22-Feb-2022 23:11:58.735 zoneload: info: zone 0.in-addr.arpa/IN: loaded >> serial 1 >> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error: >> 22-Feb-2022 23:11:58.735 general: error: setsockopt(512, IP_RECVTOS) >> failed: Protocol not available >> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error: >> 22-Feb-2022 23:11:58.735 general: error: setsockopt(513, IP_RECVTOS) >> failed: Protocol not available >> 22-Feb-2022 23:11:58.745 zoneload: info: zone 255.in-addr.arpa/IN: loaded >> serial 1 >> 22-Feb-2022 23:11:58.745 zoneload: info: zone j1.royalshells.com/IN: >> loaded serial 2022022106 >> 22-Feb-2022 23:11:58.745 notify: info: zone j1.royalshells.com/IN: >> sending notifies (serial 2022022106) >> 22-Feb-2022 23:11:58.745 general: error: socket.c:2405: unexpected error: >> 22-Feb-2022 23:11:58.745 general: error: setsockopt(514, IP_RECVTOS) >> failed: Protocol not available >> 22-Feb-2022 23:11:58.745 zoneload: info: zone localhost/IN: loaded serial >> 2 >> 22-Feb-2022 23:11:58.745 general: error: socket.c:2405: unexpected error: >> 22-Feb-2022 23:11:58.745 general: error: setsockopt(515, IP_RECVTOS) >> failed: Protocol not available >> 22-Feb-2022 23:11:58.745 zoneload: info: zone 127.in-addr.arpa/IN: loaded >> serial 1 >> 22-Feb-2022 23:11:58.745 general: notice: all zones loaded >> 22-Feb-2022 23:11:58.745 general: notice: running >> 22-Feb-2022 23:11:58.795 general: error: socket.c:2405: unexpected error: >> 22-Feb-2022 23:11:58.795 general: error: setsockopt(50, IP_RECVTOS) >> failed: Protocol not available >> 22-Feb-2022 23:12:58.811 general: error: ifiter_getifaddrs.c:79: >> unexpected error: >> 22-Feb-2022 23:12:58.811 general: error: getting interface addresses: >> getifaddrs: Address family not supported by protocol >> 22-Feb-2022 23:12:58.811 network: warning: not listening on any interfaces >> >> Any Idea how to fix this?? >> >> cbsd@j2> named -V >> BIND 9.16.22-Debian (Extended Support Version) <id:59bfaba> >> running on Linux x86_64 3.2.0 FreeBSD 12.3-RELEASE-p1 GENERIC >> >> installing newer versions >> >> I have also problems with dovecot mail package.. but will leave it for now >> >> Thanks in advance, >> Sami >> >> > [-- Attachment #2 --] <div dir="auto">Hi,<div dir="auto">Thank you for your response.. I wonder if Is it really only netlink problem?</div><div dir="auto">Their are fee problems in the logs.. I dont kbow if they all related only to netlink (prctl immutable for example).. I also saw oncompatibilities in socket.c ....</div><div dir="auto"><br></div><div dir="auto">Btw: I tried to enter the link you sent and it asked for username and password.. its not public review?</div><div dir="auto"><br></div><div dir="auto">Sami</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">בתאריך יום ו׳, 25 בפבר׳ 2022, 04:18, מאת Zhenlei Huang <<a href="mailto:zlei.huang@gmail.com">zlei.huang@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word;line-break:after-white-space">Hi,<div>You can also track the WIP netlink feature, <a href="https://reviews.freebsd.org/D33975" target="_blank" rel="noreferrer">https://reviews.freebsd.org/D33975</a><br><div><br><blockquote type="cite"><div>On Feb 25, 2022, at 4:05 AM, Sami Halabi <<a href="mailto:sodynet1@gmail.com" target="_blank" rel="noreferrer">sodynet1@gmail.com</a>> wrote:</div><br><div><div dir="auto">Hi,<div dir="auto">Added Current, maybe will be lucky ;)</div><div dir="auto"><br></div><div dir="auto">Anyone have idea how approach and fix this?</div><div dir="auto"><br></div><div dir="auto">Sami</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">בתאריך יום ג׳, 22 בפבר׳ 2022, 23:30, מאת Sami Halabi <<a href="mailto:sodynet1@gmail.com" target="_blank" rel="noreferrer">sodynet1@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi all,<div>sorry for the cross post but I need help and I'm not sure where it hangs.</div><div><br></div><div>I create linux jail (debian bullseye) via cbsd.</div><div>the jail is being populated with the debian userland..</div><div>so far so good... services running (sshd) and I can login to the jail, I also can update packages and I can install apache httpd and all works fine (apt install or make from src).</div><div>I also manage to install packages even if their scripts depend on "ip" command that fails:</div><div>cbsd@j2> ip<br>Cannot open netlink socket: Address family not supported by protocol<br></div><div><br></div><div>ifconfig show empty interfaces:</div><div>cbsd@j2> ifconfig<br>eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500<br> ether 00:50:56:0a:b3:a0 (Ethernet)<br> RX packets 139798314 bytes 12029597009 (11.2 GiB)<br> RX errors 0 dropped 0 overruns 0 frame 0<br> TX packets 26879143 bytes 34400160833 (32.0 GiB)<br> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0<br><br>lo0: flags=4169<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384<br> loop (Local Loopback)<br> RX packets 28548 bytes 160312960 (152.8 MiB)<br> RX errors 0 dropped 0 overruns 0 frame 0<br> TX packets 28548 bytes 160312960 (152.8 MiB)<br> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0<br></div><div><br></div><div>I know linux emulation doesn't implement netlink.. so what I do is fake the response by replacing /bin/ip by a bash script that prints the correct IP and fakes some other (needed by packages i Installed):<br></div><div>#!/bin/bash<br>if [ "$1" = "-o" ]; then<br>echo "1: eth0 inet <a href="http://192.168.1.2/24" rel="noreferrer noreferrer" target="_blank">192.168.1.2/24</a> brd 192.168.1.255 scope global eth0"<br>elif [ "$1" = "route" ]; then<br> if [ "$2" = "get" ]; then<br> echo "8.8.8.8 via 192.168.1.2 dev eth0 src 192.168.1.2 "<br> else<br> echo "default via 192.168.1.2 dev eth0"<br> fi<br>else<br>echo "1: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000"<br>echo " inet 192.168.1.2 /24 brd 192.168.1.255 scope global eth0"<br></div><div><div><br></div><div><br></div><div>still ifconfig shows no IP... its time to say it a regular jail and *NOT* VNET.</div><div><br></div><div>*however* package that pull ips via libraries fail..</div><div>eg: installed bind916 (name) in the logs I see these errors (relevant only):</div><div>cbsd@j2> service named start<br>Starting domain name service...: namednamed: prctl(PR_SET_DUMPABLE) failed: Invalid argument<br>cbsd@j2><br></div><div><br></div><div><br></div><div>log file shows:</div><div>22-Feb-2022 23:11:58.705 general: notice: BIND 9 is maintained by Internet Systems Consortium,<br>22-Feb-2022 23:11:58.705 general: notice: Inc. (ISC), a non-profit 501(c)(3) public-benefit<br>22-Feb-2022 23:11:58.705 general: notice: corporation. Support and training for BIND 9 are<br>22-Feb-2022 23:11:58.705 general: notice: available at <a href="https://www.isc.org/support" rel="noreferrer noreferrer" target="_blank">https://www.isc.org/support</a><br>22-Feb-2022 23:11:58.705 general: notice: ----------------------------------------------------<br>22-Feb-2022 23:11:58.705 general: info: found 6 CPUs, using 6 worker threads<br>22-Feb-2022 23:11:58.705 general: info: using 6 UDP listeners per interface<br>22-Feb-2022 23:11:58.705 general: info: using up to 21000 sockets<br>22-Feb-2022 23:11:58.715 general: info: loading configuration from '/etc/bind/named.conf'<br>22-Feb-2022 23:11:58.715 general: info: reading built-in trust anchors from file '/etc/bind/bind.keys'<br>22-Feb-2022 23:11:58.715 general: info: looking for GeoIP2 databases in '/usr/share/GeoIP'<br>22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv4 port range: [1024, 65535]<br>22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv6 port range: [1024, 65535]<br>22-Feb-2022 23:11:58.715 network: info: no IPv6 interfaces found<br>22-Feb-2022 23:11:58.715 general: error: ifiter_getifaddrs.c:79: unexpected error:<br>22-Feb-2022 23:11:58.715 general: error: getting interface addresses: getifaddrs: Address family not supported by protocol<br>22-Feb-2022 23:11:58.715 network: warning: not listening on any interfaces<br></div><div>*snip*</div><div>*snip*</div><div>22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:<br>22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) failed: Protocol not available<br>22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel 127.0.0.1#953: permission denied<br></div><div>22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:<br>22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) failed: Protocol not available<br>22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel 127.0.0.1#953: permission denied<br>22-Feb-2022 23:11:58.735 zoneload: info: managed-keys-zone: loaded serial 24<br>22-Feb-2022 23:11:58.735 zoneload: info: zone 0.in-addr.arpa/IN: loaded serial 1<br>22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:<br>22-Feb-2022 23:11:58.735 general: error: setsockopt(512, IP_RECVTOS) failed: Protocol not available<br>22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:<br>22-Feb-2022 23:11:58.735 general: error: setsockopt(513, IP_RECVTOS) failed: Protocol not available<br>22-Feb-2022 23:11:58.745 zoneload: info: zone 255.in-addr.arpa/IN: loaded serial 1<br>22-Feb-2022 23:11:58.745 zoneload: info: zone <a href="http://j1.royalshells.com/IN" rel="noreferrer noreferrer" target="_blank">j1.royalshells.com/IN</a>: loaded serial 2022022106<br>22-Feb-2022 23:11:58.745 notify: info: zone <a href="http://j1.royalshells.com/IN" rel="noreferrer noreferrer" target="_blank">j1.royalshells.com/IN</a>: sending notifies (serial 2022022106)<br>22-Feb-2022 23:11:58.745 general: error: socket.c:2405: unexpected error:<br>22-Feb-2022 23:11:58.745 general: error: setsockopt(514, IP_RECVTOS) failed: Protocol not available<br>22-Feb-2022 23:11:58.745 zoneload: info: zone localhost/IN: loaded serial 2<br>22-Feb-2022 23:11:58.745 general: error: socket.c:2405: unexpected error:<br>22-Feb-2022 23:11:58.745 general: error: setsockopt(515, IP_RECVTOS) failed: Protocol not available<br>22-Feb-2022 23:11:58.745 zoneload: info: zone 127.in-addr.arpa/IN: loaded serial 1<br>22-Feb-2022 23:11:58.745 general: notice: all zones loaded<br>22-Feb-2022 23:11:58.745 general: notice: running<br>22-Feb-2022 23:11:58.795 general: error: socket.c:2405: unexpected error:<br>22-Feb-2022 23:11:58.795 general: error: setsockopt(50, IP_RECVTOS) failed: Protocol not available<br></div><div>22-Feb-2022 23:12:58.811 general: error: ifiter_getifaddrs.c:79: unexpected error:<br>22-Feb-2022 23:12:58.811 general: error: getting interface addresses: getifaddrs: Address family not supported by protocol<br></div><div>22-Feb-2022 23:12:58.811 network: warning: not listening on any interfaces<br></div><div><br></div><div>Any Idea how to fix this??</div><div><br></div><div>cbsd@j2> named -V<br>BIND 9.16.22-Debian (Extended Support Version) <id:59bfaba><br>running on Linux x86_64 3.2.0 FreeBSD 12.3-RELEASE-p1 GENERIC<br></div><div><br></div><div>installing newer versions </div><div><br></div><div>I have also problems with dovecot mail package.. but will leave it for now</div><div><br></div><div>Thanks in advance,</div><div>Sami</div><br></div></div> </blockquote></div> </div></blockquote></div><br></div></div></blockquote></div>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEW%2Bogbb4Wq8L84jqLNbCWh9dvXruSgOCtHkiFB=zDZLdi0npA>