From owner-freebsd-jail@FreeBSD.ORG Tue Mar 10 11:05:07 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C5560106564A for ; Tue, 10 Mar 2009 11:05:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [195.88.108.3]) by mx1.freebsd.org (Postfix) with ESMTP id 7A85B8FC08 for ; Tue, 10 Mar 2009 11:05:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 0405A41C703; Tue, 10 Mar 2009 12:05:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([195.88.108.3]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id q55F0clZoPVg; Tue, 10 Mar 2009 12:05:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 94C3F41C70A; Tue, 10 Mar 2009 12:05:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 1E8434448E6; Tue, 10 Mar 2009 11:04:26 +0000 (UTC) Date: Tue, 10 Mar 2009 11:04:26 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Jamie Gritton In-Reply-To: <49B55CA2.7090300@FreeBSD.org> Message-ID: <20090310110332.Q96785@maildrop.int.zabbadoz.net> References: <49B55CA2.7090300@FreeBSD.org> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@FreeBSD.org Subject: Re: Problem using bz's multi-IP/IPv6/No-IP Jail Patch (7-STABLE) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Mar 2009 11:05:08 -0000 On Mon, 9 Mar 2009, Jamie Gritton wrote: > Kage wrote: > >> Encountering more issues now. Binding just an IPv6 address to a jail >> shows up in jls -v, but when I run ifconfig -a in the jail, I get an >> error I've never encountered, and doesn't show up on any Google >> search: >> >> [root@nub:/etc] jls -v >> JID Hostname Path >> Name State >> CPUSetID >> IP Address(es) >> 9 jail.template.tld /usr/jails/TEMPLATE >> ALIVE >> 10 >> 2610:150:c248:dead:beef:c0ff:eec0:deaa >> >> [root@jail:/] ifconfig -a >> ifconfig: socket(family 2,SOCK_DGRAM): Protocol not supported > > Recent patches reject sockets in jails that have no addresses in the > socket's family. So if you jail has no IPv6 addresses, you won't be > able to create any IPv6 sockets. Likewise your case: if that jail has > no IPv4 addresses, then it's an IPv4-less jail, and IPv4 sockets won't > work (Protocol not supported). For actual network connections, this > makes sense: you won't be able to bind or connect with this socket, as > there are no IPv4 addresses in the system. > > But ifconfig is a different situation. It just needs a socket of some > sort, and AF_INET has always worked, because any networked system always > has IPv4 support. But in an IPv4-less system (which an IPv4-less jail > not acts like), this default isn't useful. Something will need to be > fixed. I'm not sure if that something is ifconfig or the kernel. I'd suggest fixing ifconfig if (easily) possible; that would avoid us running into it again in a few months/year(s) when it might be possible to compile an INET6 but no INET kernel. -- Bjoern A. Zeeb The greatest risk is not taking one.