Date: Wed, 18 May 2016 18:38:47 +0000 From: Grzegorz Junka <list1@gjunka.com> To: freebsd-jail@freebsd.org Subject: Re: netstat -rn in jail doesn't work Message-ID: <a5301d12-5073-f1c7-3762-4704b8a40f3d@gjunka.com> In-Reply-To: <573CB46A.6040308@quip.cz> References: <87302b92-dcae-0ed2-92e2-0c29779c0fd3@gjunka.com> <573CB46A.6040308@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
OK, thanks, so it looks like it doesn't prevent the jail from working correctly, it's just the reporting that's broken. Grzegorz On 18/05/2016 18:28, Miroslav Lachman wrote: > Grzegorz Junka wrote on 05/18/2016 18:37: >> What may be the reason that netstat -rn works in one jail and doesn't in >> another? >> >> root@app2:/ # netstat -rn >> Routing tables >> >> Internet: >> Destination Gateway Flags Netif Expire >> 192.168.1.76 link#4 UHS lo0 >> >> >> root@pjp1:/ # netstat -rn >> netstat: kvm not available: /dev/mem: No such file or directory >> Routing tables >> rt_tables: symbol not in namelist > > I don't know the reason but I can confirm this behavior. I know about > this for a long time. Netstat complains about /dev/mem for some other > params too even if it outputs correct values for example for opened > tcp connections: > > /# netstat -s -p tcp > netstat: kvm not available: /dev/mem: No such file or directory > tcp: > 1517892073 packets sent > 1453939900 data packets (2274781047202 bytes) > 759536 data packets (929141944 bytes) retransmitted > 59175 data packets unnecessarily retransmitted > 0 resends initiated by MTU discovery > 51907865 ack-only packets (26667901 delayed) > 0 URG only packets > 267 window probe packets > 795506 window update packets > 10493883 control packets > 1487401217 packets received > 1417951529 acks (for 2273802396874 bytes) > 7502860 duplicate acks > 38600 acks for unsent data > 1368386110 packets (2153255668968 bytes) received > in-sequence > 222423 completely duplicate packets (39239815 bytes) > 11980 old duplicate packets > 221 packets with some dup. data (94160 bytes duped) > 35171 out-of-order packets (15770219 bytes) > 21 packets (11 bytes) of data after window > 11 window probes > 1863690 window update packets > 1642030 packets received after close > 281 discarded for bad checksums > 0 discarded for bad header offset fields > 0 discarded because packet too short > 87 discarded due to memory problems > 2448384 connection requests > 7800552 connection accepts > 0 bad connection attempts > 109 listen queue overflows > 339306 ignored RSTs in the windows > 10221160 connections established (including accepts) > 10554092 connections closed (including 1990441 drops) > 5674590 connections updated cached RTT on close > 5677848 connections updated cached RTT variance on close > 1583021 connections updated cached ssthresh on close > 10125 embryonic connections dropped > 1405786035 segments updated rtt (of 1374995187 attempts) > 404689 retransmit timeouts > 1681 connections dropped by rexmit timeout > 608 persist timeouts > 0 connections dropped by persist timeout > 0 Connections (fin_wait_2) dropped because of timeout > 12388 keepalive timeouts > 11896 keepalive probes sent > 492 connections dropped by keepalive > 38184853 correct ACK header predictions > 46419366 correct data packet header predictions > 7826351 syncache entries added > 45759 retransmitted > 55797 dupsyn > 84 dropped > 7800552 completed > 40 bucket overflow > 0 cache overflow > 19220 reset > 7941 stale > 109 aborted > 0 badack > 230 unreach > 0 zone failures > 7826435 cookies sent > 1784 cookies received > 212203 hostcache entries added > 28 bucket overflow > 104273 SACK recovery episodes > 242234 segment rexmits in SACK recovery episodes > 303575028 byte rexmits in SACK recovery episodes > 1538523 SACK options (SACK blocks) received > 12421 SACK options (SACK blocks) sent > 114 SACK scoreboard overflow > 0 packets with ECN CE bit set > 0 packets with ECN ECT(0) bit set > 0 packets with ECN ECT(1) bit set > 0 successful ECN handshakes > 0 times ECN reduced the congestion window > 0 packets with valid tcp-md5 signature received > 0 packets with invalid tcp-md5 signature received > 0 packets with tcp-md5 signature mismatch > 0 packets with unexpected tcp-md5 signature received > 0 packets without expected tcp-md5 signature received > > > I tried netstat -rn in all 8 jails on our test machine. 4 of them > works, the other 4 don't work. > > netstat -rn doesn't work in those jail which are older than host > environment > > netstat -s -p tcp prints error message even in the newest jails: > netstat: kvm not available: /dev/mem: No such file or directory > > > Miroslav Lachman >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a5301d12-5073-f1c7-3762-4704b8a40f3d>