From owner-freebsd-jail@freebsd.org  Sat Aug 27 22:26:42 2016
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EFA32B7766C
 for <freebsd-jail@mailman.ysv.freebsd.org>;
 Sat, 27 Aug 2016 22:26:42 +0000 (UTC)
 (envelope-from rleigh@codelibre.net)
Received: from b.painless.aa.net.uk (b.painless.aa.net.uk [81.187.30.52])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 987D2B89
 for <freebsd-jail@freebsd.org>; Sat, 27 Aug 2016 22:26:42 +0000 (UTC)
 (envelope-from rleigh@codelibre.net)
Received: from
 7.5.2.1.f.5.e.f.f.f.c.4.4.a.2.6.d.b.d.d.0.6.8.0.0.b.8.0.1.0.0.2.ip6.arpa
 ([2001:8b0:860:ddbd:62a4:4cff:fe5f:1257])
 by b.painless.aa.net.uk with esmtpsa (TLSv1:AES128-SHA:128)
 (Exim 4.77) (envelope-from <rleigh@codelibre.net>)
 id 1bdm3e-0007jX-Ch
 for freebsd-jail@freebsd.org; Sat, 27 Aug 2016 23:26:34 +0100
Subject: Re: Jails and IPv6 local loopback
References: <bd642bc0-32f4-4589-28b5-e9d3d6c4953b@codelibre.net>
 <efa9c4b5-d586-cd4e-d9c3-8132c67da3ec@codelibre.net>
 <57C20EA8.3030906@gmail.com>
From: Roger Leigh <rleigh@codelibre.net>
To: freebsd-jail@freebsd.org
Message-ID: <ca059207-cc79-dd22-e3a6-767758557391@codelibre.net>
Date: Sat, 27 Aug 2016 23:26:33 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <57C20EA8.3030906@gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Aug 2016 22:26:43 -0000

On 27/08/16 23:05, Ernie Luzar wrote:
> Roger Leigh wrote:
>> On 27/08/16 17:22, Roger Leigh wrote:
>>> Hi list,
>>>
>>> I saw
>>> https://lists.freebsd.org/pipermail/freebsd-jail/2011-March/001500.html
>>> in the archives but didn't see anything more recent.
>>>
>>> This is with 10.3-RELEASE
>> [...]
>>
>> And after upgrade to 11.0-RC2:
>>
>> bfcpp% ifconfig
>> bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
>> 1500
>>
>> options=c019b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
>>
>>         ether 38:ea:a7:ab:61:53
>>         inet 192.168.1.12 netmask 0xffffffff broadcast 192.168.1.12
>>         inet6 2001:8b0:860:ddbd:3aea:a7ff:feab:7002 prefixlen 128 vhid 3
>>         nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>>         media: Ethernet autoselect (1000baseT <full-duplex>)
>>         status: active
>> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
>>         options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
>>         nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>> bfcpp% ping -c1 localhost
>> PING localhost (127.0.0.1): 56 data bytes
>> 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.061 ms
>>
>> --- localhost ping statistics ---
>> 1 packets transmitted, 1 packets received, 0.0% packet loss
>> round-trip min/avg/max/stddev = 0.061/0.061/0.061/0.000 ms
>> bfcpp% ping6 -c1 localhost
>> PING6(56=40+8+8 bytes) 2001:8b0:860:ddbd:3aea:a7ff:feab:7002 --> ::1
>> ping6: sendmsg: Can't assign requested address
>> ping6: wrote localhost 16 chars, ret=-1
>>
>> --- localhost ping6 statistics ---
>> 1 packets transmitted, 0 packets received, 100.0% packet loss
>>
>>> As you can see, inside the jail I have a working IPv4 loopback, but not
>>> a working IPv6 loopback.  Both work correctly on the host system.  This
>>> is inconsistent, and it's breaking stuff which needs the v6 loopback to
>>> be functional.
>>>
>>> Is this a case of a bad default, a misconfiguration or a bug in the
>>> loopback support for jails?
>>
>> Note that 11.0-RC2 shows exactly the same behaviour.

> You are not seeing what you think you are seeing. jail(8) is mapping the
> loopback interface over the jails assigned ipv4 ip address. It only
> seems reasonable that its doing the same thing with the ipv6 ip address.
>
> Check out this PR for more details
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210049

Sorry, I read that, but I'm not sure I understand.  At least, I don't 
understand why a discrepancy between v4 and v6 would be expected or 
reasonable irrespective of any bugs.

In my case, I haven't set anything related to the loopback interface lo0 
for the jail.  The host has working v4 and v6 loopback addresses.  The 
guest has only working v4.  Why not for v6?

   interface = "bge0";
   ip4.addr = "192.168.1.12";
   ip6.addr = "2001:8b0:860:ddbd:3aea:a7ff:feab:7002";
   allow.raw_sockets = "1";

is the extent of the configuration.  I specify both v4 and v6 addresses 
on bge0.  I don't specify anything loopback-related, so why is it 
mapping v4 and not v6?  The discrepancy seems a little odd.

Is there a solution to the problem at present?  What would the 
recommended configuration in jail.conf be for obtaining working v4 and 
v6 addresses on the loopback interface inside the jail?


Thanks,
Roger