From owner-freebsd-jail@freebsd.org Sat Aug 27 23:26:05 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DA3DFB776F1 for ; Sat, 27 Aug 2016 23:26:05 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-it0-x233.google.com (mail-it0-x233.google.com [IPv6:2607:f8b0:4001:c0b::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 90E2CAE6 for ; Sat, 27 Aug 2016 23:26:05 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-it0-x233.google.com with SMTP id x131so50969458ite.0 for ; Sat, 27 Aug 2016 16:26:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=IqAJaIVNceW5L6k+nfDLiHuGpvVz9axE0zGsf5r82Ow=; b=GRlqaVVG5emrlEz1C7nKI5/xDsOXuWtJIXQnOGwgY9943FhB2MDZ2Bdlow9pWAVHOk 9a9g2Je2zc7RiSpqYR4wAhdo6AYIt4Xn2C/CM9byviYdE1mWcIRc95Ig0O3Kl7oL30A9 lkvoPMiFYzxPW1WA1J31E4x2YXFyrrm2Q3FZwBUbnpNPxwXRw6hb1jxx3OV8btVgEGDJ zgQYYPjfKaV2y38v3PE1dHMfbnTKIMRxUIaACDT31EIR8uF0rE4PfN/tMgn5i3GeOq9e iUaa8EvV9WyqlydXKbUEsewDULpXDvf0E8w6/mPZMt8QRtjjgylc6WX5CaEbamEk6sOu NVbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=IqAJaIVNceW5L6k+nfDLiHuGpvVz9axE0zGsf5r82Ow=; b=CTSB35SjvEkFb+TxHDOh3RP7En+yRNnQgYS5MLbgNRWME33GSu0bJuLv1XxOrFeKdn SeH6UbqHWHCZLmMtru+voZZZ04xdxd88PL9U7TRM5gRZOv75LExgto2AQ4szX+3Q4Ilr xE4xYkyky0oU1mmxto5kzgv1fzBZ9wbNbewuu1KYIfOWguGMyqxQOSX8PWtUceN2i068 wxecu6KsfVXjdtq81lr52O7mkGGQt+WUkAIjus3WJzC067+YUE2/7AIr5qcPs5d/T3kq egLaCmSedqhfl4r09472vfueHA2XcrsKplz7V+9Ik8wMYP78eDLp5hSF86lUIs4vVNQz EAtQ== X-Gm-Message-State: AE9vXwMpNaE0bKTu61sLGqryPE0x0bM6u952jmmQiHNkbC/tGEu3s8baUjbqzv1nnBMt/w== X-Received: by 10.36.88.83 with SMTP id f80mr6835958itb.36.1472340364911; Sat, 27 Aug 2016 16:26:04 -0700 (PDT) Received: from [10.0.10.3] (cpe-24-165-196-54.neo.res.rr.com. [24.165.196.54]) by smtp.googlemail.com with ESMTPSA id r188sm2359900ith.7.2016.08.27.16.26.04 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 27 Aug 2016 16:26:04 -0700 (PDT) Message-ID: <57C221AA.3070404@gmail.com> Date: Sat, 27 Aug 2016 19:26:34 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Roger Leigh CC: freebsd-jail@freebsd.org Subject: Re: Jails and IPv6 local loopback References: <57C20EA8.3030906@gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Aug 2016 23:26:06 -0000 Roger Leigh wrote: > On 27/08/16 23:05, Ernie Luzar wrote: >> Roger Leigh wrote: >>> On 27/08/16 17:22, Roger Leigh wrote: >>>> Hi list, >>>> >>>> I saw >>>> https://lists.freebsd.org/pipermail/freebsd-jail/2011-March/001500.html >>>> in the archives but didn't see anything more recent. >>>> >>>> This is with 10.3-RELEASE >>> [...] >>> >>> And after upgrade to 11.0-RC2: >>> >>> bfcpp% ifconfig >>> bge0: flags=8843 metric 0 mtu >>> 1500 >>> >>> options=c019b >>> >>> >>> ether 38:ea:a7:ab:61:53 >>> inet 192.168.1.12 netmask 0xffffffff broadcast 192.168.1.12 >>> inet6 2001:8b0:860:ddbd:3aea:a7ff:feab:7002 prefixlen 128 vhid 3 >>> nd6 options=21 >>> media: Ethernet autoselect (1000baseT ) >>> status: active >>> lo0: flags=8049 metric 0 mtu 16384 >>> options=600003 >>> nd6 options=21 >>> bfcpp% ping -c1 localhost >>> PING localhost (127.0.0.1): 56 data bytes >>> 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.061 ms >>> >>> --- localhost ping statistics --- >>> 1 packets transmitted, 1 packets received, 0.0% packet loss >>> round-trip min/avg/max/stddev = 0.061/0.061/0.061/0.000 ms >>> bfcpp% ping6 -c1 localhost >>> PING6(56=40+8+8 bytes) 2001:8b0:860:ddbd:3aea:a7ff:feab:7002 --> ::1 >>> ping6: sendmsg: Can't assign requested address >>> ping6: wrote localhost 16 chars, ret=-1 >>> >>> --- localhost ping6 statistics --- >>> 1 packets transmitted, 0 packets received, 100.0% packet loss >>> >>>> As you can see, inside the jail I have a working IPv4 loopback, but not >>>> a working IPv6 loopback. Both work correctly on the host system. This >>>> is inconsistent, and it's breaking stuff which needs the v6 loopback to >>>> be functional. >>>> >>>> Is this a case of a bad default, a misconfiguration or a bug in the >>>> loopback support for jails? >>> >>> Note that 11.0-RC2 shows exactly the same behaviour. > >> You are not seeing what you think you are seeing. jail(8) is mapping the >> loopback interface over the jails assigned ipv4 ip address. It only >> seems reasonable that its doing the same thing with the ipv6 ip address. >> >> Check out this PR for more details >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210049 > > Sorry, I read that, but I'm not sure I understand. At least, I don't > understand why a discrepancy between v4 and v6 would be expected or > reasonable irrespective of any bugs. > > In my case, I haven't set anything related to the loopback interface lo0 > for the jail. The host has working v4 and v6 loopback addresses. The > guest has only working v4. Why not for v6? > > interface = "bge0"; > ip4.addr = "192.168.1.12"; > ip6.addr = "2001:8b0:860:ddbd:3aea:a7ff:feab:7002"; > allow.raw_sockets = "1"; > > is the extent of the configuration. I specify both v4 and v6 addresses > on bge0. I don't specify anything loopback-related, so why is it > mapping v4 and not v6? The discrepancy seems a little odd. > > Is there a solution to the problem at present? What would the > recommended configuration in jail.conf be for obtaining working v4 and > v6 addresses on the loopback interface inside the jail? > Previously you posted this as your jail.conf bfcpp { host.hostname = "bfcpp.codelibre.net"; interface = "bge0"; ip4.addr = "192.168.1.12"; ip6.addr = "2001:8b0:860:ddbd:3aea:a7ff:feab:7002"; allow.raw_sockets = "1"; path = "/jail/bfcpp"; mount.devfs; mount.fdescfs; mount.procfs; mount.fstab="/etc/fstab.bfcpp"; exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.clean; exec.jail_user = "root"; exec.system_jail_user; } I see no reason for these mount.fdescfs; mount.procfs; exec.clean; exec.jail_user = "root"; exec.system_jail_user; not the cause of your problem, just not needed. Your assuming that ping6 is broken just because its having a problem with localhost. Try ping6 against some other box on the lan using it's ipv6 ip address. You need to define the hosts ipv6 ip address to localhost in the hosts /etc/hosts file. You may also have to define the jails ipv6 ip address to localhost in the jails /etc/hosts file.