Date: Fri, 5 Sep 2014 11:37:22 +0400 From: Pavel Timofeev <timp87@gmail.com> To: freebsd-stable stable <freebsd-stable@freebsd.org> Subject: Re: 10-STABLE and setfib Message-ID: <CAAoTqfvDmmFzW5VF%2BUmAuPWUaeN2x7UgfPTRHC4QWnktXPxjig@mail.gmail.com> In-Reply-To: <CAAoTqfvOjbWyvTboBpA6ka-5HPg0jYQ%2BS2SkA0EvJtwHBPVtBg@mail.gmail.com> References: <CAAoTqfvOjbWyvTboBpA6ka-5HPg0jYQ%2BS2SkA0EvJtwHBPVtBg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I rechecked it. Turned out it looks like it=E2=80=99s more cosmetic problem=
(?).
Let me explain what I wanted.
I wanted to take different routing table for a jail.
I created 2 same VMs on one Hyper-V hypervisor. Connected it to the
same virtual switch. Gave them same configuration with same IP
addresses. When I worked with one VM, another was turned off. And vise
versa. I used GENERIC kernel.
One of that machines was FreeBSD 10.0-p7 RELEASE amd64.
Another was fresh FreeBSD 10.1 r271152 PRERELEASE amd64.
VM has IP 192.168.8.14. An alias0 created for a jail with IP
192.168.8.13. The default router is 192.168.8.1.
Here is the same configs of that two VMs:
% cat /boot/loader.conf
autoboot_delay=3D"2"
net.fibs=3D2
net.add_addr_allfibs=3D0
% cat /etc/rc.conf
hostname=3D"10R" # 10S on 10.1-PRE
ifconfig_hn0=3D"inet 192.168.8.14 netmask 255.255.255.0"
defaultrouter=3D"192.168.8.1"
sshd_enable=3D"YES"
ntpd_enable=3D"YES"
ntpd_sync_on_start=3D"YES"
dumpdev=3D"AUTO"
ifconfig_hn0_alias0=3D"inet 192.168.8.13/32 fib 1"
static_routes=3D"fibnet fibdef"
route_fibnet=3D"-net 192.168.8.0/24 -interface hn0 -fib 1"
route_fibdef=3D"default 192.168.8.1 -fib 1"
jail_enable=3D"YES"
jail_list=3D"mailjail"
% cat /etc/jail.conf
exec.start =3D "/bin/sh /etc/rc";
exec.stop =3D "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
devfs_ruleset =3D 4;
$jailsdir =3D "/var/jails";
path =3D "$jailsdir/$name";
mailjail {
mount.fdescfs;
allow.sysvipc;
allow.raw_sockets;
allow.set_hostname;
exec.fib =3D 1;
ip4.addr =3D 192.168.8.13;
}
Here is the defference:
FreeBSD 10.0-p7 RELEASE amd64 (which is OK IMO)
boot message
...
hn0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3D18<VLAN_MTU,VLAN_HWTAGGING>
ether 00:15:5d:08:6f:0b
inet 192.168.8.14 netmask 0xffffff00 broadcast 192.168.8.255
inet6 fe80::215:5dff:fe08:6f0b%hn0 prefixlen 64 scopeid 0x2
inet 192.168.8.13 netmask 0xffffffff broadcast 192.168.8.13
nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
fib: 1
Starting devd.
add net 192.168.8.0: gateway hn0 fib 1
add net default: gateway 192.168.8.1 fib 1
add net default: gateway 192.168.8.1 fib 0
add net fe80::: gateway ::1 fib 0,1
add net ff02::: gateway ::1 fib 0,1
add net ::ffff:0.0.0.0: gateway ::1 fib 0,1
add net ::0.0.0.0: gateway ::1 fib 0,1
...
On host
% netstat -f inet -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.8.1 UGS 0 91 hn0
127.0.0.1 link#1 UH 0 0 lo0
192.168.8.0/24 link#2 U 0 576 hn0
192.168.8.13 link#2 UHS 0 72 lo0 =3D>
192.168.8.13/32 link#2 U 0 0 hn0
192.168.8.14 link#2 UHS 0 0 lo0
On host
% setfib 1 netstat -f inet -rn
Routing tables (fib: 1)
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.8.1 UGS 0 5 hn0
192.168.8.0/24 00:15:5d:08:6f:0b US 0 0 hn0
Inside the jail
% netstat -f inet -rn
Routing tables (fib: 1)
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.8.1 UGS 0 7 hn0
192.168.8.0/24 00:15:5d:08:6f:0b US 0 78 hn0
FreeBSD 10.1 r271152 PRERELEASE amd64 (which is not OK IMO)
boot message
...
hn0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3D18<VLAN_MTU,VLAN_HWTAGGING>
ether 00:15:5d:08:6f:09
inet 192.168.8.14 netmask 0xffffff00 broadcast 192.168.8.255
inet6 fe80::215:5dff:fe08:6f09%hn0 prefixlen 64 scopeid 0x2
inet 192.168.8.13 netmask 0xffffffff broadcast 192.168.8.13
nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
fib: 1
Starting devd.
add net 192.168.8.0: gateway hn0 fib 1
add net default: gateway 192.168.8.1 fib 1
add net default: gateway 192.168.8.1 fib 0
route: writing to routing socket: Network is unreachable
add net fe80::: gateway ::1 fib 0
add net fe80::: gateway ::1 fib 1: Network is unreachable
route: writing to routing socket: Network is unreachable
add net ff02::: gateway ::1 fib 0
add net ff02::: gateway ::1 fib 1: Network is unreachable
route: writing to routing socket: Network is unreachable
add net ::ffff:0.0.0.0: gateway ::1 fib 0
add net ::ffff:0.0.0.0: gateway ::1 fib 1: Network is unreachable
route: writing to routing socket: Network is unreachable
add net ::0.0.0.0: gateway ::1 fib 0
add net ::0.0.0.0: gateway ::1 fib 1: Network is unreachable
...
On host
% netstat -f inet -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 192.168.8.1 UGS hn0
127.0.0.1 link#1 UH lo0
192.168.8.0/24 link#2 U hn0
192.168.8.14 link#2 UHS lo0
On host
% setfib 1 netstat -f inet -rn
Routing tables (fib: 1)
Internet:
Destination Gateway Flags Netif Expire
default 192.168.8.1 UGS hn0
192.168.8.0/24 00:15:5d:08:6f:09 US hn0
192.168.8.13 link#2 UHS lo0
192.168.8.13/32 link#2 U hn0
Inside the jail:
% netstat -f inet -rn
Routing tables (fib: 1)
Internet:
Destination Gateway Flags Netif Expire
192.168.8.13 link#2 UHS lo0
So the difference between these two VMs:
- dmesg messages like =E2=80=9CNetwork is unreachable=E2=80=9D on =
PRERELEASE.
- Visibility of default router inside the jail on PRERELEASE.
At the same time it looks like this configuration works normally. I
can access the network from the jail on both systems.
So problem is more cosmetic (?).
2014-09-04 17:56 GMT+04:00 Pavel Timofeev <timp87@gmail.com>:
> Hi!
> I've read this topic in forum
> https://forums.freebsd.org/viewtopic.php?f=3D7&t=3D47693 where described
> how to deal with default route for jail with different fib.
> I tried it on 2 same virt machines, but with different interface name
> and ip addresses than on forum.
> While it works in 10.0-RELEASE it doesn't work in 10.1-PRERELEASE r271030=
.
> It says 'Network is unreachable' while booting. Here is a piece of dmesg.=
boot:
>
>
> add net 172.16.220.0: gateway hn1 fib 1
> add net default: gateway 172.16.220.1 fib 1
> add net default: gateway 192.168.8.1 fib 0
> Additional inet routing options: gateway=3DYES.
> route: writing to routing socket: Network is unreachable
> add net fe80::: gateway ::1 fib 0
> add net fe80::: gateway ::1 fib 1: Network is unreachable
> route: writing to routing socket: Network is unreachable
> add net ff02::: gateway ::1 fib 0
> add net ff02::: gateway ::1 fib 1: Network is unreachable
> route: writing to routing socket: Network is unreachable
> add net ::ffff:0.0.0.0: gateway ::1 fib 0
> add net ::ffff:0.0.0.0: gateway ::1 fib 1: Network is unreachable
> route: writing to routing socket: Network is unreachable
> add net ::0.0.0.0: gateway ::1 fib 0
> add net ::0.0.0.0: gateway ::1 fib 1: Network is unreachable
>
>
> And 'netstat -rn' doesn't show routes inside the jail.
> Can anyone confirm such regression?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAoTqfvDmmFzW5VF%2BUmAuPWUaeN2x7UgfPTRHC4QWnktXPxjig>