From owner-freebsd-stable@FreeBSD.ORG Fri Sep 5 07:37:23 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CD4FC2A2 for ; Fri, 5 Sep 2014 07:37:23 +0000 (UTC) Received: from mail-vc0-x230.google.com (mail-vc0-x230.google.com [IPv6:2607:f8b0:400c:c03::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8C80318C6 for ; Fri, 5 Sep 2014 07:37:23 +0000 (UTC) Received: by mail-vc0-f176.google.com with SMTP id ik5so11712961vcb.7 for ; Fri, 05 Sep 2014 00:37:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=2Pf6/qGOwY+NWc3W3IU61XEYfj+Hh6Us8qo6aoIMNro=; b=OguGtvPd98AnnU8HJ2jVAushZseGSKU3S3RTap2qfCiYs7e7+t8YmBQXHRIN/2vGem baeZmT5PNhdU+d7tOPOH6+35uQKuKLYnl0NknDXwfVJqDIa//QmYmHQuZ9AeR6L+Z4oJ wc6ujJegcezUSkvJ4jODlRrF/OS8Cj+M5CR8PCPq27i0J5qqI5dmLHSKQ52unRFnfFbg d3W/7LQb5sm6mgG4sMZ4ZzQQguTUwqVdvXp8EDSPGY4iDlsrqGqJHf/qjUXhfjiPU4tV E+WDCGd8PycmPZndQ0xWgI3yi/7byY2+gzIYXDcoDYXUJEfoxlDA8AhTLDX6CvsPfKlw 5WZg== MIME-Version: 1.0 X-Received: by 10.52.97.233 with SMTP id ed9mr7528853vdb.16.1409902642493; Fri, 05 Sep 2014 00:37:22 -0700 (PDT) Received: by 10.53.3.139 with HTTP; Fri, 5 Sep 2014 00:37:22 -0700 (PDT) In-Reply-To: References: Date: Fri, 5 Sep 2014 11:37:22 +0400 Message-ID: Subject: Re: 10-STABLE and setfib From: Pavel Timofeev To: freebsd-stable stable Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Sep 2014 07:37:24 -0000 I rechecked it. Turned out it looks like it=E2=80=99s more cosmetic problem= (?). Let me explain what I wanted. I wanted to take different routing table for a jail. I created 2 same VMs on one Hyper-V hypervisor. Connected it to the same virtual switch. Gave them same configuration with same IP addresses. When I worked with one VM, another was turned off. And vise versa. I used GENERIC kernel. One of that machines was FreeBSD 10.0-p7 RELEASE amd64. Another was fresh FreeBSD 10.1 r271152 PRERELEASE amd64. VM has IP 192.168.8.14. An alias0 created for a jail with IP 192.168.8.13. The default router is 192.168.8.1. Here is the same configs of that two VMs: % cat /boot/loader.conf autoboot_delay=3D"2" net.fibs=3D2 net.add_addr_allfibs=3D0 % cat /etc/rc.conf hostname=3D"10R" # 10S on 10.1-PRE ifconfig_hn0=3D"inet 192.168.8.14 netmask 255.255.255.0" defaultrouter=3D"192.168.8.1" sshd_enable=3D"YES" ntpd_enable=3D"YES" ntpd_sync_on_start=3D"YES" dumpdev=3D"AUTO" ifconfig_hn0_alias0=3D"inet 192.168.8.13/32 fib 1" static_routes=3D"fibnet fibdef" route_fibnet=3D"-net 192.168.8.0/24 -interface hn0 -fib 1" route_fibdef=3D"default 192.168.8.1 -fib 1" jail_enable=3D"YES" jail_list=3D"mailjail" % cat /etc/jail.conf exec.start =3D "/bin/sh /etc/rc"; exec.stop =3D "/bin/sh /etc/rc.shutdown"; exec.clean; mount.devfs; devfs_ruleset =3D 4; $jailsdir =3D "/var/jails"; path =3D "$jailsdir/$name"; mailjail { mount.fdescfs; allow.sysvipc; allow.raw_sockets; allow.set_hostname; exec.fib =3D 1; ip4.addr =3D 192.168.8.13; } Here is the defference: FreeBSD 10.0-p7 RELEASE amd64 (which is OK IMO) boot message ... hn0: flags=3D8843 metric 0 mtu 1500 options=3D18 ether 00:15:5d:08:6f:0b inet 192.168.8.14 netmask 0xffffff00 broadcast 192.168.8.255 inet6 fe80::215:5dff:fe08:6f0b%hn0 prefixlen 64 scopeid 0x2 inet 192.168.8.13 netmask 0xffffffff broadcast 192.168.8.13 nd6 options=3D29 fib: 1 Starting devd. add net 192.168.8.0: gateway hn0 fib 1 add net default: gateway 192.168.8.1 fib 1 add net default: gateway 192.168.8.1 fib 0 add net fe80::: gateway ::1 fib 0,1 add net ff02::: gateway ::1 fib 0,1 add net ::ffff:0.0.0.0: gateway ::1 fib 0,1 add net ::0.0.0.0: gateway ::1 fib 0,1 ... On host % netstat -f inet -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.8.1 UGS 0 91 hn0 127.0.0.1 link#1 UH 0 0 lo0 192.168.8.0/24 link#2 U 0 576 hn0 192.168.8.13 link#2 UHS 0 72 lo0 =3D> 192.168.8.13/32 link#2 U 0 0 hn0 192.168.8.14 link#2 UHS 0 0 lo0 On host % setfib 1 netstat -f inet -rn Routing tables (fib: 1) Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.8.1 UGS 0 5 hn0 192.168.8.0/24 00:15:5d:08:6f:0b US 0 0 hn0 Inside the jail % netstat -f inet -rn Routing tables (fib: 1) Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.8.1 UGS 0 7 hn0 192.168.8.0/24 00:15:5d:08:6f:0b US 0 78 hn0 FreeBSD 10.1 r271152 PRERELEASE amd64 (which is not OK IMO) boot message ... hn0: flags=3D8843 metric 0 mtu 1500 options=3D18 ether 00:15:5d:08:6f:09 inet 192.168.8.14 netmask 0xffffff00 broadcast 192.168.8.255 inet6 fe80::215:5dff:fe08:6f09%hn0 prefixlen 64 scopeid 0x2 inet 192.168.8.13 netmask 0xffffffff broadcast 192.168.8.13 nd6 options=3D29 fib: 1 Starting devd. add net 192.168.8.0: gateway hn0 fib 1 add net default: gateway 192.168.8.1 fib 1 add net default: gateway 192.168.8.1 fib 0 route: writing to routing socket: Network is unreachable add net fe80::: gateway ::1 fib 0 add net fe80::: gateway ::1 fib 1: Network is unreachable route: writing to routing socket: Network is unreachable add net ff02::: gateway ::1 fib 0 add net ff02::: gateway ::1 fib 1: Network is unreachable route: writing to routing socket: Network is unreachable add net ::ffff:0.0.0.0: gateway ::1 fib 0 add net ::ffff:0.0.0.0: gateway ::1 fib 1: Network is unreachable route: writing to routing socket: Network is unreachable add net ::0.0.0.0: gateway ::1 fib 0 add net ::0.0.0.0: gateway ::1 fib 1: Network is unreachable ... On host % netstat -f inet -rn Routing tables Internet: Destination Gateway Flags Netif Expire default 192.168.8.1 UGS hn0 127.0.0.1 link#1 UH lo0 192.168.8.0/24 link#2 U hn0 192.168.8.14 link#2 UHS lo0 On host % setfib 1 netstat -f inet -rn Routing tables (fib: 1) Internet: Destination Gateway Flags Netif Expire default 192.168.8.1 UGS hn0 192.168.8.0/24 00:15:5d:08:6f:09 US hn0 192.168.8.13 link#2 UHS lo0 192.168.8.13/32 link#2 U hn0 Inside the jail: % netstat -f inet -rn Routing tables (fib: 1) Internet: Destination Gateway Flags Netif Expire 192.168.8.13 link#2 UHS lo0 So the difference between these two VMs: - dmesg messages like =E2=80=9CNetwork is unreachable=E2=80=9D on = PRERELEASE. - Visibility of default router inside the jail on PRERELEASE. At the same time it looks like this configuration works normally. I can access the network from the jail on both systems. So problem is more cosmetic (?). 2014-09-04 17:56 GMT+04:00 Pavel Timofeev : > Hi! > I've read this topic in forum > https://forums.freebsd.org/viewtopic.php?f=3D7&t=3D47693 where described > how to deal with default route for jail with different fib. > I tried it on 2 same virt machines, but with different interface name > and ip addresses than on forum. > While it works in 10.0-RELEASE it doesn't work in 10.1-PRERELEASE r271030= . > It says 'Network is unreachable' while booting. Here is a piece of dmesg.= boot: > > > add net 172.16.220.0: gateway hn1 fib 1 > add net default: gateway 172.16.220.1 fib 1 > add net default: gateway 192.168.8.1 fib 0 > Additional inet routing options: gateway=3DYES. > route: writing to routing socket: Network is unreachable > add net fe80::: gateway ::1 fib 0 > add net fe80::: gateway ::1 fib 1: Network is unreachable > route: writing to routing socket: Network is unreachable > add net ff02::: gateway ::1 fib 0 > add net ff02::: gateway ::1 fib 1: Network is unreachable > route: writing to routing socket: Network is unreachable > add net ::ffff:0.0.0.0: gateway ::1 fib 0 > add net ::ffff:0.0.0.0: gateway ::1 fib 1: Network is unreachable > route: writing to routing socket: Network is unreachable > add net ::0.0.0.0: gateway ::1 fib 0 > add net ::0.0.0.0: gateway ::1 fib 1: Network is unreachable > > > And 'netstat -rn' doesn't show routes inside the jail. > Can anyone confirm such regression?