Site Navigation

Date:      Tue, 10 Jan 2023 13:09:51 +0100
From:      Mathias Picker <Mathias.Picker@virtual-earth.de>
To:        Alexander Leidinger <Alexander@leidinger.net>
Cc:        freebsd-emulation@freebsd.org
Subject:   Re: Linux jail 14-CURRENT: DNS does not work for *some* programs?
Message-ID:  <86h6wyvb1f.fsf@virtual-earth.de>
In-Reply-To: <20230110084013.Horde.685bQie_CaYVmp_jzMaMTeq@webmail.leidinger.net>
References:  <CA4C4A0C-F394-473C-9FC2-3EF5B1E2F1FD@virtual-earth.de> <20230110084013.Horde.685bQie_CaYVmp_jzMaMTeq@webmail.leidinger.net>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

Hi Alexander,

thanks for your suggestion.

Alexander Leidinger <Alexander@leidinger.net> writes:

> [[PGP Signed Part:Undecided]]
> Quoting Mathias Picker <Mathias.Picker@virtual-earth.de> (from=20
> Tue, 10 Jan 2023
> 06:51:06 +0100):
>
>> Hi all,
>>
>> I=E2=80=99m testing a few linux triplestore in a linux jail, and used=20
>> 13.1  which
>> worked fine most of the time.
>>
>> Now one of the stores shows dropped connections with many=20
>> clients,  and as I
>> can see logs of netlink errors in the logs, I thought I=E2=80=99d  try=20
>> -CURRENT.
>>
>> Sadly, my linux jail (Ubuntu 16.04.7) now shows an irritating=20
>> behaviour, some
>> programs seem to hang indefinitely waiting for name=20
>> resolution:
>>
>> Inside the jail:
>>
>> Working version with ping
> [example]
>
>> Non-working with wget (same for curl and others)
> [example]
>
>> So, this tcpdump looks pretty much as if both got answers from=20
>> unbound.
>> Why is wget (and host, and curl, and sudo) not =E2=80=9Cgetting=E2=80=9D=
 this=20
>> answer?
>>
>> Any ideas where to look or questions about my setup welcome!
>
> Current has netlink support, 13.1 doesn't. Current may have=20
> changes in the
> linuxumaltor, which aren't in 13.1. You need to debug the kernel=20
> path. Possible
> tools to do so are ktrace and dtrace.
>
> The most easy cmdline would be ktrace, whereas dtrace gives more=20
> flexibility in
> what you do and how you look at it. As a first step I would=20
> recommend ktrace.
> Not sure if it will work as I want it to work...
>
> ktrace -di jexec "ID or name of jail" ping google.de
> After you have seen the answer with tcpdump, you can kill=20
> ktrace/ping (or wait
> for a timeout, but this will increase the amount of data traced)=20
> and inspect the
> result via "kdump" (this will take the file "ktrace.out" in the=20
> current
> directory and print out the data).

This trace ends with

 32282 wget     CALL  linux_socket(0x10,0x3,0)
 32282 wget     RET   linux_socket 3
 32282 wget     CALL  linux_bind(0x3,0x7fffffffad20,0xc)
 32282 wget     STRU  struct sockaddr { AF_NETLINK, unknown=20
 address family }
 32282 wget     RET   linux_bind 0
 32282 wget     CALL=20
 linux_getsockname(0x3,0x7fffffffad20,0x7fffffffad1c)
 32282 wget     STRU  struct sockaddr { AF_NETLINK, unknown=20
 address family }
 32282 wget     RET   linux_getsockname 0
 32282 wget     CALL=20
 linux_sendto(0x3,0x7fffffffad50,0x14,0,0x7fffffffad30,0xc)
 32282 wget     GIO   fd 3 wrote 20 bytes
       0x0000 1400 0000 1600 0103 f324  |.........$|
       0x000a bd63 0000 0000 0000 0000  |.c........|
 32282 wget     RET   linux_sendto 20/0x14
 32282 wget     CALL  linux_recvmsg(0x3,0x7fffffffad70,0)
 32282 wget     GIO   fd 3 read 40 bytes
       0x0000 2800 0000 0200 0000 f324  |(........$|
       0x000a bd63 1a7e 0000 eaff ffff  |.c.~......|
       0x0014 1400 0000 1600 0103 f324  |.........$|
       0x001e bd63 1a7e 0000 0000 0000  |.c.~......|
 32282 wget     STRU  struct sockaddr { AF_NETLINK, unknown=20
 address family }
 32282 wget     RET   linux_recvmsg 40/0x28
 32282 wget     CALL  linux_recvmsg(0x3,0x7fffffffad70,0)
 32282 wget     RET   linux_recvmsg -1 errno -4 Interrupted system=20
 call
 32282 wget     PSIG  SIGINT SIG_DFL code=3DSI_KERNEL

Sadly, I have to get the benchmarks up and running, so I will=20
install Linux on the machine and cannot follow up on this.

Maybe I=E2=80=99ll try this again next week on another server, since=20
installing -CURRENT in another boot environment was so easy.

Thanks,

Mathias

> IF this works (I'm not sure if the ktrace inherits(descents into=20
> a jail), you
> will see the calls to jexec and the exec of ping and what all=20
> those do in the
> kernel. This will then give a hint where to look next.
>
> IF this doesn't work, you can use "ktrace -di -p <pid of ping>"=20
> from the
> jail-host while ping is running. If ping tries to redo the DNS=20
> lookup, or a
> second nameserver is configured and it tries to get the info=20
> from the second
> after a timeout, you may be lucky to catch that in the trace.
>
> Bye,
> Alexander.


--=20
Mathias Picker=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20
Gesch=C3=A4ftsf=C3=BChrer
Mathias.Picker@virtual-earth.de

virtual earth Gesellschaft f=C3=BCr Wissens re/pr=C3=A4 sentation mbH
http://www.virtual-earth.de/           HRB126870
support@virtual-earth.de               Westendstr. 142
089 / 1250 3943=20=20=20=20=20=20=20=20=20=20=20=20

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86h6wyvb1f.fsf>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact