Date: Thu, 7 May 2020 10:27:04 +0300 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: "John W. O'Brien" <john@saltant.com>, FreeBSD Net <freebsd-net@freebsd.org> Cc: "Bjoern A. Zeeb" <bz@FreeBSD.org> Subject: Re: RUNNING flag remains unset upon reinserting a gre into VNET jail Message-ID: <5c2571d4-e42c-4a56-8a96-90f065d36afa@yandex.ru> In-Reply-To: <9d81897c-79af-1da3-f142-88bee5b6522e@FreeBSD.org> References: <eeee7437-2ed9-1d75-1750-82a9babf2e83@saltant.com> <cf170c7f-938b-32d7-089a-e5da853b292a@saltant.com> <9d81897c-79af-1da3-f142-88bee5b6522e@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --rr9Gkzpyt11QjRVMrD6UB1DIBgw9AyOHD Content-Type: multipart/mixed; boundary="loiQBINRkARUG0vVPq1OTxo5WdPDESze0"; protected-headers="v1" From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: "John W. O'Brien" <john@saltant.com>, FreeBSD Net <freebsd-net@freebsd.org> Cc: "Bjoern A. Zeeb" <bz@FreeBSD.org> Message-ID: <5c2571d4-e42c-4a56-8a96-90f065d36afa@yandex.ru> Subject: Re: RUNNING flag remains unset upon reinserting a gre into VNET jail References: <eeee7437-2ed9-1d75-1750-82a9babf2e83@saltant.com> <cf170c7f-938b-32d7-089a-e5da853b292a@saltant.com> <9d81897c-79af-1da3-f142-88bee5b6522e@FreeBSD.org> In-Reply-To: <9d81897c-79af-1da3-f142-88bee5b6522e@FreeBSD.org> --loiQBINRkARUG0vVPq1OTxo5WdPDESze0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 06.05.2020 10:00, Andrey V. Elsukov wrote: >> # create a gre outside the jail, configure its tunnel endpoints >> >> ifconfig gre0 create tunnel 10.1.1.1 10.2.2.2 >> ifconfig gre0 # not RUNNING (OK) >> >> # place the gre into the jail, it should be running now >> >> ifconfig gre0 vnet demo >> jexec demo ifconfig gre0 # not RUNNING (not OK) >=20 > Hi, >=20 > I'm not an advanced jail user, so this is my conclusion from a quick > code look. It looks to me that all IPv4/IPv6 addresses should be purged= > from the interface that was moved from one vnet to another. The fact > that tunnel's config still here is due to it is stored in the private > interface's softc. Thus when you move ifnet from one vnet to another, > ifaddr_event_ext is not handled properly and interface doesn't change > its state. >=20 > If my conclusion is correct, I see two ways to fix this: > 1. Add if_reassign() method to all tunneling interfaces and clear > tunnel config when ifnet is moved to new jail. This will force you > reconfigure interface after moving. Probably this is POLA violation. Hi, I think this patch should help: https://people.freebsd.org/~ae/gre.diff It is untested, if you have time please, test and report back. The patch will clear tunnel config after moving from one vnet to another. Thus you need to reconfigure all addresses. > 2. Add if_reassign() method to all tunneling interfaces, that will > invoke ifaddr_evnet_ext handler. This requires more code and looks > hackish to me. :) --=20 WBR, Andrey V. Elsukov --loiQBINRkARUG0vVPq1OTxo5WdPDESze0-- --rr9Gkzpyt11QjRVMrD6UB1DIBgw9AyOHD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAl6zuEgACgkQAcXqBBDI oXrKeQgAukJoCOwHETkUNOZJTl8niERTZXv3UQzsjcNW1An+DNNpXcRZj0acZhH0 iScvbxQiHB3K/BVCvSuQ85Cwh0gE6rKJns9Gyt0cgkQ0cp7EHY+HRHaNy96rtcpF y1bJPPW2+IDkiV1PIDasJEUann4GmwOdlBegV4Is9pBxbgGR0qhjJiNoj9d0+NK2 5X94iB3diXNaeT8p/d7P3OD84KYzLWymTA3JGkIKRqby0d8lXK65pQJDlb4b0trG fB0o/NiyLE6gNB7oCyJ9nfrm9DtWyC9zgjAz9if6N8e/OxotugksT8q989+/E0rk At/NfqrKud4Qru9cRI6kxX5sUDUKyQ== =rqaS -----END PGP SIGNATURE----- --rr9Gkzpyt11QjRVMrD6UB1DIBgw9AyOHD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5c2571d4-e42c-4a56-8a96-90f065d36afa>