Re: linux debian jail - network problems

2022-03-01 Thread Zhenlei Huang 


> On Mar 1, 2022, at 6:42 PM, Sami Halabi  wrote:
> 
> How can I see the netlink wip status ?

Sorry it is not currently public visible. FreeBSD's Phabricator is a tool that 
is development focused.
If you're interested in it, please CC the author Alexander V. Chernikov .

> 
> בתאריך יום ו׳, 25 בפבר׳ 2022, 08:34, מאת Sami Halabi ‏ >:
> Hi,
> Thank you for your response.. I wonder if Is it really only netlink problem?

Maybe is or not. I'm not familiar with Linux emulation. You can refer to 
1. https://docs.freebsd.org/en/articles/linux-emulation/ 

2. https://wiki.freebsd.org/Linuxulator 
> Their are fee problems in the logs.. I dont kbow if they all related only to 
> netlink (prctl immutable for example).. I also saw oncompatibilities in 
> socket.c 
> 
> Btw: I tried to enter the link you sent and it asked for username and 
> password.. its not public review?
> 
> Sami
> 
> בתאריך יום ו׳, 25 בפבר׳ 2022, 04:18, מאת Zhenlei Huang ‏ >:
> Hi,
> You can also track the WIP netlink feature, 
> https://reviews.freebsd.org/D33975 
> 
>> On Feb 25, 2022, at 4:05 AM, Sami Halabi > > wrote:
>> 
>> Hi,
>> Added Current, maybe will be lucky ;)
>> 
>> Anyone have idea how approach and fix this?
>> 
>> Sami
>> 
>> בתאריך יום ג׳, 22 בפבר׳ 2022, 23:30, מאת Sami Halabi ‏> >:
>> Hi all,
>> sorry for the cross post but I need help and I'm not sure where it hangs.
>> 
>> I create linux jail (debian bullseye) via cbsd.
>> the jail is being populated with the debian userland..
>> so far so good... services running (sshd) and I can login to the jail, I 
>> also can update packages and I can install apache httpd and all works fine 
>> (apt install or make from src).
>> I also manage to install packages even if their scripts depend on "ip" 
>> command that fails:
>> cbsd@j2> ip
>> Cannot open netlink socket: Address family not supported by protocol
>> 
>> ifconfig show empty interfaces:
>> cbsd@j2> ifconfig
>> eth0: flags=4163  mtu 1500
>> ether 00:50:56:0a:b3:a0  (Ethernet)
>> RX packets 139798314  bytes 12029597009 (11.2 GiB)
>> RX errors 0  dropped 0  overruns 0  frame 0
>> TX packets 26879143  bytes 34400160833 (32.0 GiB)
>> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>> 
>> lo0: flags=4169  mtu 16384
>> loop  (Local Loopback)
>> RX packets 28548  bytes 160312960 (152.8 MiB)
>> RX errors 0  dropped 0  overruns 0  frame 0
>> TX packets 28548  bytes 160312960 (152.8 MiB)
>> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>> 
>> I know linux emulation doesn't implement netlink.. so what I do is fake the 
>> response by replacing /bin/ip by a bash script that prints the correct IP 
>> and fakes some other (needed by packages i Installed):
>> #!/bin/bash
>> if [ "$1" = "-o" ]; then
>> echo "1: eth0 inet 192.168.1.2/24  brd 192.168.1.255 
>> scope global eth0"
>> elif [ "$1" = "route" ]; then
>> if [ "$2" = "get" ]; then
>> echo "8.8.8.8 via  192.168.1.2   dev eth0  src  192.168.1.2  
>> "
>> else
>> echo "default via  192.168.1.2   dev eth0"
>> fi
>> else
>> echo "1: eth0:  mtu 1500 qdisc mq state UP 
>> qlen 1000"
>> echo "  inet  192.168.1.2  /24 brd  192.168.1.255 scope global eth0"
>> 
>> 
>> still ifconfig shows no IP... its time to say it a regular jail and *NOT* 
>> VNET.
>> 
>> *however* package that pull ips via libraries fail..
>> eg: installed bind916 (name) in the logs I see these errors (relevant only):
>> cbsd@j2> service named start
>> Starting domain name service...: namednamed: prctl(PR_SET_DUMPABLE) failed: 
>> Invalid argument
>> cbsd@j2>
>> 
>> 
>> log file shows:
>> 22-Feb-2022 23:11:58.705 general: notice: BIND 9 is maintained by Internet 
>> Systems Consortium,
>> 22-Feb-2022 23:11:58.705 general: notice: Inc. (ISC), a non-profit 501(c)(3) 
>> public-benefit
>> 22-Feb-2022 23:11:58.705 general: notice: corporation.  Support and training 
>> for BIND 9 are
>> 22-Feb-2022 23:11:58.705 general: notice: available at 
>> https://www.isc.org/support 
>> 22-Feb-2022 23:11:58.705 general: notice: 
>> 
>> 22-Feb-2022 23:11:58.705 general: info: found 6 CPUs, using 6 worker threads
>> 22-Feb-2022 23:11:58.705 general: info: using 6 UDP listeners per interface
>> 22-Feb-2022 23:11:58.705 general: info: using up to 21000 sockets
>> 22-Feb-2022 23:11:58.715 general: info: loading configuration from 
>> '/etc/bind/named.conf'
>> 22-Feb-2022 23:11:58.715 general: info: reading built-in trust anchors from 
>> file '/etc/bind/bind.keys'
>> 22-Feb-2022 23:11:58.715 general: info: looking for GeoIP2 databases in 
>>

Re: linux debian jail - network problems

2022-02-24 Thread Sami Halabi 
Hi,
Thank you for your response.. I wonder if Is it really only netlink problem?
Their are fee problems in the logs.. I dont kbow if they all related only
to netlink (prctl immutable for example).. I also saw oncompatibilities in
socket.c 

Btw: I tried to enter the link you sent and it asked for username and
password.. its not public review?

Sami

בתאריך יום ו׳, 25 בפבר׳ 2022, 04:18, מאת Zhenlei Huang ‏<
zlei.hu...@gmail.com>:

> Hi,
> You can also track the WIP netlink feature,
> https://reviews.freebsd.org/D33975
>
> On Feb 25, 2022, at 4:05 AM, Sami Halabi  wrote:
>
> Hi,
> Added Current, maybe will be lucky ;)
>
> Anyone have idea how approach and fix this?
>
> Sami
>
> בתאריך יום ג׳, 22 בפבר׳ 2022, 23:30, מאת Sami Halabi ‏ >:
>
>> Hi all,
>> sorry for the cross post but I need help and I'm not sure where it hangs.
>>
>> I create linux jail (debian bullseye) via cbsd.
>> the jail is being populated with the debian userland..
>> so far so good... services running (sshd) and I can login to the jail, I
>> also can update packages and I can install apache httpd and all works fine
>> (apt install or make from src).
>> I also manage to install packages even if their scripts depend on "ip"
>> command that fails:
>> cbsd@j2> ip
>> Cannot open netlink socket: Address family not supported by protocol
>>
>> ifconfig show empty interfaces:
>> cbsd@j2> ifconfig
>> eth0: flags=4163  mtu 1500
>> ether 00:50:56:0a:b3:a0  (Ethernet)
>> RX packets 139798314  bytes 12029597009 (11.2 GiB)
>> RX errors 0  dropped 0  overruns 0  frame 0
>> TX packets 26879143  bytes 34400160833 (32.0 GiB)
>> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>
>> lo0: flags=4169  mtu 16384
>> loop  (Local Loopback)
>> RX packets 28548  bytes 160312960 (152.8 MiB)
>> RX errors 0  dropped 0  overruns 0  frame 0
>> TX packets 28548  bytes 160312960 (152.8 MiB)
>> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>
>> I know linux emulation doesn't implement netlink.. so what I do is fake
>> the response by replacing /bin/ip by a bash script that prints the correct
>> IP and fakes some other (needed by packages i Installed):
>> #!/bin/bash
>> if [ "$1" = "-o" ]; then
>> echo "1: eth0 inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0"
>> elif [ "$1" = "route" ]; then
>> if [ "$2" = "get" ]; then
>> echo "8.8.8.8 via  192.168.1.2   dev eth0  src
>> 192.168.1.2  "
>> else
>> echo "default via  192.168.1.2   dev eth0"
>> fi
>> else
>> echo "1: eth0:  mtu 1500 qdisc mq state
>> UP qlen 1000"
>> echo "  inet  192.168.1.2  /24 brd  192.168.1.255 scope global eth0"
>>
>>
>> still ifconfig shows no IP... its time to say it a regular jail and *NOT*
>> VNET.
>>
>> *however* package that pull ips via libraries fail..
>> eg: installed bind916 (name) in the logs I see these errors (relevant
>> only):
>> cbsd@j2> service named start
>> Starting domain name service...: namednamed: prctl(PR_SET_DUMPABLE)
>> failed: Invalid argument
>> cbsd@j2>
>>
>>
>> log file shows:
>> 22-Feb-2022 23:11:58.705 general: notice: BIND 9 is maintained by
>> Internet Systems Consortium,
>> 22-Feb-2022 23:11:58.705 general: notice: Inc. (ISC), a non-profit
>> 501(c)(3) public-benefit
>> 22-Feb-2022 23:11:58.705 general: notice: corporation.  Support and
>> training for BIND 9 are
>> 22-Feb-2022 23:11:58.705 general: notice: available at
>> https://www.isc.org/support
>> 22-Feb-2022 23:11:58.705 general: notice:
>> 
>> 22-Feb-2022 23:11:58.705 general: info: found 6 CPUs, using 6 worker
>> threads
>> 22-Feb-2022 23:11:58.705 general: info: using 6 UDP listeners per
>> interface
>> 22-Feb-2022 23:11:58.705 general: info: using up to 21000 sockets
>> 22-Feb-2022 23:11:58.715 general: info: loading configuration from
>> '/etc/bind/named.conf'
>> 22-Feb-2022 23:11:58.715 general: info: reading built-in trust anchors
>> from file '/etc/bind/bind.keys'
>> 22-Feb-2022 23:11:58.715 general: info: looking for GeoIP2 databases in
>> '/usr/share/GeoIP'
>> 22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv4 port
>> range: [1024, 65535]
>> 22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv6 port
>> range: [1024, 65535]
>> 22-Feb-2022 23:11:58.715 network: info: no IPv6 interfaces found
>> 22-Feb-2022 23:11:58.715 general: error: ifiter_getifaddrs.c:79:
>> unexpected error:
>> 22-Feb-2022 23:11:58.715 general: error: getting interface addresses:
>> getifaddrs: Address family not supported by protocol
>> 22-Feb-2022 23:11:58.715 network: warning: not listening on any interfaces
>> *snip*
>> *snip*
>> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
>> 22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS)
>> failed: Protocol not available
>> 22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel
>>

Re: linux debian jail - network problems

2022-02-24 Thread Sami Halabi 
Hi,
Added Current, maybe will be lucky ;)

Anyone have idea how approach and fix this?

Sami

בתאריך יום ג׳, 22 בפבר׳ 2022, 23:30, מאת Sami Halabi ‏:

> Hi all,
> sorry for the cross post but I need help and I'm not sure where it hangs.
>
> I create linux jail (debian bullseye) via cbsd.
> the jail is being populated with the debian userland..
> so far so good... services running (sshd) and I can login to the jail, I
> also can update packages and I can install apache httpd and all works fine
> (apt install or make from src).
> I also manage to install packages even if their scripts depend on "ip"
> command that fails:
> cbsd@j2> ip
> Cannot open netlink socket: Address family not supported by protocol
>
> ifconfig show empty interfaces:
> cbsd@j2> ifconfig
> eth0: flags=4163  mtu 1500
> ether 00:50:56:0a:b3:a0  (Ethernet)
> RX packets 139798314  bytes 12029597009 (11.2 GiB)
> RX errors 0  dropped 0  overruns 0  frame 0
> TX packets 26879143  bytes 34400160833 (32.0 GiB)
> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>
> lo0: flags=4169  mtu 16384
> loop  (Local Loopback)
> RX packets 28548  bytes 160312960 (152.8 MiB)
> RX errors 0  dropped 0  overruns 0  frame 0
> TX packets 28548  bytes 160312960 (152.8 MiB)
> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>
> I know linux emulation doesn't implement netlink.. so what I do is fake
> the response by replacing /bin/ip by a bash script that prints the correct
> IP and fakes some other (needed by packages i Installed):
> #!/bin/bash
> if [ "$1" = "-o" ]; then
> echo "1: eth0 inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0"
> elif [ "$1" = "route" ]; then
> if [ "$2" = "get" ]; then
> echo "8.8.8.8 via  192.168.1.2   dev eth0  src
> 192.168.1.2  "
> else
> echo "default via  192.168.1.2   dev eth0"
> fi
> else
> echo "1: eth0:  mtu 1500 qdisc mq state
> UP qlen 1000"
> echo "  inet  192.168.1.2  /24 brd  192.168.1.255 scope global eth0"
>
>
> still ifconfig shows no IP... its time to say it a regular jail and *NOT*
> VNET.
>
> *however* package that pull ips via libraries fail..
> eg: installed bind916 (name) in the logs I see these errors (relevant
> only):
> cbsd@j2> service named start
> Starting domain name service...: namednamed: prctl(PR_SET_DUMPABLE)
> failed: Invalid argument
> cbsd@j2>
>
>
> log file shows:
> 22-Feb-2022 23:11:58.705 general: notice: BIND 9 is maintained by Internet
> Systems Consortium,
> 22-Feb-2022 23:11:58.705 general: notice: Inc. (ISC), a non-profit
> 501(c)(3) public-benefit
> 22-Feb-2022 23:11:58.705 general: notice: corporation.  Support and
> training for BIND 9 are
> 22-Feb-2022 23:11:58.705 general: notice: available at
> https://www.isc.org/support
> 22-Feb-2022 23:11:58.705 general: notice:
> 
> 22-Feb-2022 23:11:58.705 general: info: found 6 CPUs, using 6 worker
> threads
> 22-Feb-2022 23:11:58.705 general: info: using 6 UDP listeners per interface
> 22-Feb-2022 23:11:58.705 general: info: using up to 21000 sockets
> 22-Feb-2022 23:11:58.715 general: info: loading configuration from
> '/etc/bind/named.conf'
> 22-Feb-2022 23:11:58.715 general: info: reading built-in trust anchors
> from file '/etc/bind/bind.keys'
> 22-Feb-2022 23:11:58.715 general: info: looking for GeoIP2 databases in
> '/usr/share/GeoIP'
> 22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv4 port range:
> [1024, 65535]
> 22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv6 port range:
> [1024, 65535]
> 22-Feb-2022 23:11:58.715 network: info: no IPv6 interfaces found
> 22-Feb-2022 23:11:58.715 general: error: ifiter_getifaddrs.c:79:
> unexpected error:
> 22-Feb-2022 23:11:58.715 general: error: getting interface addresses:
> getifaddrs: Address family not supported by protocol
> 22-Feb-2022 23:11:58.715 network: warning: not listening on any interfaces
> *snip*
> *snip*
> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
> 22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS)
> failed: Protocol not available
> 22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel
> 127.0.0.1#953: permission denied
> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
> 22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS)
> failed: Protocol not available
> 22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel
> 127.0.0.1#953: permission denied
> 22-Feb-2022 23:11:58.735 zoneload: info: managed-keys-zone: loaded serial
> 24
> 22-Feb-2022 23:11:58.735 zoneload: info: zone 0.in-addr.arpa/IN: loaded
> serial 1
> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
> 22-Feb-2022 23:11:58.735 general: error: setsockopt(512, IP_RECVTOS)
> failed: Protocol not available
> 22-Feb-2022 23:11:58.735 general: