RUNNING flag remains unset upon reinserting a gre into VNET jail
Andrey V. Elsukov
bu7cher at yandex.ru
Thu May 7 07:32:16 UTC 2020
On 06.05.2020 10:00, Andrey V. Elsukov wrote:
>> # create a gre outside the jail, configure its tunnel endpoints
>>
>> ifconfig gre0 create tunnel 10.1.1.1 10.2.2.2
>> ifconfig gre0 # not RUNNING (OK)
>>
>> # place the gre into the jail, it should be running now
>>
>> ifconfig gre0 vnet demo
>> jexec demo ifconfig gre0 # not RUNNING (not OK)
>
> Hi,
>
> I'm not an advanced jail user, so this is my conclusion from a quick
> code look. It looks to me that all IPv4/IPv6 addresses should be purged
> from the interface that was moved from one vnet to another. The fact
> that tunnel's config still here is due to it is stored in the private
> interface's softc. Thus when you move ifnet from one vnet to another,
> ifaddr_event_ext is not handled properly and interface doesn't change
> its state.
>
> If my conclusion is correct, I see two ways to fix this:
> 1. Add if_reassign() method to all tunneling interfaces and clear
> tunnel config when ifnet is moved to new jail. This will force you
> reconfigure interface after moving. Probably this is POLA violation.
Hi,
I think this patch should help:
https://people.freebsd.org/~ae/gre.diff
It is untested, if you have time please, test and report back.
The patch will clear tunnel config after moving from one vnet to
another. Thus you need to reconfigure all addresses.
> 2. Add if_reassign() method to all tunneling interfaces, that will
> invoke ifaddr_evnet_ext handler. This requires more code and looks
> hackish to me. :)
--
WBR, Andrey V. Elsukov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20200507/01bfed41/attachment.sig>
More information about the freebsd-net
mailing list