can't find routing entry for network routes

Julian Elischer julian at elischer.org
Wed Oct 7 05:20:52 UTC 2009 

remodeler wrote:
> On Tue, 06 Oct 2009 18:37:49 -0700, Julian Elischer wrote
> 
>> please recap with a script that fails
> 
> Thank you for your response Julian. I very much respect the work everyone has
> done on netgraph / vimage / jails, and also the help extended to me.
> 
> Kernel options in addition to amd64 GENERIC are geom_journal, ufs_gjournal,
> geom_mirror, geom_eli, vimage, netgraph, netgraph_bridge, netgraph_ether, and
> netgraph_eiface. Additional devices are crypto. World and kernel are in sync.
> I have been testing by csup'ing from head, but I have the same errors in 8.0
> beta1, beta3, and rc1.
> 
>   # make a bridge and connect the physical ethernet interface to it
>   ngctl mkpeer msk0: bridge lower link0
>   ngctl name msk0:lower bridge0
>   ngctl connect msk0: bridge0: upper link1
> 
>   # Start Name Server Jail
>   jail -c -l -U root -n ns host.hostname=ns.my.org path=\
> /jail/j/ns vnet persist
>   mount -t procfs proc /jail/j/ns/proc
>   mount -t devfs dev /jail/j/ns/dev
>   devfs -m /jail/j/ns/dev rule -s 4 applyset

can you show rule set 4?

>   mount -t fdescfs null /jail/j/ns/dev/fd

gosh someone that uses that? wow

>   ngctl mkpeer eiface ether ether  

?? something missing here. mkpeer take 4 args


>   ngctl connect ngeth0: bridge0: ether link2

# I haven't checked teh man pages but I'd imagine something like:

ngctl mkpeer msk0: bridge lower lower
ngctl name msk0:lower bridge
ngctl connect bridge: msk0 upper upper
ngctl mkpeer bridge: eiface upper2 ether


>   ifconfig ngeth0 vnet ns
>   vimage ns ifconfig lo0 localhost

use jexec instead I think.
'vimage' will go away. it is teh 'old' interface.

>   vimage ns ifconfig ngeth0 link 02:0a:0b:0c:01:01
>   vimage ns ifconfig ngeth0 172.26.64.10
>   vimage ns route add default -link 00:23:54:08:2b:f7

?? why a link address?

> 
> This results in an error on applying the devfs ruleset, 

I don't know why that would be.
can you do that line on somewhere else, like /mnt? Or does it
only fail on the root of the jail?


> so I see all of root's
> /dev in the jail. I receive an error on the route command. I get identical
> errors when I specify / as the path and omit the mounts/devfs command. 

try using a normal IP address as the default route..

> 
> My expectation is that this would leave me with two network stacks, msk0 and
> ngeth0, with msk0 connected to the ng_bridge by its upper and lower hooks and
> ngeth0 by its ether hook. I would expect network connectivity over the bridge,
> and to be able to manipulate the vnet jail's FIB from the host to add a
> default route. Most of what I expect happens:
> 
> # ngctl list
> There are 5 total nodes:
>   Name: bridge0         Type: bridge          ID: 00000004   Num hooks: 3
>   Name: ipfw            Type: ipfw            ID: 00000001   Num hooks: 0
>   Name: ngeth0          Type: eiface          ID: 00000008   Num hooks: 1
>   Name: ngctl1633       Type: socket          ID: 0000000a   Num hooks: 0
>   Name: msk0            Type: ether           ID: 00000002   Num hooks: 2
> 
> # vimage -l
> ns
> 
> # jls
>    JID  IP Address      Hostname                      Path
>      1  -               ns.my.org                  /jail/j/ns
> 
> but the devfs ruleset command fails (executed on the host):
> 
> # devfs -m /jail/j/ns/dev rule -s 4 applyset
> devfs rule: ioctl DEVFSIO_SAPPLY: No such process
> 
> and in the jail:
> 
> ns# # devfs -m /jail/j/ns/dev rule -s 4 applyset
> #: Command not found.
> ns# fs rule: ioctl DEVFSIO_SAPPLY: No such processdevfs rule: ioctl
> DEVFSIO_SAPPLY: No such process
> 
> adding the route from the host:
> 
> # vimage ns route add default -link 00:23:54:08:2b:f7
> route: writing to routing socket: Network is unreachable
> add net default: gateway 00:23:54:08:2b:f7: Network is unreachable
> 
> and from the jail:
> 
> ns# route add default -link 00:23:54:08:2b:f7
> route: writing to routing socket: Network is unreachable
> add net default: gateway 00:23:54:08:2b:f7: Network is unreachable

try adding the IP address of your gateway on the 172 net.
(you haven't shown this).

> 
> I get the same error for netstat -r from the host and the jail:
> 
> # netstat -r
> netstat: kvm not available: /dev/mem: Permission denied
> Routing tables
> rt_tables: symbol not in namelist

it is possible that the kvm is not available to you becasue f hte 
jail, but it works for me on -current.


> 
> Before I compiled in Bjorn's patches, netstat -r worked properly on the host.
> The host has network connectivity. If I boot without starting the jail,
> everything works as I expect on the host (haven't tested that very far since
> the patches).

I get the imporession you want the jail to be on the 172 net but you 
don't actually HAVE a 172 net. Is that true?

> 
> Thank you.
> 
> 
> _______________________________________________
> freebsd-virtualization at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
> To unsubscribe, send any mail to "freebsd-virtualization-unsubscribe at freebsd.org"

More information about the freebsd-virtualization mailing list