From nobody Thu May 15 20:03:48 2025 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Zz1PN5qFTz5wr0f for ; Thu, 15 May 2025 20:03:52 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Zz1PN4s3Bz3QQd; Thu, 15 May 2025 20:03:52 +0000 (UTC) (envelope-from kp@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1747339432; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NcnrLjAbjqkliLNapfsnnskBfLGUv8OA9ATBOYN1lp0=; b=WqIOSoRCyAaprnh+/71AsvnKX7hsbH1Z/27jmprr3tIWgyX5PSrnjehxm6osbmkdNtoPeA 1gyGsoCg1Hh5bh/2Gebo+HnsTf/JALX30VAjcr5WkvENCybtvTRFviH+DfMiJtpHQDYrF9 6O4lismNfJo9mYKqQhACZsF2T3+kXF8y4fATcyJIUSo9fVXA3Ti6zXsj5XgBljyFgfhYLF cG9KaflvP2XcglZPsPVBVSKgHozCPTOsCICoFiRKl2WIyjc6NvAy+4ZMSeqJfIOyzbR6x0 U4kab2RmsggU7hMpqWF23cCcJjW+pDmxpTmdKYN1Eg1GYbkwzrKkX90qWe9bbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1747339432; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NcnrLjAbjqkliLNapfsnnskBfLGUv8OA9ATBOYN1lp0=; b=b62MPIcibyrNKRMiTc148oXexRLMVJ04GXjrMUr7/V5ZxSs3l7awVMjdnUJ2IixHWbwnNB NuwlIFpUNdH9fMfJb0KqHv8ZWEIMJI1HmmN3Tzw0bb6xZyRHEiTDa0GqhdKNV62KPoCKxa xQJon+7wlrRJXhxAJbdPVt6HuqSc8rf4PtqNveJ45Hj/8tfUsXFr9lQIO0TFWYyKj3ozYr ZqS7qxMoZ0iwsnoJlBVvcynZbP8JcqDBV6v+0BEDlBLyJ2bcetx9F5iMawSzkn3sKV1GaX c3leUXJBPwdcMxV8JzQyKyOap+i/TmVRYl0GjQGUL9gW95Etly5EbQ0wuNHWuw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1747339432; a=rsa-sha256; cv=none; b=tHgJj7U2y5U9n1RijJUxFLn88urBjk2d0asr4yrLxWzB93JqkmaTQdanhkRtG8eQS8qlAM SemtaIAFtNctNCYeh27E/sHDL5JmmnKfiKVXb4vdsiUWQHwKZIQ2MKrXAaoUiVHjh+C+2C 1v0g+DUncSZZnBCzpEtUqvwsU0FBOmqqvqVSy7AXgZ0BAwdIZ+Ju5USYQXl2SXcCLahTSJ I56nudkXNodQTLL2L20/X821hMSOSZJbX8QjNOSHEvyrEbo4yYai4DTOooPrBlk10GQGaI TjUN1zWwvqdMYDA5hYgWxBHBAupgvS1fK7PGqIYUl+ww0+fXGsoCJS7oRdX3Yg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from venus.codepro.be (venus.codepro.be [5.9.86.228]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mx1.codepro.be", Issuer "R11" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id 4Zz1PN2fkRzFQ3; Thu, 15 May 2025 20:03:52 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: by venus.codepro.be (Postfix, authenticated sender kp) id 61CCE4ECF2; Thu, 15 May 2025 22:03:49 +0200 (CEST) From: Kristof Provost To: Cy Schubert Cc: ivy@freebsd.org, freebsd-current@freebsd.org Subject: Re: epair(4) Date: Thu, 15 May 2025 22:03:48 +0200 X-Mailer: MailMate (2.0r6255) Message-ID: In-Reply-To: <20250515194006.A69EAB6@slippy.cwsent.com> References: <20250515162552.9209B20E@slippy.cwsent.com> <20250515185919.87008219@slippy.cwsent.com> <406249F9-B0FC-4E22-9402-683531321E72@FreeBSD.org> <20250515194006.A69EAB6@slippy.cwsent.com> List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_MailMate_8113C02E-552C-4ACF-AB09-492E38A28ABB_=" Content-Transfer-Encoding: 8bit --=_MailMate_8113C02E-552C-4ACF-AB09-492E38A28ABB_= Content-Type: text/plain; charset=UTF-8; format=flowed; markup=markdown Content-Transfer-Encoding: 8bit On 15 May 2025, at 21:40, Cy Schubert wrote: > In message <406249F9-B0FC-4E22-9402-683531321E72@FreeBSD.org>, Kristof > Provost > writes: >> On 15 May 2025, at 20:59, Cy Schubert wrote: >>> In message <20250515162552.9209B20E@slippy.cwsent.com>, Cy Schubert >>> wri= >> tes: >>>> Over the last couple of days epair(4) fails to set up when an IP >>>> addre= >> ss is >>>> specified. >>>> >>>> bob# service jail onestart test2 >>>> Starting jails: cannot start jail "test2": >>>> epair0a >>>> ifconfig: ioctl (SIOCAIFADDR): Invalid argument >>>> jail: test2: /sbin/ifconfig epair0a inet 10.1.1.70 netmask >>>> 0xffffff00 = >> up: >>>> failed >>>> . >>>> bob# ifconfig epair0a inet 10.1.1.70 netmask 0xffffff00 >>>> ifconfig: ioctl (SIOCAIFADDR): Invalid argument >>>> bob# ifconfig epair0a inet up >>>> bob# >>> >>> This regression is caused by b61850c4e6f6. >>> >> Is epair0a a member of a bridge? If so, that=E2=80=99s a >> configuration er= >> ror which is now prevented (by default). > > Yes, epair0a, member of bridge0 is prevented from coming up. > > My jail configuration: > > test2 { > $if = "0"; # Jail ID number > $ip_addr = "10.1.1.71"; # Jail ipv4 address > $netmask = "0xffffff00"; > $ip_host = "10.1.1.70"; # Gateway or host's ipv4 > address > $ip_route = "10.1.1.254"; # Gateway or host's > ipv4 > address > $ip6_addr = "fc00:1:1:1::47"; # Jail ipv6 address > $ip6_route = "fc00:1:1:1::fffe"; # Gateway or host's ipv6 > address > vnet; > vnet.interface = "epair${if}b"; > allow.set_hostname = "1"; > exec.prestart = "/sbin/sysctl kern.sugid_coredump=1"; > exec.prestart = "ifconfig epair${if} create up"; > exec.prestart += "ifconfig bridge0 addm epair${if}a"; > # exec.prestart += "ifconfig bridge0 addm sk0"; > exec.prestart += "/sbin/ifconfig epair${if}a inet ${ip_host} > netmask > ${netmask} up"; > # exec.prestart += "/sbin/route change -host ${ip_host} -iface > epair${if}a"; > # exec.prestart += "/sbin/route add -host ${ip_addr} -iface > epair${if}a"; > exec.start = "/sbin/ifconfig epair${if}b inet ${ip_addr} > netmask > ${netmask} up"; > exec.start += "/sbin/ifconfig epair${if}b inet6 ${ip6_addr} > up"; > exec.start += "/sbin/route add default -gateway > ${ip_route}"; > exec.start += "/sbin/route add -inet6 default -gateway > ${ip6_route}"; > exec.start += "/bin/sh /etc/rc"; > exec.stop = "/bin/sh /etc/rc.shutdown"; > exec.poststop = "ifconfig epair${if}a destroy"; > # exec.poststop += "ifconfig bridge0 deletem sk0"; > } > > You’ll want to assign the IP address to the bridge, not to epair0a. It’s less obvious with IPv4 than it would be with IPv6, but assigning the address to epair0a breaks multicast. Best regards, Kristof --=_MailMate_8113C02E-552C-4ACF-AB09-492E38A28ABB_= Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

On 15 May 2025, at 21:40, Cy Schubert wrote:

In message 406249F9-B0FC-4E22-9402-683531321E72@FreeBSD.org, Kristof
Provost
writes:

On 15 May 2025, at 20:59, Cy Schubert wrote:

In message 20250515162552.9209B20E@slippy.cwsent.com, Cy Schubert= wri=3D

tes:

Over the last couple of days epair(4) fails to set up whe= n an IP addre=3D

ss is

specified.

bob# service jail onestart test2
Starting jails: cannot start jail "test2":
epair0a
ifconfig: ioctl (SIOCAIFADDR): Invalid argument
jail: test2: /sbin/ifconfig epair0a inet 10.1.1.70 netmask 0xffffff00 =3D=

up:

failed
=2E
bob# ifconfig epair0a inet 10.1.1.70 netmask 0xffffff00
ifconfig: ioctl (SIOCAIFADDR): Invalid argument
bob# ifconfig epair0a inet up
bob#

This regression is caused by b61850c4e6f6.

Is epair0a a member of a bridge? If so, that=3DE2=3D80=3D= 99s a configuration er=3D
ror which is now prevented (by default).

Yes, epair0a, member of bridge0 is prevented from coming = up.

My jail configuration:

test2 {
$if =3D "0"; # Jail ID number<= br> $ip_addr =3D "10.1.1.71"; # Jail ipv4 address $netmask =3D "0xffffff00";
$ip_host =3D "10.1.1.70"; # Gateway or host= 's ipv4
address
$ip_route =3D "10.1.1.254"; # Gateway or hos= t's ipv4
address
$ip6_addr =3D "fc00:1:1:1::47"; # Jail ipv6 addr= ess
$ip6_route =3D "fc00:1:1:1::fffe"; # Gateway or host= 's ipv6
address
vnet;
vnet.interface =3D "epair${if}b";
allow.set_hostname =3D "1";
exec.prestart =3D "/sbin/sysctl kern.sugid_coredump=3D1";=
exec.prestart =3D "ifconfig epair${if} create up";
exec.prestart +=3D "ifconfig bridge0 addm epair${if}a";

exec.prestart +=3D "ifconfig bridge0 addm sk0";

exec.prestart +=3D "/sbin/ifconfig epair${if}a = inet ${ip_host} netmask
${netmask} up";

exec.prestart +=3D "/sbin/route change -host ${ip_host} -if= ace

epair${if}a";

exec.prestart +=3D "/sbin/route add -host ${ip_addr} -iface=

epair${if}a";
exec.start =3D "/sbin/ifconfig epair${if}b inet ${ip_addr} = netmask
${netmask} up";
exec.start +=3D "/sbin/ifconfig epair${if}b inet6 ${ip6_addr= } up";
exec.start +=3D "/sbin/route add default -gateway ${ip_route= }";
exec.start +=3D "/sbin/route add -inet6 default -gateway
= ${ip6_route}";
exec.start +=3D "/bin/sh /etc/rc";
exec.stop =3D "/bin/sh /etc/rc.shutdown";
exec.poststop =3D "ifconfig epair${if}a destroy";

exec.poststop +=3D "ifconfig bridge0 deletem sk0";

}

You=E2=80=99ll want to assign the IP address to the bridg= e, not to epair0a.
It=E2=80=99s less obvious with IPv4 than it would be with IPv6, but assig= ning the address to epair0a breaks multicast.

Best regards,
Kristof

--=_MailMate_8113C02E-552C-4ACF-AB09-492E38A28ABB_=--