From nobody Tue Jan 10 05:51:06 2023 X-Original-To: freebsd-emulation@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Nrg0Z0qdgz2qkb4 for ; Tue, 10 Jan 2023 05:51:10 +0000 (UTC) (envelope-from Mathias.Picker@virtual-earth.de) Received: from www94.your-server.de (www94.your-server.de [213.133.104.94]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Nrg0Y24jRz42rQ for ; Tue, 10 Jan 2023 05:51:09 +0000 (UTC) (envelope-from Mathias.Picker@virtual-earth.de) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=virtual-earth.de header.s=default_1811 header.b=dvWF3iBb; spf=pass (mx1.freebsd.org: domain of Mathias.Picker@virtual-earth.de designates 213.133.104.94 as permitted sender) smtp.mailfrom=Mathias.Picker@virtual-earth.de; dmarc=pass (policy=none) header.from=virtual-earth.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtual-earth.de; s=default_1811; h=Content-Transfer-Encoding:Content-Type: MIME-Version:Message-ID:Subject:To:From:Date:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References; bh=DK3M4sFGCsi5yt0XJhICNue/a0Uuhnne3/DPJ3l/lIA=; b=dvWF3iBb/O0GRxIB4Ld38J5xgf OXYPL/PZJZzOVwPEnNOmevEqO0vv33GTTVWy3fS6E1Kw8bnKdzm27FmTyXnlxmZXQT3fI26iq7wm0 hIDBTRkEP6nXFHmJpcfYkXNx6ymGrYhlzOs+/Ojjhh5GdhRTE7O48rOLEHPFLJV3cHQ+eHC2Su+R2 8rkmYkLnWJKh+ObfSYySI9s0pAkb4EfnpcoYxzMYWOFRxhYorpKZLthnda6mNq9fKDlTMddSWQ8ab 0kpY3BqoP7JVcH+3d5+NEx2uGSA0vsolrYvHjLKboa9ItAPFb5rVGgLEUaYHHwfr8zlpmdhdItNxH TsAdHYDQ==; Received: from sslproxy03.your-server.de ([88.198.220.132]) by www94.your-server.de with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1pF7XP-000JPT-CM for freebsd-emulation@freebsd.org; Tue, 10 Jan 2023 06:51:07 +0100 Received: from [2a01:c23:bdaa:d400:a0fd:a8b7:c5e5:1d39] (helo=[IPv6:::1]) by sslproxy03.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pF7XP-000OCT-7Z for freebsd-emulation@freebsd.org; Tue, 10 Jan 2023 06:51:07 +0100 Date: Tue, 10 Jan 2023 06:51:06 +0100 From: Mathias Picker To: freebsd-emulation@freebsd.org Subject: Linux jail 14-CURRENT: DNS does not work for *some* programs? User-Agent: K-9 Mail for Android Message-ID: List-Id: Development of Emulators of other operating systems List-Archive: https://lists.freebsd.org/archives/freebsd-emulation List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-emulation@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=----0YMTFLJNZJNNVYLKHC663FYMB9TF3L Content-Transfer-Encoding: 7bit X-Authenticated-Sender: Mathias.Picker@virtual-earth.de X-Virus-Scanned: Clear (ClamAV 0.103.7/26776/Mon Jan 9 10:39:18 2023) X-Spamd-Result: default: False [-3.00 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.996]; DMARC_POLICY_ALLOW(-0.50)[virtual-earth.de,none]; R_SPF_ALLOW(-0.20)[+mx]; R_DKIM_ALLOW(-0.20)[virtual-earth.de:s=default_1811]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_IN_DNSWL_NONE(0.00)[213.133.104.94:from]; ASN(0.00)[asn:24940, ipnet:213.133.96.0/19, country:DE]; MIME_TRACE(0.00)[0:+,1:+,2:~]; MLMMJ_DEST(0.00)[freebsd-emulation@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; DKIM_TRACE(0.00)[virtual-earth.de:+]; FROM_HAS_DN(0.00)[]; TO_DN_NONE(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; HAS_X_AS(0.00)[] X-Rspamd-Queue-Id: 4Nrg0Y24jRz42rQ X-Spamd-Bar: -- X-ThisMailContainsUnwantedMimeParts: N ------0YMTFLJNZJNNVYLKHC663FYMB9TF3L Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi all, I=E2=80=99m testing a few linux triplestore in a linux jail, and used 13= =2E1 which worked fine most of the time=2E Now one of the stores shows dropped connections with many clients, and as = I can see logs of netlink errors in the logs, I thought I=E2=80=99d try -CU= RRENT=2E Sadly, my linux jail (Ubuntu 16=2E04=2E7) now shows an irritating behaviou= r, some programs seem to hang indefinitely waiting for name resolution: Inside the jail: Working version with ping root@bayerlinux:/home/mathiasp/triplestore-analysis/tmp# ping google=2Ede WARNING: setsockopt(ICMP_FILTER): Protocol not available PING google=2Ede (172=2E217=2E16=2E131) 56(84) bytes of data=2E Outside: root@kap:/usr/home/mathiasp # tcpdump -ni bayerlinux_b tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on bayerlinux_b, link-type EN10MB (Ethernet), capture size 26214= 4 bytes 20:17:10=2E852625 IP 192=2E168=2E100=2E10=2E13809 > 192=2E168=2E100=2E1=2E= 53: 3191+ [1au] A? google=2Ede=2E (38) 20:17:10=2E852668 IP 192=2E168=2E100=2E1=2E53 > 192=2E168=2E100=2E10=2E138= 09: 3191 1/0/1 A 172=2E217=2E16=2E131 (54) Non-working with wget (same for curl and others) Inside the jail: root@bayerlinux:/home/mathiasp/triplestore-analysis/tmp# wget http://googl= e=2Ede/ --2023-01-09 19:21:58-- http://google=2Ede/ Resolving google=2Ede (google=2Ede)=2E=2E=2E (waitet for max 5 minutes, no= change) Outside the jail: root@kap:/usr/home/mathiasp # tcpdump -ni bayerlinux_b tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on bayerlinux_b, link-type EN10MB (Ethernet), capture size 26214= 4 bytes 20:17:02=2E738570 IP 192=2E168=2E100=2E10=2E60967 > 192=2E168=2E100=2E1=2E= 53: 30219+ A? google=2Ede=2E (27) 20:17:02=2E738893 IP 192=2E168=2E100=2E1=2E53 > 192=2E168=2E100=2E10=2E609= 67: 30219 1/0/0 A 172=2E217=2E16=2E131 (43) So, this tcpdump looks pretty much as if both got answers from unbound=2E Why is wget (and host, and curl, and sudo) not =E2=80=9Cgetting=E2=80=9D t= his answer? Any ideas where to look or questions about my setup welcome! This Jail works fine on 13=2E1 This is on a recent current: FreeBSD kap=2Evirtual-earth=2Ede 14=2E0-CURRENT FreeBSD 14=2E0-CURRENT #0 = main-n259979-9408f36627b7: Mon Jan 9 16:36:51 CET 2023 root@kap=2Evirtual-= earth=2Ede:/usr/obj/usr/src/amd64=2Eamd64/sys/GENERIC-NODEBUG amd64 /etc/jail=2Econf looks like this: $iface=3D"igb0"; $j=3D"/jail"; path=3D"/jails/$name"; mount=2Edevfs; exec=2Eclean; exec=2Estart=3D"sh /etc/rc"; exec=2Estop=3D"sh /etc/rc=2Eshutdown"; exec=2Eprestart=3D"logger starting jail $name =2E=2E=2E"; exec=2Epoststart=3D"logger jail $name has started"; exec=2Eprestop=3D"logger shutting down jail $name"; exec=2Epoststop=3D"logger jail $name has shut down"; # generic hostnames host=2Ehostname=3D"$name=2Ekap=2Elocal"; # vnet jails vnet; vnet=2Einterface=3D"${name}_j"; exec=2Eprestart+=3D"/usr/local/sbin/jailtobridge $name jailbridge0"; exec=2Epoststop+=3D"/sbin/ifconfig jailbridge0 deletem ${name}_b;/sbin/ifc= onfig ${name}_b destroy"; exec=2Econsolelog=3D"/var/log/jails/$name-console=2Elog"; # linux jails # needs FreeBSD ifconfig and route from /rescue to work! bayerlinux { mount=2Efstab=3D"/jails/fstabs/bayerlinux"; allow=2Emount; allow=2Eraw_sockets; allow=2Eread_msgbuf; allow=2Esocket_af; sysvmsg; sysvsem; sysvshm; exec=2Estart =3D "/etc/init=2Ed/rc 3"; exec=2Estop =3D "/etc/init=2Ed/rc 0"; persist; } Thanks, Mathias Mathias Picker Gesch=C3=A4ftsf=C3=BChrer virtual earth Gesellschaft f=C3=BCr Wissens re/pr=C3=A4 sentation mbH Westendstr=2E 142 80339 M=C3=BCnchen +4915256178344 ------0YMTFLJNZJNNVYLKHC663FYMB9TF3L Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi all,

I=E2=80=99m testing a few linux t= riplestore in a linux jail, and used 13=2E1 which worked fine most of the t= ime=2E

Now one of the stores shows dropped connections with many cli= ents, and as I can see logs of netlink errors in the logs, I thought I=E2= =80=99d try -CURRENT=2E

Sadly, my linux jail (Ubuntu 16=2E04=2E7) no= w shows an irritating behaviour, some programs seem to hang indefinitely wa= iting for name resolution:

Inside the jail:

Working version w= ith ping

root@bayerlinux:/home/mathiasp/triplestore-analysis/tmp# pi= ng google=2Ede
WARNING: setsockopt(ICMP_FILTER): Protocol not available<= br>PING google=2Ede (172=2E217=2E16=2E131) 56(84) bytes of data=2E
Outsi= de:
root@kap:/usr/home/mathiasp # tcpdump -ni bayerlinux_b
tcpdump: v= erbose output suppressed, use -v or -vv for full protocol decode
listeni= ng on bayerlinux_b, link-type EN10MB (Ethernet), capture size 262144 bytes<= br>20:17:10=2E852625 IP 192=2E168=2E100=2E10=2E13809 > 192=2E168=2E100= =2E1=2E53: 3191+ [1au] A? google=2Ede=2E (38)
20:17:10=2E852668 IP 192= =2E168=2E100=2E1=2E53 > 192=2E168=2E100=2E10=2E13809: 3191 1/0/1 A 172= =2E217=2E16=2E131 (54)

Non-working with wget (same for curl and othe= rs)

Inside the jail:
root@bayerlinux:/home/mathiasp/triplestore-a= nalysis/tmp# wget http://google=2Ede/--2023-01-09 19:21:58--=C2=A0 http://goog= le=2Ede/
Resolving google=2Ede (google=2Ede)=2E=2E=2E (waitet for ma= x 5 minutes, no change)
Outside the jail:
root@kap:/usr/home/mathiasp= # tcpdump -ni bayerlinux_b
tcpdump: verbose output suppressed, use -v o= r -vv for full protocol decode
listening on bayerlinux_b, link-type EN10= MB (Ethernet), capture size 262144 bytes
20:17:02=2E738570 IP 192=2E168= =2E100=2E10=2E60967 > 192=2E168=2E100=2E1=2E53: 30219+ A? google=2Ede=2E= (27)
20:17:02=2E738893 IP 192=2E168=2E100=2E1=2E53 > 192=2E168=2E100= =2E10=2E60967: 30219 1/0/0 A 172=2E217=2E16=2E131 (43)

So, this tcpd= ump looks pretty much as if both got answers from unbound=2E
Why is wget= (and host, and curl, and sudo) not =E2=80=9Cgetting=E2=80=9D this answer?<= br>
Any ideas where to look or questions about my setup welcome!

= This Jail works fine on 13=2E1

This is on a recent current:

F= reeBSD kap=2Evirtual-earth=2Ede 14=2E0-CURRENT FreeBSD 14=2E0-CURRENT #0 ma= in-n259979-9408f36627b7: Mon Jan=C2=A0 9 16:36:51 CET 2023 root@kap=2Evirtu= al-earth=2Ede:/usr/obj/usr/src/amd64=2Eamd64/sys/GENERIC-NODEBUG amd64
<= br>/etc/jail=2Econf looks like this:

$iface=3D"igb0";
$j=3D"/jail= ";
path=3D"/jails/$name";

mount=2Edevfs;

exec=2Eclean;
= exec=2Estart=3D"sh /etc/rc";
exec=2Estop=3D"sh /etc/rc=2Eshutdown";
e= xec=2Eprestart=3D"logger starting jail $name =2E=2E=2E";
exec=2Epoststar= t=3D"logger jail $name has started";
exec=2Eprestop=3D"logger shutting d= own jail $name";
exec=2Epoststop=3D"logger jail $name has shut down";
# generic hostnames

host=2Ehostname=3D"$name=2Ekap=2Elocal";


# vnet jails
vnet;
vnet=2Einterface=3D"${name}_j";
ex= ec=2Eprestart+=3D"/usr/local/sbin/jailtobridge $name jailbridge0";
exec= =2Epoststop+=3D"/sbin/ifconfig jailbridge0 deletem ${name}_b;/sbin/ifconfig= ${name}_b destroy";

exec=2Econsolelog=3D"/var/log/jails/$name-conso= le=2Elog";

# linux jails
# needs FreeBSD ifconfig and route from = /rescue to work!

bayerlinux {
mount=2Efstab=3D"/jails/fstabs/baye= rlinux";
allow=2Emount;
allow=2Eraw_sockets;
allow=2Eread_msgbuf;<= br>allow=2Esocket_af;
sysvmsg;
sysvsem;
sysvshm;
exec=2Estart = =3D "/etc/init=2Ed/rc 3";
exec=2Estop =3D "/etc/init=2Ed/rc 0";
persi= st;
}


Thanks,

Mathias
Mathias Picker
Gesch=C3=A4= ftsf=C3=BChrer
virtual earth Gesellschaft f=C3=BCr Wissens re/pr=C3=A4 s= entation mbH
Westendstr=2E 142
80339 M=C3=BCnchen
+4915256178344 ------0YMTFLJNZJNNVYLKHC663FYMB9TF3L--