Problem using bz's multi-IP/IPv6/No-IP Jail Patch (7-STABLE)
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Tue Mar 10 04:05:08 PDT 2009
On Mon, 9 Mar 2009, Jamie Gritton wrote:
> Kage wrote:
>
>> Encountering more issues now. Binding just an IPv6 address to a jail
>> shows up in jls -v, but when I run ifconfig -a in the jail, I get an
>> error I've never encountered, and doesn't show up on any Google
>> search:
>>
>> [root at nub:/etc] jls -v
>> JID Hostname Path
>> Name State
>> CPUSetID
>> IP Address(es)
>> 9 jail.template.tld /usr/jails/TEMPLATE
>> ALIVE
>> 10
>> 2610:150:c248:dead:beef:c0ff:eec0:deaa
>>
>> [root at jail:/] ifconfig -a
>> ifconfig: socket(family 2,SOCK_DGRAM): Protocol not supported
>
> Recent patches reject sockets in jails that have no addresses in the
> socket's family. So if you jail has no IPv6 addresses, you won't be
> able to create any IPv6 sockets. Likewise your case: if that jail has
> no IPv4 addresses, then it's an IPv4-less jail, and IPv4 sockets won't
> work (Protocol not supported). For actual network connections, this
> makes sense: you won't be able to bind or connect with this socket, as
> there are no IPv4 addresses in the system.
>
> But ifconfig is a different situation. It just needs a socket of some
> sort, and AF_INET has always worked, because any networked system always
> has IPv4 support. But in an IPv4-less system (which an IPv4-less jail
> not acts like), this default isn't useful. Something will need to be
> fixed. I'm not sure if that something is ifconfig or the kernel.
I'd suggest fixing ifconfig if (easily) possible; that would avoid us
running into it again in a few months/year(s) when it might be
possible to compile an INET6 but no INET kernel.
--
Bjoern A. Zeeb The greatest risk is not taking one.
More information about the freebsd-jail
mailing list