Re: IPv4 addresses clash / jails not working after reboot…

Łukasz Wąsikowski lukasz at wasikowski.net
Sun Apr 21 10:55:59 UTC 2013 

W dniu 2013-04-12 19:02, Jamie Gritton pisze:

> On 04/12/13 10:53, Łukasz Wąsikowski wrote:
>> W dniu 2013-03-08 00:22, Jamie Gritton pisze:
>>
>>> You're allowed to have the same address in multiple jails, but only in
>>> the case of jails that have one address (i.e. one IPv4 address in this
>>> case). Jails with multiple IP addresses can't share any of those
>>> addresses with other jails. I don't know why it should work once and
>>> then not work later though.
>>
>> That's not true. You can have multiple IPs in jails. You can have
>> multiple jails sharing the same IP. You can have multiple jails sharing
>> the same multiple IPs. So:
>>
>> jail1: ipv4_ip1
>> jail2: ipv4_ip2, ipv6_ip1, ipv6_ip2
>> jail3: ipv4_ip2, ipv6_ip1, ipv6_ip2
>>
>> will work. But configuration like this:
>>
>> jail1: ipv4_ip1
>> jail2: ipv4_ip2, ipv6_ip1, ipv6_ip2
>> jail3: ipv4_ip2, ipv6_ip1
>>
>> will not, because jail2 and jail3 share only some IPs. I've tried
>> configuration like this on 9.1-STABLE around december 2012 and it ended
>> with panic. So I'm using the configuration from the first example and it
>> works ok.
> 
> Well ending in a panic is beyond the bounds of what's supported, and
> into what apparently is broken - I was just talking about the intent as
> I read it into the code. Is this panic of yours repeatable? I'd like to
> get the exact configuration you were using, so I could try to repeat
> (and fix) whatever the problem was.

I'm sorry for the delay, I simply didn't have much time to test it. The
simpliest way to reproduce this problem is:

1. Install i386 version (didn't tried amd64) of 9.1-RELEASE. Do default
install, nothing fancy, install ports and src.

2. Add to GENERIC kernel
options         RACCT
options         RCTL

Without those I couldn't reproduce the problem.

3. Add some IP aliases to your interface (ie. 192.168.100.1,
192.168.100.2 and 192.168.100.3).

4. Create some multiip jails which share some (but not all) IPs and try
to start it. It will end in panic. I use ezjail for it, so:

cd /usr/ports/sysutils/ezjail && make install clean && mkdir /usr/jails
&& ezjail-admin install && ezjail-admin create jtest1
192.168.100.1,192.168.100.2 && ezjail-admin create jtest2
192.168.100.1,192.168.100.2,192.168.100.3

service ezjail onestart

and it ends with panic:

panic: page fault

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...

Unread portion of the kernel message buffer:
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 1350 (jail)
trap number             = 12
panic: page fault
cpuid = 2
KDB: stack backtrace:
#0 0xc0af88ff at kdb_backtrace+0x4f
#1 0xc0ac51bf at panic+0x16f
#2 0xc0e2b933 at trap_fatal+0x323
#3 0xc0e2ba3b at trap_pfault+0xfb
#4 0xc0e2c9aa at trap+0x44a
#5 0xc0e15f8c at calltrap+0x6
#6 0xc0a9897a at prison_deref+0x42a
#7 0xc0a9dd3e at kern_jail_set+0x3b7e
#8 0xc0a9e0c0 at sys_jail_set+0x50
#9 0xc0e2c0ba at syscall+0x34a
#10 0xc0e15ff1 at Xint0x80_syscall+0x21
Uptime: 47s

-- 
best regards,
Lukasz Wasikowski

More information about the freebsd-jail mailing list