RUNNING flag remains unset upon reinserting a gre into VNET jail
John W. O'Brien
john at saltant.com
Thu May 7 12:03:59 UTC 2020
On 2020/05/07 03:27, Andrey V. Elsukov wrote:
> On 06.05.2020 10:00, Andrey V. Elsukov wrote:
>>> # create a gre outside the jail, configure its tunnel endpoints
>>>
>>> ifconfig gre0 create tunnel 10.1.1.1 10.2.2.2
>>> ifconfig gre0 # not RUNNING (OK)
>>>
>>> # place the gre into the jail, it should be running now
>>>
>>> ifconfig gre0 vnet demo
>>> jexec demo ifconfig gre0 # not RUNNING (not OK)
>>
>> Hi,
>>
>> I'm not an advanced jail user, so this is my conclusion from a quick
>> code look. It looks to me that all IPv4/IPv6 addresses should be purged
>> from the interface that was moved from one vnet to another. The fact
>> that tunnel's config still here is due to it is stored in the private
>> interface's softc. Thus when you move ifnet from one vnet to another,
>> ifaddr_event_ext is not handled properly and interface doesn't change
>> its state.
>>
>> If my conclusion is correct, I see two ways to fix this:
>> 1. Add if_reassign() method to all tunneling interfaces and clear
>> tunnel config when ifnet is moved to new jail. This will force you
>> reconfigure interface after moving. Probably this is POLA violation.
>
> Hi,
>
> I think this patch should help:
> https://people.freebsd.org/~ae/gre.diff
>
> It is untested, if you have time please, test and report back.
> The patch will clear tunnel config after moving from one vnet to
> another. Thus you need to reconfigure all addresses.
>
>> 2. Add if_reassign() method to all tunneling interfaces, that will
>> invoke ifaddr_evnet_ext handler. This requires more code and looks
>> hackish to me. :)
Hi Andrey,
Your assessment and choice of fix sound right to me. If ordinary
addresses are removed upon iface movement between VNETs, then it makes
sense that tunnel addresses would be too.
I will do my best to test in the coming days.
--
John W. O'Brien
OpenPGP keys:
0x33C4D64B895DBF3B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20200507/121166f6/attachment.sig>
More information about the freebsd-net
mailing list