Re: linux debian jail - network problems

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Zhenlei Huang <zlei.huang_at_gmail.com>
Date: Wed, 02 Mar 2022 02:22:33 UTC

> On Mar 1, 2022, at 6:42 PM, Sami Halabi <sodynet1@gmail.com> wrote:
> 
> How can I see the netlink wip status ?

Sorry it is not currently public visible. FreeBSD's Phabricator is a tool that is development focused.
If you're interested in it, please CC the author Alexander V. Chernikov .

> 
> בתאריך יום ו׳, 25 בפבר׳ 2022, 08:34, מאת Sami Halabi ‏<sodynet1@gmail.com <mailto:sodynet1@gmail.com>>:
> Hi,
> Thank you for your response.. I wonder if Is it really only netlink problem?

Maybe is or not. I'm not familiar with Linux emulation. You can refer to 
1. https://docs.freebsd.org/en/articles/linux-emulation/ <https://docs.freebsd.org/en/articles/linux-emulation/>
2. https://wiki.freebsd.org/Linuxulator <https://wiki.freebsd.org/Linuxulator>
> Their are fee problems in the logs.. I dont kbow if they all related only to netlink (prctl immutable for example).. I also saw oncompatibilities in socket.c ....
> 
> Btw: I tried to enter the link you sent and it asked for username and password.. its not public review?
> 
> Sami
> 
> בתאריך יום ו׳, 25 בפבר׳ 2022, 04:18, מאת Zhenlei Huang ‏<zlei.huang@gmail.com <mailto:zlei.huang@gmail.com>>:
> Hi,
> You can also track the WIP netlink feature, https://reviews.freebsd.org/D33975 <https://reviews.freebsd.org/D33975>
> 
>> On Feb 25, 2022, at 4:05 AM, Sami Halabi <sodynet1@gmail.com <mailto:sodynet1@gmail.com>> wrote:
>> 
>> Hi,
>> Added Current, maybe will be lucky ;)
>> 
>> Anyone have idea how approach and fix this?
>> 
>> Sami
>> 
>> בתאריך יום ג׳, 22 בפבר׳ 2022, 23:30, מאת Sami Halabi ‏<sodynet1@gmail.com <mailto:sodynet1@gmail.com>>:
>> Hi all,
>> sorry for the cross post but I need help and I'm not sure where it hangs.
>> 
>> I create linux jail (debian bullseye) via cbsd.
>> the jail is being populated with the debian userland..
>> so far so good... services running (sshd) and I can login to the jail, I also can update packages and I can install apache httpd and all works fine (apt install or make from src).
>> I also manage to install packages even if their scripts depend on "ip" command that fails:
>> cbsd@j2> ip
>> Cannot open netlink socket: Address family not supported by protocol
>> 
>> ifconfig show empty interfaces:
>> cbsd@j2> ifconfig
>> eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
>>         ether 00:50:56:0a:b3:a0  (Ethernet)
>>         RX packets 139798314  bytes 12029597009 (11.2 GiB)
>>         RX errors 0  dropped 0  overruns 0  frame 0
>>         TX packets 26879143  bytes 34400160833 (32.0 GiB)
>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>> 
>> lo0: flags=4169<UP,LOOPBACK,RUNNING,MULTICAST>  mtu 16384
>>         loop  (Local Loopback)
>>         RX packets 28548  bytes 160312960 (152.8 MiB)
>>         RX errors 0  dropped 0  overruns 0  frame 0
>>         TX packets 28548  bytes 160312960 (152.8 MiB)
>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>> 
>> I know linux emulation doesn't implement netlink.. so what I do is fake the response by replacing /bin/ip by a bash script that prints the correct IP and fakes some other (needed by packages i Installed):
>> #!/bin/bash
>> if [ "$1" = "-o" ]; then
>> echo "1: eth0 inet 192.168.1.2/24 <http://192.168.1.2/24> brd 192.168.1.255 scope global eth0"
>> elif [ "$1" = "route" ]; then
>>         if [ "$2" = "get" ]; then
>>                 echo "8.8.8.8 via  192.168.1.2   dev eth0  src  192.168.1.2  "
>>         else
>>                 echo "default via  192.168.1.2   dev eth0"
>>         fi
>> else
>> echo "1: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000"
>> echo "  inet  192.168.1.2  /24 brd  192.168.1.255 scope global eth0"
>> 
>> 
>> still ifconfig shows no IP... its time to say it a regular jail and *NOT* VNET.
>> 
>> *however* package that pull ips via libraries fail..
>> eg: installed bind916 (name) in the logs I see these errors (relevant only):
>> cbsd@j2> service named start
>> Starting domain name service...: namednamed: prctl(PR_SET_DUMPABLE) failed: Invalid argument
>> cbsd@j2>
>> 
>> 
>> log file shows:
>> 22-Feb-2022 23:11:58.705 general: notice: BIND 9 is maintained by Internet Systems Consortium,
>> 22-Feb-2022 23:11:58.705 general: notice: Inc. (ISC), a non-profit 501(c)(3) public-benefit
>> 22-Feb-2022 23:11:58.705 general: notice: corporation.  Support and training for BIND 9 are
>> 22-Feb-2022 23:11:58.705 general: notice: available at https://www.isc.org/support <https://www.isc.org/support>
>> 22-Feb-2022 23:11:58.705 general: notice: ----------------------------------------------------
>> 22-Feb-2022 23:11:58.705 general: info: found 6 CPUs, using 6 worker threads
>> 22-Feb-2022 23:11:58.705 general: info: using 6 UDP listeners per interface
>> 22-Feb-2022 23:11:58.705 general: info: using up to 21000 sockets
>> 22-Feb-2022 23:11:58.715 general: info: loading configuration from '/etc/bind/named.conf'
>> 22-Feb-2022 23:11:58.715 general: info: reading built-in trust anchors from file '/etc/bind/bind.keys'
>> 22-Feb-2022 23:11:58.715 general: info: looking for GeoIP2 databases in '/usr/share/GeoIP'
>> 22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv4 port range: [1024, 65535]
>> 22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv6 port range: [1024, 65535]
>> 22-Feb-2022 23:11:58.715 network: info: no IPv6 interfaces found
>> 22-Feb-2022 23:11:58.715 general: error: ifiter_getifaddrs.c:79: unexpected error:
>> 22-Feb-2022 23:11:58.715 general: error: getting interface addresses: getifaddrs: Address family not supported by protocol
>> 22-Feb-2022 23:11:58.715 network: warning: not listening on any interfaces
>> *snip*
>> *snip*
>> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
>> 22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) failed: Protocol not available
>> 22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel 127.0.0.1#953: permission denied
>> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
>> 22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) failed: Protocol not available
>> 22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel 127.0.0.1#953: permission denied
>> 22-Feb-2022 23:11:58.735 zoneload: info: managed-keys-zone: loaded serial 24
>> 22-Feb-2022 23:11:58.735 zoneload: info: zone 0.in-addr.arpa/IN: loaded serial 1
>> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
>> 22-Feb-2022 23:11:58.735 general: error: setsockopt(512, IP_RECVTOS) failed: Protocol not available
>> 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:
>> 22-Feb-2022 23:11:58.735 general: error: setsockopt(513, IP_RECVTOS) failed: Protocol not available
>> 22-Feb-2022 23:11:58.745 zoneload: info: zone 255.in-addr.arpa/IN: loaded serial 1
>> 22-Feb-2022 23:11:58.745 zoneload: info: zone j1.royalshells.com/IN <http://j1.royalshells.com/IN>: loaded serial 2022022106
>> 22-Feb-2022 23:11:58.745 notify: info: zone j1.royalshells.com/IN <http://j1.royalshells.com/IN>: sending notifies (serial 2022022106)
>> 22-Feb-2022 23:11:58.745 general: error: socket.c:2405: unexpected error:
>> 22-Feb-2022 23:11:58.745 general: error: setsockopt(514, IP_RECVTOS) failed: Protocol not available
>> 22-Feb-2022 23:11:58.745 zoneload: info: zone localhost/IN: loaded serial 2
>> 22-Feb-2022 23:11:58.745 general: error: socket.c:2405: unexpected error:
>> 22-Feb-2022 23:11:58.745 general: error: setsockopt(515, IP_RECVTOS) failed: Protocol not available
>> 22-Feb-2022 23:11:58.745 zoneload: info: zone 127.in-addr.arpa/IN: loaded serial 1
>> 22-Feb-2022 23:11:58.745 general: notice: all zones loaded
>> 22-Feb-2022 23:11:58.745 general: notice: running
>> 22-Feb-2022 23:11:58.795 general: error: socket.c:2405: unexpected error:
>> 22-Feb-2022 23:11:58.795 general: error: setsockopt(50, IP_RECVTOS) failed: Protocol not available
>> 22-Feb-2022 23:12:58.811 general: error: ifiter_getifaddrs.c:79: unexpected error:
>> 22-Feb-2022 23:12:58.811 general: error: getting interface addresses: getifaddrs: Address family not supported by protocol
>> 22-Feb-2022 23:12:58.811 network: warning: not listening on any interfaces
>> 
>> Any Idea how to fix this??
>> 
>> cbsd@j2> named -V
>> BIND 9.16.22-Debian (Extended Support Version) <id:59bfaba>
>> running on Linux x86_64 3.2.0 FreeBSD 12.3-RELEASE-p1 GENERIC
>> 
>> installing newer versions 
>> 
>> I have also problems with dovecot mail package.. but will leave it for now
>> 
>> Thanks in advance,
>> Sami
>> 
>