netstat -rn in jail doesn't work

Grzegorz Junka list1 at gjunka.com
Wed May 18 18:38:50 UTC 2016 

OK, thanks, so it looks like it doesn't prevent the jail from working 
correctly, it's just the reporting that's broken.

Grzegorz


On 18/05/2016 18:28, Miroslav Lachman wrote:
> Grzegorz Junka wrote on 05/18/2016 18:37:
>> What may be the reason that netstat -rn works in one jail and doesn't in
>> another?
>>
>> root at app2:/ # netstat -rn
>> Routing tables
>>
>> Internet:
>> Destination        Gateway            Flags      Netif Expire
>> 192.168.1.76       link#4             UHS         lo0
>>
>>
>> root at pjp1:/ # netstat -rn
>> netstat: kvm not available: /dev/mem: No such file or directory
>> Routing tables
>> rt_tables: symbol not in namelist
>
> I don't know the reason but I can confirm this behavior. I know about 
> this for a long time. Netstat complains about /dev/mem for some other 
> params too even if it outputs correct values for example for opened 
> tcp connections:
>
> /# netstat -s -p tcp
> netstat: kvm not available: /dev/mem: No such file or directory
> tcp:
>         1517892073 packets sent
>                 1453939900 data packets (2274781047202 bytes)
>                 759536 data packets (929141944 bytes) retransmitted
>                 59175 data packets unnecessarily retransmitted
>                 0 resends initiated by MTU discovery
>                 51907865 ack-only packets (26667901 delayed)
>                 0 URG only packets
>                 267 window probe packets
>                 795506 window update packets
>                 10493883 control packets
>         1487401217 packets received
>                 1417951529 acks (for 2273802396874 bytes)
>                 7502860 duplicate acks
>                 38600 acks for unsent data
>                 1368386110 packets (2153255668968 bytes) received 
> in-sequence
>                 222423 completely duplicate packets (39239815 bytes)
>                 11980 old duplicate packets
>                 221 packets with some dup. data (94160 bytes duped)
>                 35171 out-of-order packets (15770219 bytes)
>                 21 packets (11 bytes) of data after window
>                 11 window probes
>                 1863690 window update packets
>                 1642030 packets received after close
>                 281 discarded for bad checksums
>                 0 discarded for bad header offset fields
>                 0 discarded because packet too short
>                 87 discarded due to memory problems
>         2448384 connection requests
>         7800552 connection accepts
>         0 bad connection attempts
>         109 listen queue overflows
>         339306 ignored RSTs in the windows
>         10221160 connections established (including accepts)
>         10554092 connections closed (including 1990441 drops)
>                 5674590 connections updated cached RTT on close
>                 5677848 connections updated cached RTT variance on close
>                 1583021 connections updated cached ssthresh on close
>         10125 embryonic connections dropped
>         1405786035 segments updated rtt (of 1374995187 attempts)
>         404689 retransmit timeouts
>                 1681 connections dropped by rexmit timeout
>         608 persist timeouts
>                 0 connections dropped by persist timeout
>         0 Connections (fin_wait_2) dropped because of timeout
>         12388 keepalive timeouts
>                 11896 keepalive probes sent
>                 492 connections dropped by keepalive
>         38184853 correct ACK header predictions
>         46419366 correct data packet header predictions
>         7826351 syncache entries added
>                 45759 retransmitted
>                 55797 dupsyn
>                 84 dropped
>                 7800552 completed
>                 40 bucket overflow
>                 0 cache overflow
>                 19220 reset
>                 7941 stale
>                 109 aborted
>                 0 badack
>                 230 unreach
>                 0 zone failures
>         7826435 cookies sent
>         1784 cookies received
>         212203 hostcache entries added
>                 28 bucket overflow
>         104273 SACK recovery episodes
>         242234 segment rexmits in SACK recovery episodes
>         303575028 byte rexmits in SACK recovery episodes
>         1538523 SACK options (SACK blocks) received
>         12421 SACK options (SACK blocks) sent
>         114 SACK scoreboard overflow
>         0 packets with ECN CE bit set
>         0 packets with ECN ECT(0) bit set
>         0 packets with ECN ECT(1) bit set
>         0 successful ECN handshakes
>         0 times ECN reduced the congestion window
>         0 packets with valid tcp-md5 signature received
>         0 packets with invalid tcp-md5 signature received
>         0 packets with tcp-md5 signature mismatch
>         0 packets with unexpected tcp-md5 signature received
>         0 packets without expected tcp-md5 signature received
>
>
> I tried netstat -rn in all 8 jails on our test machine. 4 of them 
> works, the other 4 don't work.
>
> netstat -rn doesn't work in those jail which are older than host 
> environment
>
> netstat -s -p tcp prints error message even in the newest jails:
> netstat: kvm not available: /dev/mem: No such file or directory
>
>
> Miroslav Lachman
>

More information about the freebsd-jail mailing list