Re: RUNNING flag remains unset upon reinserting a gre into VNET jail

Sat, 09 May 2020 08:32:17 -0700 

On 2020/05/07 03:27, Andrey V. Elsukov wrote:
> On 06.05.2020 10:00, Andrey V. Elsukov wrote:
>>> # create a gre outside the jail, configure its tunnel endpoints
>>>
>>> ifconfig gre0 create tunnel 10.1.1.1 10.2.2.2
>>> ifconfig gre0  # not RUNNING (OK)
>>>
>>> # place the gre into the jail, it should be running now
>>>
>>> ifconfig gre0 vnet demo
>>> jexec demo ifconfig gre0  # not RUNNING (not OK)
>>
>> Hi,
>>
>> I'm not an advanced jail user, so this is my conclusion from a quick
>> code look. It looks to me that all IPv4/IPv6 addresses should be purged
>> from the interface that was moved from one vnet to another. The fact
>> that tunnel's config still here is due to it is stored in the private
>> interface's softc. Thus when you move ifnet from one vnet to another,
>> ifaddr_event_ext is not handled properly and interface doesn't change
>> its state.
>>
>> If my conclusion is correct, I see two ways to fix this:
>>   1. Add if_reassign() method to all tunneling interfaces and clear
>> tunnel config when ifnet is moved to new jail. This will force you
>> reconfigure interface after moving. Probably this is POLA violation.
> 
> Hi,
> 
> I think this patch should help:
>       https://people.freebsd.org/~ae/gre.diff
> 
> It is untested, if you have time please, test and report back.
> The patch will clear tunnel config after moving from one vnet to
> another. Thus you need to reconfigure all addresses.

Looks good.

root@freebsd:~ # uname -a
FreeBSD freebsd 13.0-CURRENT FreeBSD 13.0-CURRENT #1 r360848M: Sat May
9 15:23:00 UTC 2020
root@freebsd:/usr/obj/usr/src/amd64.amd64/sys/GENERIC  amd64
root@freebsd:~ # jail -c name=demo vnet persist
root@freebsd:~ # ifconfig ena1 vnet demo
root@freebsd:~ # ifconfig gre0 create tunnel 10.1.1.1 10.2.2.2
root@freebsd:~ # ifconfig gre0 vnet demo
root@freebsd:~ # jexec demo ifconfig gre0
gre0: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1476
        options=80000<LINKSTATE>
        groups: gre
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
root@freebsd:~ # jexec demo ifconfig gre0 tunnel 10.1.1.1 10.2.2.2
root@freebsd:~ # jexec demo ifconfig ena1 inet 10.1.1.1
root@freebsd:~ # jexec demo ifconfig gre0
gre0: flags=8050<POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1476
        options=80000<LINKSTATE>
        tunnel inet 10.1.1.1 --> 10.2.2.2
        groups: gre
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
root@freebsd:~ # ifconfig gre0 -vnet demo
root@freebsd:~ # ifconfig gre0
gre0: flags=8011<UP,POINTOPOINT,MULTICAST> metric 0 mtu 1476
        options=80000<LINKSTATE>
        inet6 fe80::1427:e888:767c:dce1%gre0 prefixlen 64 tentative scopeid 0x2
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

-- 
John W. O'Brien
OpenPGP keys:
    0x33C4D64B895DBF3B

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to