Bug 243193 - ipv6_cpe_wanif not honored by /etc/rc.d/netoptions when run in VNET jail
Summary: ipv6_cpe_wanif not honored by /etc/rc.d/netoptions when run in VNET jail
Status: In Progress
Alias: None
Product: Base System
Classification: Unclassified
Component: conf (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: Bjoern A. Zeeb
URL: https://lists.freebsd.org/pipermail/f...
Keywords: patch, vimage
Depends on:
Blocks:
 
Reported: 2020-01-08 17:05 UTC by punkt.de Hosting Team
Modified: 2020-01-08 23:37 UTC (History)
1 user (show)

See Also:
bz: mfc-stable12?
bz: mfc-stable11?


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description punkt.de Hosting Team 2020-01-08 17:05:09 UTC
This config variable was introduced to allow a host that is configured as an IPv6 gateway to receive uplink address and default GW via SLAAC nonetheless.
Works as designed except when run in a jail.
Common scenario here is an OpenVPN gateway in a jail with VNET.

Cause:

# KEYWORD: nojail

in /etc/rc.d/netoptions

Proposed fix:


--- netoptions.orig	2020-01-08 18:03:02.870698092 +0100
+++ netoptions	2020-01-08 17:49:38.039483490 +0100
@@ -6,7 +6,7 @@
 # PROVIDE: netoptions
 # REQUIRE: FILESYSTEMS
 # BEFORE: netif
-# KEYWORD: nojail
+# KEYWORD: nojailvnet
 
 . /etc/rc.subr
 . /etc/network.subr


Kind regards,
Patrick
Comment 1 Bjoern A. Zeeb freebsd_committer 2020-01-08 17:13:10 UTC
Whoever looks at this should check that all the sysctls from netoptions are virtualised.
Comment 2 Bjoern A. Zeeb freebsd_committer 2020-01-08 17:13:34 UTC
I guess I could just go ahead and do that quickly ...
Comment 3 Bjoern A. Zeeb freebsd_committer 2020-01-08 17:22:06 UTC
OK, here's what I could quickly see (if not missed something); not too bad but some minor work to do before switching the startup script...

INET:

tcp_log_in_vain TODO
udp_log_in_vain TODO
rfc1323 OK
tcp_always_keepalive TODO
drop_synfin OK
portrange.first OK
portrange.last OK

INET6:

v6only OK
use_tempaddr OK
prefer_tempaddr OK
no_radr OK
rfc6204w3 OK
Comment 4 commit-hook freebsd_committer 2020-01-08 23:30:50 UTC
A commit references this bug:

Author: bz
Date: Wed Jan  8 23:30:29 UTC 2020
New revision: 356527
URL: https://svnweb.freebsd.org/changeset/base/356527

Log:
  vnet: virtualise more network stack sysctls.

  Virtualise tcp_always_keepalive, TCP and UDP log_in_vain.  All three are
  set in the netoptions startup script, which we would love to run for VNETs
  as well [1].

  While virtualising the log_in_vain sysctls seems pointles at first for as
  long as the kernel message buffer is not virtualised, it at least allows
  an administrator to debug the base system or an individual jail if needed
  without turning the logging on for all jails running on a system.

  PR:		243193 [1]
  MFC after:	2 weeks

Changes:
  head/sys/dev/cxgbe/tom/t4_tom.c
  head/sys/netinet/tcp_input.c
  head/sys/netinet/tcp_stacks/bbr.c
  head/sys/netinet/tcp_stacks/rack.c
  head/sys/netinet/tcp_subr.c
  head/sys/netinet/tcp_timer.c
  head/sys/netinet/tcp_timer.h
  head/sys/netinet/tcp_var.h
  head/sys/netinet/udp_usrreq.c
  head/sys/netinet/udp_var.h
  head/sys/netinet6/udp6_usrreq.c
Comment 5 commit-hook freebsd_committer 2020-01-08 23:35:52 UTC
A commit references this bug:

Author: bz
Date: Wed Jan  8 23:34:50 UTC 2020
New revision: 356528
URL: https://svnweb.freebsd.org/changeset/base/356528

Log:
  Run netoptions startup script in vnet jails.

  People use rc.conf inside vnet jails to configure networking setups.
  Presumably because some sysctl were not virtualised up until r356527 the
  script was not run for vnet jails leaving the rc.conf options without
  effect for non-obvious reasons.  Run the netoptions startup script also
  for VNET jails now to make the rc.conf options work.

  PR:		243193
  MFC after:	2 weeks

Changes:
  head/libexec/rc/rc.d/netoptions