Bug 243193 - ipv6_cpe_wanif not honored by /etc/rc.d/netoptions when run in VNET jail
Summary: ipv6_cpe_wanif not honored by /etc/rc.d/netoptions when run in VNET jail
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: conf (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: Bjoern A. Zeeb
URL: https://lists.freebsd.org/pipermail/f...
Keywords: patch, vimage
Depends on:
Blocks:
 
Reported: 2020-01-08 17:05 UTC by punkt.de Hosting Team
Modified: 2020-01-28 18:11 UTC (History)
1 user (show)

See Also:
bz: mfc-stable12+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description punkt.de Hosting Team 2020-01-08 17:05:09 UTC
This config variable was introduced to allow a host that is configured as an IPv6 gateway to receive uplink address and default GW via SLAAC nonetheless.
Works as designed except when run in a jail.
Common scenario here is an OpenVPN gateway in a jail with VNET.

Cause:

# KEYWORD: nojail

in /etc/rc.d/netoptions

Proposed fix:


--- netoptions.orig	2020-01-08 18:03:02.870698092 +0100
+++ netoptions	2020-01-08 17:49:38.039483490 +0100
@@ -6,7 +6,7 @@
 # PROVIDE: netoptions
 # REQUIRE: FILESYSTEMS
 # BEFORE: netif
-# KEYWORD: nojail
+# KEYWORD: nojailvnet
 
 . /etc/rc.subr
 . /etc/network.subr


Kind regards,
Patrick
Comment 1 Bjoern A. Zeeb freebsd_committer 2020-01-08 17:13:10 UTC
Whoever looks at this should check that all the sysctls from netoptions are virtualised.
Comment 2 Bjoern A. Zeeb freebsd_committer 2020-01-08 17:13:34 UTC
I guess I could just go ahead and do that quickly ...
Comment 3 Bjoern A. Zeeb freebsd_committer 2020-01-08 17:22:06 UTC
OK, here's what I could quickly see (if not missed something); not too bad but some minor work to do before switching the startup script...

INET:

tcp_log_in_vain TODO
udp_log_in_vain TODO
rfc1323 OK
tcp_always_keepalive TODO
drop_synfin OK
portrange.first OK
portrange.last OK

INET6:

v6only OK
use_tempaddr OK
prefer_tempaddr OK
no_radr OK
rfc6204w3 OK
Comment 4 commit-hook freebsd_committer 2020-01-08 23:30:50 UTC
A commit references this bug:

Author: bz
Date: Wed Jan  8 23:30:29 UTC 2020
New revision: 356527
URL: https://svnweb.freebsd.org/changeset/base/356527

Log:
  vnet: virtualise more network stack sysctls.

  Virtualise tcp_always_keepalive, TCP and UDP log_in_vain.  All three are
  set in the netoptions startup script, which we would love to run for VNETs
  as well [1].

  While virtualising the log_in_vain sysctls seems pointles at first for as
  long as the kernel message buffer is not virtualised, it at least allows
  an administrator to debug the base system or an individual jail if needed
  without turning the logging on for all jails running on a system.

  PR:		243193 [1]
  MFC after:	2 weeks

Changes:
  head/sys/dev/cxgbe/tom/t4_tom.c
  head/sys/netinet/tcp_input.c
  head/sys/netinet/tcp_stacks/bbr.c
  head/sys/netinet/tcp_stacks/rack.c
  head/sys/netinet/tcp_subr.c
  head/sys/netinet/tcp_timer.c
  head/sys/netinet/tcp_timer.h
  head/sys/netinet/tcp_var.h
  head/sys/netinet/udp_usrreq.c
  head/sys/netinet/udp_var.h
  head/sys/netinet6/udp6_usrreq.c
Comment 5 commit-hook freebsd_committer 2020-01-08 23:35:52 UTC
A commit references this bug:

Author: bz
Date: Wed Jan  8 23:34:50 UTC 2020
New revision: 356528
URL: https://svnweb.freebsd.org/changeset/base/356528

Log:
  Run netoptions startup script in vnet jails.

  People use rc.conf inside vnet jails to configure networking setups.
  Presumably because some sysctl were not virtualised up until r356527 the
  script was not run for vnet jails leaving the rc.conf options without
  effect for non-obvious reasons.  Run the netoptions startup script also
  for VNET jails now to make the rc.conf options work.

  PR:		243193
  MFC after:	2 weeks

Changes:
  head/libexec/rc/rc.d/netoptions
Comment 6 commit-hook freebsd_committer 2020-01-28 18:09:14 UTC
A commit references this bug:

Author: bz
Date: Tue Jan 28 18:08:55 UTC 2020
New revision: 357210
URL: https://svnweb.freebsd.org/changeset/base/357210

Log:
  MFC r356527-356528:

    vnet: virtualise more network stack sysctls.

    Virtualise tcp_always_keepalive, TCP and UDP log_in_vain.  All three are
    set in the netoptions startup script, which we would love to run for VNETs
    as well.

    While virtualising the log_in_vain sysctls seems pointles at first for as
    long as the kernel message buffer is not virtualised, it at least allows
    an administrator to debug the base system or an individual jail if needed
    without turning the logging on for all jails running on a system.

    Run netoptions startup script in vnet jails.

    People use rc.conf inside vnet jails to configure networking setups.
    Presumably because some sysctl were not virtualised up until r356527 the
    script was not run for vnet jails leaving the rc.conf options without
    effect for non-obvious reasons.  Run the netoptions startup script also
    for VNET jails now to make the rc.conf options work.

  PR:		243193

Changes:
_U  stable/12/
  stable/12/libexec/rc/rc.d/netoptions
  stable/12/sys/dev/cxgbe/tom/t4_tom.c
  stable/12/sys/netinet/tcp_input.c
  stable/12/sys/netinet/tcp_stacks/rack.c
  stable/12/sys/netinet/tcp_subr.c
  stable/12/sys/netinet/tcp_timer.c
  stable/12/sys/netinet/tcp_timer.h
  stable/12/sys/netinet/tcp_var.h
  stable/12/sys/netinet/udp_usrreq.c
  stable/12/sys/netinet/udp_var.h
  stable/12/sys/netinet6/udp6_usrreq.c
Comment 7 Bjoern A. Zeeb freebsd_committer 2020-01-28 18:11:58 UTC
Fixed in 12 and will be part of the next release.

stable/11 has a lot of merge conflicts and different code and VIMAGE was experimental there.   I can do that merge;  if really needed please re-open the PR and leave a comment.