1109635222 Q * erwan_ho Remote host closed the connection
1109635230 M * johnny wonder if that will ever be merged into mainline..
1109635241 M * Bertl no I guess not ... why?
1109635266 M * johnny just wondering
1109635394 Q * monrad Quit: Leaving
1109635447 M * Doener_ http://doener.homeip.net/doener/vserver/proc_vid_info_read.diff
1109635471 M * Doener_ oops, 2 stale swp files..
1109635490 M * Bertl johnny: http://www.sw-soft.com/en/news/press/id,506
1109635527 M * Doener_ fixed it, reload
1109635580 M * Bertl did you compile to spot the end or just look at the code (just curious)?
1109635595 M * Doener_ hm?
1109635603 M * Bertl -ssize_t end;
1109635637 M * Bertl does it work, and where is the according fix for nid? ;)
1109635638 M * Doener_ just looking, actually my box is not fast enough to have it compiled yet ;)
1109635663 M * Bertl not bad then!
1109635842 M * Bertl okay daniel_hozac: could you try that patch and see if it solves your compile issues (guess it should do)
1109635905 M * Doener_ Bertl: no, copy_to_user for nid, we're using sprintf there
1109635953 M * Bertl hmm, seems I didn't care enough for it ;)
1109635957 M * Bertl well, fine then ...
1109636061 M * Bertl okay, it's compiling here so let's move to ngnet then
1109636151 M * Bertl IMHO if the ssh issue is a bug, then it can only be caused by a socket getting a wrong xid (at some point)
1109636158 M * Bertl do you agree with that?
1109636246 M * Doener_ not sure... actually the debug output confused me, somewhere i completely lost track of the packets making their way through the kernel
1109636280 M * Bertl okay, but what we observe is that the tcp connection is suddenly cutted off, right?
1109636314 M * Bertl basically at the moment the process enters the context, the packets stop traveling back and forth ...
1109636424 M * daniel_hozac yep, that patch fixes the warning.
1109636446 M * Bertl any warnings which might be vserver related left?
1109636460 M * Bertl and thanks a lot for testing!
1109636511 M * daniel_hozac nope, no more warnings from vserver code.
1109636533 M * Bertl thanks! please let us know if anything (re)appears ...
1109636581 M * Doener_ http://doener.homeip.net/doener/vserver/diff-2.6.11-rc5-vs1.9.4.9-ng9.0.diff
1109636591 M * Doener_ just adapted
1109636598 M * Bertl k, thanks!
1109636924 M * Bertl http://vserver.13thfloor.at/Experimental/NGNET/ssh_issue.txt
1109636941 M * Bertl bash-2.05# /usr/sbin/vcontext --create --xid 100 -- true (via ssh)
1109636955 M * Bertl New security context is 100
1109636955 M * Bertl Read from remote host 10.0.0.2: Connection reset by peer
1109636955 M * Bertl Connection to 10.0.0.2 closed.
1109636988 M * Bertl the [#<num>] always means a context id
1109637101 M * Bertl okay, reload
1109637122 M * Bertl at point A we switch into the new context
1109637166 M * Bertl (the client got 'New security context is 100' returned just with the previous xmit ...)
1109637209 M * Bertl now we see a netif_receive_skb() on a socket with xid=100
1109637238 M * Bertl but wait .. that same socket was used for the xmit before ...
1109637245 M * Bertl vxD: ip_queue_xmit(83f95c00[#0])
1109637258 M * Bertl vxD: netif_receive_skb(83f95c00[#100])
1109637318 M * Bertl so the question is why has that receive socket xid=100?
1109637326 M * Doener_ yep, and i'm lost somewhere in between
1109637343 M * Bertl well, it's not the socket, it's the skb actually
1109637358 M * Bertl "netif_receive_skb(%p[#%u])", skb, skb->nfxid
1109637392 M * Bertl now let's see where the skb could get that nfxid from
1109637436 M * Bertl alloc_skb()
1109637444 M * Bertl skb->nfxid = vx_current_xid();
1109637490 M * Bertl so that is what I meant before, when I said that some socket (or skb in this case) gets the nfxid from the current context
1109637507 Q * erwan_taf Read error: Operation timed out
1109637520 M * jd86 heh Bertl i was just doing some mke2fs and i see what you were talking about with the reservation: 13778944 inodes, 27557499 blocks
1109637521 M * jd86 1377874 blocks (5.00%) reserved for the super user
1109637521 J * erwan_taf ~erwan@81.80.43.68
1109637545 M * Bertl jd86: good ;)
1109637575 M * Bertl so another step into shakespeare ;)
1109637596 M * jd86 :-D
1109637618 M * Doener_ hm, maybe we should change the check above the line, to use -1 instead of 0 as a 'marker'? since we overwrite xid0 packets this way...
1109637643 M * Doener_ i.e. no sk then vx_current_xid (skxid=-1), skxid otherwise
1109637643 M * Bertl jd86: »what's in a name? would that what we call rose, by any other name, not smell as sweet?«
1109637692 M * Bertl in vx_tag_output_skb() ?
1109637700 M * Doener_ yeah
1109637711 M * Bertl yeah, we can try that ...
1109637746 M * Doener_ building...
1109637773 M * Doener_ hm, bad idea to use -1 with unsigned vars...
1109637791 M * Bertl well, actually I guess you want to do:
1109637801 M * Bertl skb->nfxid = -1 in the else branch
1109637808 M * Bertl (and there it is fine)
1109637820 M * Doener_ hm... no...
1109637825 M * Bertl or did I misunderstand you?
1109637839 M * Doener_ we currently use skxid = 0 to say 'we don't have a sk'
1109637861 M * Bertl ah, right!
1109637871 M * Doener_ but even if we have a sk but with nfxid=0, we end up that way
1109637879 M * Bertl correct!
1109637884 M * Doener_ s/nfxid/sk_xid(
1109637888 M * Bertl which is totally wrong of course!
1109637900 M * Bertl okay let's take ~0 then
1109637940 M * Bertl and make the check based on sk (instead of skxid)
1109637976 M * Bertl         nfxid_t skxid = sk?sk->sk_xid:~0;
1109637976 M * Bertl         skb->nfvnet = VNET_UNTAGGED;
1109637976 M * Bertl         if (sk)
1109637976 M * Bertl                 skb->nfxid = skxid;
1109637976 M * Bertl         else
1109637978 M * Bertl                 skb->nfxid = vx_current_xid();
1109637984 M * Doener_ hm, nfxid_t is __u16, no values left
1109638002 M * Bertl look at VNET_UNTAGGED and friends
1109638009 M * Bertl they are reserved anyway ...
1109638036 M * Doener_ hmm, we can drop skxid now, right? we'd never use ~0
1109638067 M * Doener_ 	if (sk)
1109638067 M * Doener_ 		skb->nfxid = sk->sk_xid;
1109638067 M * Doener_ 	else
1109638068 M * Doener_ 		skb->nfxid = vx_current_xid();
1109638071 M * Bertl hmm, right ...
1109638110 M * Bertl but the compiler should optimize that away I guess
1109638114 M * Doener_ skb->nfxid = sk ? sk->sk_xid : vx_current_xid();
1109638135 M * Bertl and it looks a little more readable atm (at least to me)
1109638168 M * Bertl a what the heck, let's make it an expression as you suggested
1109638202 M * Doener_ ok, testing
1109638410 M * Doener_ still losing connection
1109638426 M * Bertl still compiling here ;)
1109638535 M * Bertl actually no idea why it is recompiling everything ...
1109638554 M * Doener_ hm, didn't do that over here
1109638581 M * Bertl yes, sometimes the kernel build gets confused ...
1109638611 M * Bertl not really often but sometimes ...
1109638637 M * Bertl but xfs is evis in this regard ...
1109638651 M * johnny how did you get into kernel hackin then Bertl ?
1109638662 M * Bertl they _insist_ on compiling the build date into each file ...
1109638678 M * Bertl johnny: hmm?
1109638696 M * Bertl how I started?
1109638701 M * johnny yah..
1109638733 M * Bertl well, AFAICR, it was some driver which just didn't want to compile ...
1109638742 M * jd86 Bertl: i was just reading what you said, and i was so confused till i realized what you were saying :)
1109638773 M * Bertl jd86: so everything is now clear? ;)
1109638798 M * jd86 Bertl: you sound like a cell phone commerical now :)
1109638832 M * Bertl johnny: and I was searching for a better driver here and there and after some time, I said to myself, better fix it yourself, after all you studied CS ;)
1109638928 M * Bertl Doener_: I actually suspect the alloc more than the propagate
1109638937 M * Bertl (which is probably not called in this case)
1109639008 M * Bertl netif_receive_skb is called
1109639025 M * Bertl (the ngnet version)
1109639043 M * Doener_ hmm...
1109639047 M * Bertl the skb comes from the interface card
1109639064 M * Doener_ qdeb:~# chcontext true
1109639065 M * Doener_ New security context is 49154
1109639065 M * Doener_ Read from remote host 10.0.0.2: Connection reset by peer
1109639079 M * Doener_ the previous two did not kill the connection
1109639094 M * Bertl it's probably a timing critical issue
1109639110 M * Bertl nevertheless I'd like to fix the issue itself ;)
1109639151 M * Bertl what I don't see atm is where the skb gets the (100) tagging
1109639197 M * Bertl but I bet if you change the alloc_skb() to use xid=~0 then this will show up there
1109639256 M * Bertl ah, compile finished, testing now ...
1109639398 M * Bertl vxD: netif_receive_skb(810f4ba0[#65535])
1109639398 M * Bertl vxD: netif_receive_skb(810f4ba0[#65535]) = 1
1109639400 M * jd86 TEH SNOW. ITS TEH SNOWING!!!
1109639506 M * Doener_ i always had those IIRC
1109639508 M * Bertl Doener_: so imho it's wrong to tag the skb before anything is clear or has been decided by the rules
1109639683 M * Bertl btw, got that one: http://vserver.13thfloor.at/Experimental/NGNET/oops_01.txt
1109639945 M * Bertl I'd say netif_receive_skb() should change the xid (of the skb) to the device's xid, what do you think?
1109640057 M * Bertl maybe not unconditional, but based on a default value like ~0
1109640068 M * Bertl something like:
1109640103 M * Doener_ sounds reasonable
1109640107 M * Bertl         if (skb->nfxid == ~0)
1109640107 M * Bertl                 skb->nfxid = skb->dev->
1109640113 M * Bertl                 skb->nfxid = skb->dev->nfxid;
1109640139 M * Bertl right after the stamping
1109640215 M * Bertl and of course we should use some define instead of ~0
1109640346 M * Bertl + #define NFXID_UNKNOWN   ((uint16_t)~0)
1109640356 M * Bertl in include/linux/vs_ngnet.h
1109640396 M * Bertl skb->nfxid = NFXID_UNKNOWN;
1109640408 M * Bertl (in net/core/skbuff.c, alloc_skb())
1109640593 M * Bertl hmm hmm, that would pull in a lot stuff we do not really want
1109640619 M * Bertl let's do some internal include/vserver/ngnet.h instead
1109640640 M * Doener_ ok
1109640664 M * Bertl hmm, we have that already?
1109640700 M * Bertl okay, guess there it goes ...
1109640992 M * Bertl jd86: so any new questions? (while the kernel compiles)
1109641488 J * sladen paul@starsky.19inch.net
1109641498 M * Bertl welcome sladen!
1109641590 M * Bertl Doener_: works fine now ;)
1109641596 M * Doener_ great :)
1109641610 M * Bertl I'll upload a new ngnet ...
1109641629 M * Bertl can you test it a little with ssh and such?
1109641642 M * Doener_ sure
1109641755 M * Bertl http://vserver.13thfloor.at/Experimental/NGNET/delta-ng9.0-ng9.1.diff
1109641907 M * jd86 Bertl: whos kernel is compiling?
1109641915 M * Bertl mine was ;)
1109641922 M * jd86 was. key word.
1109641924 M * jd86 :-D
1109641943 M * Doener_ Bertl: where was your qemu kernel config again? i just happily rm'ed mine :/
1109641945 M * jd86 well you could tell me why i got disconnected from the dedicated server i was doing an install on
1109641971 M * Bertl http://vserver.13thfloor.at/Experimental/NGNET/config-2.6.11-rc3-vs1.9.4-rc5-ng9.0
1109641975 M * Doener_ thx
1109642000 M * Bertl jd86: hmm, maybe you got caught by the primary ip removed issue?
1109642015 M * Bertl (or isn't it vserver related at all?)
1109642049 M * johnny Bertl, so..what kernel and patchset do you use for your vservers?
1109642067 J * ntrs_ ntrs@Dardeene-68.188.50.87.charter-stl.com
1109642067 Q * ntrs__ Read error: Connection reset by peer
1109642071 M * Bertl depends, I have some with latest stable ...
1109642086 M * Bertl and the most recent one (except for testing) is .. sec
1109642177 M * Bertl vs1.9.4
1109642221 M * Bertl but it's basically a question of finding some time to update the servers ...
1109642238 M * Bertl so if I would setup a new machine today, it would probably get 1.9.4.9 ;)
1109642293 M * johnny i wonder when i should upgrade 1.9.4 
1109642311 M * Bertl upgrad or upgrade to?
1109642315 M * johnny upgrade to
1109642328 M * Doener_ if you find time to do so or the box starts to act weird :)
1109642344 M * Bertl or some security issue is revealed ;)
1109642361 M * Bertl (in which case probably 1.9.5 is the way to go .. )
1109642383 M * johnny i'm hoping to wait for ngnet
1109642399 M * johnny think it'll be done within 2 months?
1109642405 M * johnny or am i being optimistic?
1109642415 M * Bertl done as in 'stable'?
1109642430 M * johnny to be put in your 1.9x patches ?
1109642489 M * Bertl ah, well, that's something we did not consider yet ... well, that's not correct, I did consider and prepare for that ... but it will need some hacks to include in 1.9.x o(or whatever is recent then)
1109642548 M * Bertl maybe it might be better to release 2.0 at some point and leave ngnet for 2.1?  input and opinions always welcome!
1109642572 M * johnny well.. depends on when ngnet is actually feature complete..
1109642585 M * johnny or if ngnet will be merged in with most features implemented
1109642593 M * johnny and then more stuff added later
1109642632 M * Bertl yes, it really depends on the acceptance and the testing ...
1109642641 M * johnny acceptance?
1109642660 M * Bertl ngnet is not the optimal solution for any setup
1109642670 M * Bertl s/any/every/
1109642676 M * johnny hmm.. why's that?
1109642681 A * johnny doesn't know the details 
1109642703 M * Bertl the current 'shared' network stack is definitely faster than ngnet will ever be ...
1109642722 M * Bertl (at least for a small number of guests)
1109642731 M * johnny how does it compare with how it works for uml?
1109642735 M * johnny i don't know how they do such sharing
1109642763 M * Bertl UML is 100 times slower (regarding the transport overhead) than linux-vserver
1109642778 M * johnny im sure it's much slower
1109642785 M * johnny but how do they share the net interfaces?
1109642791 M * Bertl not at all
1109642802 M * Bertl the send each packet to userspace via tun/tap
1109642804 M * Doener_ kernel/vserver/context.c: In function `__create_vx_info':
1109642804 M * Doener_ kernel/vserver/context.c:372: warning: implicit declaration of function `vxh_create_vx_info'
1109642807 M * johnny aha.. tun/tap 
1109642812 M * Doener_ with 1.9.4.9
1109642832 M * Bertl hum, and I thought I added that?
1109642843 M * Bertl ah, you disabled the history ;)
1109642867 M * johnny security always leads to more overhead ..
1109642871 M * Bertl (didn't check that case yet)
1109642876 M * johnny i'm sure it's worth the cost 
1109642898 M * Bertl well, it's probably not worth the cost if you want to provide fast but isolated services ...
1109642923 M * Bertl for example somebody is thinking about building a linux-vserver based router
1109642945 M * johnny ok a better question..
1109642950 M * johnny how does freebsd handle it
1109642961 M * johnny do their jails have network ability?
1109642963 M * Bertl no idea, they have isolated network stacks?
1109642972 M * mugwump no.  jails are pretty basic
1109642987 M * mugwump but they do have ipv4 and ipv6 binding
1109643003 M * Bertl like linux-vserver, I guess ...
1109643005 M * johnny so you expose the interfaces outside the jail ?
1109643006 M * Bertl (just one ip)
1109643029 M * johnny i really have no idea how lo works internally .. so i really can't ask proper questions :(
1109643046 M * Bertl mugwump: make that, just for a single ip I guess ...
1109643055 M * Bertl johnny: that's pretty simple:
1109643079 M * Bertl lo adds the size of the packet to the counters and sends it to *receive*()
1109643102 M * Bertl i.e. it 'reflects' the packet when it would be transmitted
1109643150 M * jd86 Bertl: lol it was the server os install
1109643215 M * johnny i'm having enough trouble fixing bugs in php code to even think about kernel hacking :)
1109643303 M * Bertl so you're hacking on or with php?
1109643315 M * johnny with 
1109643322 M * johnny my C skills are not so good
1109643329 M * Bertl and do you like php?
1109643341 M * johnny yeah
1109643345 M * johnny it's generally fun
1109643358 M * johnny i prefer php5 toh
1109643359 M * johnny tho*
1109643380 M * Bertl advantage over php4?
1109643386 M * johnny nicer OO interface
1109643389 M * johnny better XML libraries
1109643395 M * johnny native sqlite support
1109643410 M * Doener_ the OO stuff in php5 is quite strange to me...
1109643410 M * Bertl so you use the OOP interfaces?
1109643419 M * daniel_hozac so basically, there are no advantages?
1109643428 M * johnny and faster too :)
1109643432 M * johnny at least on xaraya 
1109643464 M * johnny no more silly references .. all objects are referenced finally..
1109643473 M * mugwump they even fixed the insane b0rken deep-copy arguments calling convention
1109643473 A * Bertl .o( which is probably the distro everybody should use )
1109643531 M * johnny anything i do personal will be php5 OO
1109643553 M * johnny but anything for xaraya will be php4
1109643558 M * johnny which is most of the stuff i do 
1109643572 M * Bertl do they still have class/function() or was something like methods introduced?
1109643584 M * johnny functions are functions still
1109643590 M * johnny unless they are in classes
1109643597 M * johnny then .. i call them methods
1109643599 M * Bertl and what about dynamic overloading?
1109643602 M * johnny yeah
1109643609 M * johnny afaik thta is
1109643620 M * daniel_hozac "OO in PHP4 is just syntactical sugar for arrays"
1109643630 M * mugwump ssh, Bertl, don't point out php's blatant weaknesses
1109643647 M * johnny everything has a weakness :)
1109643668 M * Bertl well, it would be a weakness it shares with c++ ;)
1109643672 M * johnny i have thought about learning ruby
1109643676 M * mugwump do it!
1109643683 M * johnny i prefer it over python 
1109643684 M * johnny so far
1109643691 M * johnny and all 3 over perl
1109643720 M * Bertl smalltalk was nice ;)
1109643728 M * mugwump you'll like Haskell then
1109643734 M * johnny that's what i liked about ruby
1109643737 M * johnny it's similiar to smalltalk 
1109643746 M * johnny with perhaps a few too many perlisms
1109643752 M * johnny but not enough to make me dismiss it
1109643768 M * Bertl what about Objective C then?
1109643775 M * johnny let's just say.. i prefer interpretive languages over compiled ones
1109643785 M * johnny i don't do compiling :)
1109643788 M * mugwump shit, don't use Perl 6 then, it's both
1109643802 M * johnny don't plan on doing perl6
1109643826 M * johnny i do respect larry wall tho.. he's an interesting character
1109643842 M * mugwump np, I should have AST generators to covert code to perl 6 from subset languages
1109643842 M * johnny his quotes in various fortune files always crack me up
1109643887 M * johnny i'm working on quite a few projects for xaraya tho atm
1109643900 M * Bertl okay, I guess I'm off for today ... Doener any status yet? good? bad? don't know?
1109643902 M * johnny i stay more for the people than the php... php just happens to be the language we all have in common
1109643922 M * Doener 1.9.4.9-ng9.{0,1} does not compile for me, will check that out
1109643926 M * johnny the people are the best 
1109643935 M * Bertl because of the history?
1109643944 M * Bertl #define vxh_create_vx_info(a,v)         do { } while (0)
1109643952 M * Bertl line 320 of include/linux/vserver/debug.h
1109643963 M * Bertl (add that there)
1109643992 M * Doener no
1109643998 M * Doener_ kernel/vserver/context.c: In function `vc_ctx_migrate':
1109643999 M * Doener_ kernel/vserver/context.c:713: error: `new_vxi' undeclared (first use in this function)
1109644002 M * Doener_ kernel/vserver/context.c:713: error: (Each undeclared identifier is reported only once
1109644016 M * Doener_ compiles fine without my ng9 patch
1109644050 M * Bertl hmm, okay ... I tested with 1.9.4.7 (because I'm lazy ;)
1109644067 A * Doener used 1.9.4.8 before
1109644093 M * Bertl anyway .. off for now, thanks for your help and have fun!
1109644111 M * Doener sweet dreams
1109644112 M * Bertl night mugwump, johnny, jd86, Doener_! ...
1109644116 M * mugwump night Bertl !
1109644121 N * Bertl Bertl_zZ
1109644585 M * Doener_ i'm also done for today *yawns*
1109644589 M * Doener_ night folks!
1109644592 Q * Doener_ Quit: leaving
1109644600 N * Doener Doener_zZz
1109644831 M * jd86 night Bertl_zZ 
1109644839 M * jd86 night Doener_zZz 
1109644856 M * johnny night Bertl dude
1109645670 N * Doener_zZz Doener
1109645691 N * Doener Doener_zZz
1109646355 M * ciphernaut do hosted systems get their own loopback address?
1109646406 M * daniel_hozac no.
1109646580 M * ciphernaut is it normal for an hosted system to communicate with its parent on the parents loopback address, despite it having its ipv4 root bound to an ip address on eth0:0 ?
1109646593 M * ciphernaut sorry, loopback interface
1109646673 M * mugwump yep
1109646689 M * mugwump that's expected.  if the packets don't leave the system they travel via lo
1109646722 M * mugwump at least, there's something like that happening.  Maybe it's more a case of, if the target IP is on this system then it travels via lo
1109646757 M * mugwump this has particular relevance to writing iptables rules etc
1109647533 M * ciphernaut cheers
1109647633 M * ciphernaut when a hosted system pings loopback, which context actually replies?
1109648457 M * mugwump none.  the stack does :)
1109648472 M * mugwump of course ngnet is a different story
1109648773 J * zimdog ~zimdog@c-67-164-190-201.client.comcast.net
1109649542 Q * zimdog Quit: Leaving
1109652466 J * nox- ~nox@213.39.135.147
1109652466 Q * nox Read error: Connection reset by peer
1109652526 N * nox- nox
1109660332 Q * erwan_taf Read error: Operation timed out
1109660437 J * erwan_taf ~erwan@81.80.43.68
1109663871 J * erwan_ho ~erwan@lns-vlq-39f-81-56-133-136.adsl.proxad.net
1109664276 J * duckx ~Duck@dyn-83-157-173-109.ppp.tiscali.fr
1109664522 J * _are_ ~are@gateway-dsl.lihas.de
1109665389 Q * erwan_ho Remote host closed the connection
1109666788 J * prae ~prae@ezoffice.mandrakesoft.com
1109668741 J * rs ~rs@194.98.28.2
1109668778 Q * duckx Read error: Operation timed out
1109670568 J * virtuoso_ ~s0t0na@tranq.dorms.spbu.ru
1109670569 Q * virtuoso Ping timeout: 480 seconds
1109671337 M * alexx a short question : Linux and vserver support the "no-execute page protection" ?
1109671352 M * alexx firstly : hello all :)
1109671715 Q * stupidawy uranium.oftc.net jupiter.oftc.net
1109671715 Q * meebey uranium.oftc.net jupiter.oftc.net
1109671715 Q * SiD3WiNDR uranium.oftc.net jupiter.oftc.net
1109671715 Q * bro uranium.oftc.net jupiter.oftc.net
1109671715 Q * no_maam uranium.oftc.net jupiter.oftc.net
1109671779 J * no_maam ~erik@datenzone.de
1109671779 J * bro ~vanity@lanparty.lv
1109671779 J * SiD3WiNDR luser@bastard-operator.from-hell.be
1109671779 J * meebey meebey@meebey.net
1109671779 J * stupidawy foo@you.wish.you.were.pimp.olicio.us
1109672150 J * FEN_HIN jfoc@admin.teamshell.net
1109672184 M * FEN_HIN hi
1109672773 Q * FEN_HIN Ping timeout: 480 seconds
1109672830 J * matti matti@linux.gentoo.pl
1109676482 M * sladen Guten Bertl und others
1109677829 Q * daniel_hozac uranium.oftc.net kinetic.oftc.net
1109677829 Q * Seraph uranium.oftc.net kinetic.oftc.net
1109677829 Q * logger uranium.oftc.net kinetic.oftc.net
1109677829 Q * th uranium.oftc.net kinetic.oftc.net
1109677829 Q * mcp uranium.oftc.net kinetic.oftc.net
1109678025 J * Seraph kk@projects.verfaction.de
1109678114 J * logger ~rs@vds.pas-mal.com
1109678703 J * daniel_hozac ~daniel@h212n1fls33o829.telia.com
1109678724 J * th ~tom@pc-4092.ethz.ch
1109679831 J * DaPhreak ~DaPhreak@pc-outside.uni-greifswald.de
1109680886 Q * flock Read error: Operation timed out
1109681067 J * monrad ~monrad@213083190130.sonofon.dk
1109682133 Q * DaPhreak Quit: leaving
1109683410 J * spocki ~mk@lex.knuettel.de
1109683418 M * spocki helo
1109683485 M * spocki i have a little problem with 2.6.10 and vs1.9.3.17
1109683515 M * spocki i use the util-vserver 0.30.20
1109683543 M * spocki i cant see the /dev/pts in the vservers :-(
1109683563 M * spocki i run the vprocunhide to see the /proc
1109683586 M * spocki what i have to do to see the /dev/pts?
1109683824 M * spocki i have mouted devpts in the vservers
1109685953 M * _are_ hi spocki
1109686189 M * _are_ i remember i had a similar problem, 'fixed' it by disabling security attributes in /dev/pts filesystem, if I recall correctly
1109686495 J * mcp ~hightower@www.c-tera.de
1109688669 M * prae I have a question, when I use syslog (remote), and I use tcpdump, I see that : "15:41:56.257620 IP 10.10.11.6.514 > 127.0.0.2.514: UDP, length: 14"
1109688682 M * prae 127.0.0.2 is my "syslog -r"
1109688693 M * prae but ... my jail is 127.0.32.1
1109688716 M * prae but, in stack, we see 10.10.11.6
1109688724 M * prae I don't see why  :\
1109689190 N * BobR_oO BobR
1109689324 N * Bertl_zZ Bertl
1109689349 M * Bertl morning folks!
1109689360 M * _are_ prae: all 127.x.x.x is localhost and I guess for that reason re-routed
1109689366 M * _are_ ho Bertl
1109689423 M * prae hmmm, but 10.10.11.6 isn't my localhost, it's external's iface ipaddr 
1109689486 M * _are_ yes, it gets rewritten from 127.0.32.1 to the external interfaces adress, the target stays
1109689555 M * Bertl spocki: you do not want to see 'other' pts in /dev/pts you just want to see the pts of _your_ vserver, right?
1109689671 N * Doener_zZz Doener
1109689680 M * Doener morning!
1109689706 M * Bertl morning Doener!
1109689803 M * Doener the build problem was caused by vc_ctx_create and vc_ctx_migrate giving the same fuzz, but line number matches the latter better, while the change should have been in the former
1109689866 M * Bertl i.c. okay, so that is working now, I guess!
1109689912 M * Bertl prae: what is your vserver's ip config? (grep ipv4 /proc/self/status)
1109689931 M * prae in my vserver :
1109689933 M * prae root@mysql:/# grep ipv4 /proc/self/status
1109689933 M * prae ipv4root: 060b0a0a/00ffffff 014e007f/00ffffff
1109689933 M * prae ipv4root_bcast: ffffffff
1109689935 Q * aba Ping timeout: 480 seconds
1109689989 M * Bertl so there is no 127.0.32.1 assigned to that context, right?
1109690040 M * prae for this context, it's "78"
1109690042 M * prae lo:mysql  Lien encap:Boucle locale
1109690042 M * prae           inet adr:127.0.78.1  Masque:255.255.255.0
1109690042 M * prae           UP LOOPBACK RUNNING  MTU:16436  Metric:1
1109690052 M * prae s/Boucle locale/loopback/
1109690097 M * Bertl k, it will work in this regard if you change the order of ips (i.e. move the 127.x.x.x to the first position)
1109690112 M * prae ok, wait
1109690134 M * Bertl but, that will also mean that it will be used for all rewritten localhost addresses
1109690172 M * erwan_taf prae: your are using a netmask 255.255.255.0 on a A class network
1109690194 M * erwan_taf usually 127.x.x.x is 255.0.0.0 not 255.255.255.0
1109690236 M * prae erwan_taf: I know, but I don't want a large class for a simple jail
1109690240 M * erwan_taf k
1109690255 M * prae /etc/vservers/mysql/interfaces# ls
1109690255 M * prae 0_local  1_external  dev
1109690263 M * prae *starting mysql* ...
1109690298 M * prae Mar  1 16:14:55 127.0.78.1 logger: toto
1109690302 M * prae it's ok  :)
1109690318 M * prae 16:15:18.020411 IP 127.0.78.1.32894 > 127.0.0.2.syslog: UDP, length: 64
1109690398 M * prae Thanks Bertl :)
1109690406 M * prae (thanks _are_  ;)
1109690556 M * Doener and another compile...
1109690815 M * Doener Bertl: we miss should add dependencies for CONFIG_NGNET (is that the right name?)
1109690828 M * Doener i just tried to compile without iptables support *g*
1109690841 M * Doener s/miss/
1109690918 J * Radiance kryptonite@wrath.shellfx.net
1109691023 M * Bertl welcome Radiance!
1109691039 M * Bertl Doener: hmm, please elaborate?
1109691064 M * Doener   CC      net/core/skbuff.o
1109691064 M * Doener net/core/skbuff.c: In function `alloc_skb':
1109691064 M * Doener net/core/skbuff.c:154: error: structure has no member named `nfxid'
1109691108 M * Doener because sk_buff->nfxid is #ifdef'ed depending on CONFIG_NETFILTER. thus IMHO CONFIG_NGNET should depend on CONFIG_NETFILTER
1109691131 M * Bertl hmm, okay, no, it should 'select' it for now
1109691147 M * Bertl but that might change in the future ...
1109691155 M * Doener ok
1109691206 M * Radiance hiya all :)
1109691222 M * Bertl Doener: but feel free to add such 'selects'
1109691239 M * Bertl just make sure that all things the option depends on are selected too
1109691239 M * Radiance i was just checking the vserver site since some one on efnet #linux was needing some help etc ... So this made me curious heh
1109691251 M * Radiance Hi BertI
1109691286 M * Radiance I'm a little confused, vserver cannot be really compared with vmware right ? And to say it's a real emulator is also not true ? correct me if i'm wrong
1109691326 N * BobR BobR_oO
1109691337 J * aba ~aba@sol.turmzimmer.net
1109691343 M * Bertl Radiance: no it's more like UML but a lot faster
1109691359 M * Bertl the drawback is less isolation ...
1109691381 M * Radiance But, my first impression is that it is an advanced chroot environment or so ..hehe
1109691395 M * Bertl yes, you can see it as that ...
1109691420 M * Radiance what confuses me is that i see on the site something like "system images" and "guest images" ...
1109691428 M * Radiance so it's like vmware on that level ?
1109691430 M * Bertl improved BSD jails for filesystem, network and resources
1109691453 M * Radiance ah
1109691460 M * Bertl the system image is confusing, I agree, all are 'guest' images
1109691468 M * Bertl feel free to change the naming ;)
1109691470 M * Doener Radiance: the 'images' are just tar'ed directories
1109691500 M * Radiance ahh okay
1109691518 M * Radiance so i can install vserver on all linux distro's ?
1109691532 M * Bertl yes, it should work like that ...
1109691550 M * Bertl you need a modified kernel, so you want to replace the 'original' kernel
1109691574 M * Radiance i mean, i have a box here, running debian/woody, and to make vserver work i'll have to patch/modify the kernel, and then ... untar the system image ?
1109691620 M * Radiance which is a directory tree as you said, and where does the "guest image" fit in this scenario ?
1109691666 M * Radiance i have to apologize i just been reading for maybe 10 minutes on the site, but since i'm a little short of time i came here to just quickly understand the basic setup hehe
1109691667 M * Doener Radiance: i never actually looked at the images, but probably just different folks used different names for the same thing
1109691700 M * Bertl system image == guest image
1109691723 M * Bertl so you get a new (patched) kernel, and some tools (util-vserver)
1109691743 M * Bertl (and if you like a guest image, but the tools can create those out of repositories)
1109691824 M * Radiance ah, but with guest image i should not confuse it with a brand new OS installation like you have in vmware when you talk about guest operating system right ? heh
1109691955 M * Radiance oh i see already he
1109691968 M * Radiance thanks for the info guys :)
1109692076 M * Bertl you're welcome!
1109692109 M * Bertl and feel free to send whoever is working/struggling with linux-vserver over here
1109692932 M * Radiance yeah np hehe
1109693015 M * Doener http://doener.homeip.net/doener/vserver/diff-2.6.11-rc5-vs1.9.4.9-ng9.1.diff
1109693022 M * Doener that one actually compiles ;)
1109693132 M * _are_ http://vserver.13thfloor.at/Experimental/patch-2.6.11-rc5-vs1.9.4.9.diff is expected to compile with 2.6.11-pre5?
1109693260 M * _are_ i get:
1109693262 M * _are_ kernel/built-in.o(.text+0x1e998): In function `__create_vx_info':
1109693262 M * _are_ include/linux/err.h:27: undefined reference to `vxh_create_vx_info'
1109693302 M * _are_ might be as well because I just updated woody->sarge, so any hint where to look next is welcome. might as well be compiler version after all
1109693579 M * Bertl no, that's a missing line in the code ...
1109693649 M * Doener 03:25:46 Bertl #define vxh_create_vx_info(a,v)         do { } while (0)
1109693649 M * Doener 03:25:54 Bertl line 320 of include/linux/vserver/debug.h
1109693801 M * _are_ thanks
1109696042 N * Bertl Bertl_oO
1109696795 M * spocki Bertl_oO: yes
1109696835 M * spocki Bertl_oO: i want to start a ssh, but it doesnt work
1109696993 M * spocki _are_: how do you disable the secutity?
1109697013 M * _are_ in kernel config
1109697053 N * Bertl_oO Bertl
1109697102 M * Bertl spocki: let me read up your question ;)
1109697114 M * Bertl (and mine ;)
1109697181 M * spocki Bertl: if i start the vserver, i cant login per ssh, but the ssh is running
1109697201 M * Bertl sshd, you mean?
1109697205 M * spocki Bertl: if i enter the vserver and restart the ssh it will work
1109697212 M * spocki Bertl: yes
1109697229 M * Doener Bertl: 2.6.11-rc5-vs1.9.4.9-ng9.1 works fine here in qemu, going to do some more tests now
1109697230 M * Bertl sounds weird, kernel and tool version?
1109697233 M * spocki Bertl: i think its a tty Problem
1109697247 M * spocki 14:24 < spocki> i have a little problem with 2.6.10 and vs1.9.3.17
1109697247 M * spocki 14:24 < spocki> i use the util-vserver 0.30.20
1109697251 M * Doener but i get many of those:
1109697256 M * Doener !!! context #65535 not found ...
1109697264 M * Doener vxW: packet from #65535 on vnet 101:#10
1109697264 M * Doener vxW: packet from #65535 on vnet 100:#10
1109697284 M * Bertl yes, those need to be addressed but most likely they are arp packets
1109697316 M * Bertl ignore them for now if that is possible, or add a check to silence it for NFXID_UNKNOWN
1109697335 M * alexx hello all ... just a quick question
1109697342 M * alexx Linux and vserver support the "no-execute page protection" ?
1109697721 Q * _are_ Quit: Disconnecting
1109697819 M * Bertl alexx: IIRC recent 2.6 kernels do that .. yes
1109698120 M * Bertl spocki: so to sum this up:
1109698136 M * Bertl you start a vserver, and sshd inside doesn't work, but it has beens tarted, right?
1109698160 M * Bertl then you enter the vserver, and restart the sshd (from command line, but via the runlevel script?)
1109698177 M * Bertl after that the sshd works just fine (i.e. you can connect from outside)
1109698210 M * Doener back later... (probably)
1109698213 N * Doener Doener|gone
1109698300 M * Bertl spocki: just out of curiosity, why that strange combo of tools and kernel patch?
1109698909 J * lostsoul ~dumb@pD9E1153C.dip.t-dialin.net
1109699117 M * Bertl welcome lostsoul!
1109699139 M * lostsoul hi, two questions ;)  1. is it a security leak when i add a lo device in the vserver (/etc/vservsers/interfaces/*/dev). or is the lo device shown in ifconfig a virtual one? 2. is there an easy way to share the host dialup connection with the vserver (because i cant set a route inside the vserver)?
1109699146 M * lostsoul hu, hi Bertl
1109699256 M * Bertl ad 1) yes there is, as you will be able to sniff and probably accept other localhost conenctions that way (so if that is not a problem, you can do it) lo is virtualized with ngnet (not before)
1109699286 M * Bertl ad 2) yes, that's pretty easy, just give your vserver a private ip and S/DNAT it to the dialup connection on the host
1109699287 M * prae See'ya !
1109699293 M * prae thanks for your help'
1109699311 Q * prae Quit: Client exiting
1109699442 M * lostsoul Bertl: yes, the vserver has an ip on a virtual eth0 device (alias?) -> host eth0 = 10.0.0.254 // vserver eth0:1 = 10.0.0.111. is this ok? and can you plz paste the s/dnat iptables rule? ;)
1109699506 M * Bertl iptables -t nat -A POSTROUTING -s 10.0.0.111 -j SNAT --to-source <your dialup ip>
1109699540 J * _are_ ~are@dsl-084-056-143-197.arcor-ip.net
1109699560 M * lostsoul i hope there is no conflict, because eth0 is allready a masquerde device ;)
1109699571 M * spocki Bertl: yes, this is correct
1109699601 M * Bertl okay, and you are sure that sshd starts as expected?
1109699609 M * spocki Bertl: yes
1109699633 M * spocki Bertl: whats the problem with the patch/tool combo?
1109699652 M * Bertl then please have a look with netstat or lsof regarding the port connection the sshd does and enable sshd debug logging
1109699692 M * Bertl ah, your tools should probably be 0.30.204, right? if so, then it's fine
1109699721 M * spocki Bertl: the problem is, it will work with woody-vservers, but not with sarge-vservers
1109699750 M * spocki Bertl: 0.30.204 yes
1109699754 M * Bertl hmm, doesn't that point into the debian direction (sarge to be precise)
1109699825 M * lostsoul Bertl: hm, how do i know if the rule works? *g* i can ping from the vserver the host system and a system in my lan, but no www server :/ or is a "ping" a special case?
1109699889 M * Bertl what do you mean with www server?
1109699897 M * Bertl and yes, ping is special
1109699934 M * lostsoul i ment with www a normal pc in the internet
1109699994 M * Bertl let's try with lynx from inside to 66.102.11.99
1109700003 M * Bertl lynx http://66.102.11.99
1109700015 M * Bertl what does it say?
1109700019 M * Bertl (except for unknown command ;)
1109700058 M * lostsoul have to install it
1109700068 M * lostsoul just (a long) moment ;)
1109700103 M * Bertl spocki: could you do a comparative debug run on client and server for both cases?
1109700450 J * matta-lt ~matta@69.93.28.254
1109700460 M * Bertl welcome matta-lt!
1109700463 M * matta-lt hi!
1109701158 M * spocki Bertl: i will have a try
1109701175 M * Bertl tx
1109701818 Q * lostsoul Ping timeout: 480 seconds
1109702268 J * erwan_ho ~erwan@lns-vlq-39f-81-56-133-136.adsl.proxad.net
1109702284 M * Bertl welcome erwan_ho!
1109702314 M * erwan_ho \o/
1109702743 N * Bertl Bertl_oO
1109702747 M * Bertl_oO back later ...
1109703395 M * erwan_ho ++
1109703413 J * nck ~nck@220.224.32.52
1109703468 M * nck except chroot is there any other condition where namepspace of a child task changes from that of parent ?
1109703491 A * nck asked in kernelnewbies but not satisfied
1109703615 Q * rs Quit: leaving
1109703717 M * spocki Bertl_oO: i have debuged the problem
1109703727 M * spocki Mar  1 20:00:13 v01 sshd[7910]: debug1: PAM: setting PAM_TTY to "/dev/pts/3"
1109703751 M * spocki Bertl_oO: but /dev/pts/* doesnt exist
1109704345 J * prae ~prae@sherpadown.net
1109704374 J * hillct ~hillct@client200-5.dsl.intrex.net
1109704444 M * hillct hi
1109704452 M * hillct I'm trying to understand immutable-linkage-invert
1109704470 M * hillct I'm using XFS
1109704495 M * hillct trying to work out how to modify vskel.pl to play nice with XFS
1109704677 M * hillct I've already updated vskel to create skels from existing vservers rather than the host server
1109704695 M * hillct and I have a spec file for it, just to keep everything clean
1109705322 M * hillct but is there a mapping of ext3 to XFS attributes?
1109705334 M * hillct I've never used the immutable-linkage-invert bit for anything
1109705555 M * _are_ sory, neither have i
1109708083 Q * erwan_ho Remote host closed the connection
1109708960 M * hillct Bertl_oO ping
1109709029 M * daniel_hozac oO = out of office ;)
1109709037 M * hillct yah
1109709040 M * hillct I got that
1109709081 J * MCLIN ~Paulina@micomisariato.telconet.net
1109709087 M * hillct I've been known to not change my nick for days while I'm actually, not AFK or lseeping
1109709090 M * MCLIN hey
1109709101 M * hillct thought it was worth a shot
1109709103 M * MCLIN somebody can help me with a linux problem?
1109710436 N * virtuoso_ virtuoso
1109710446 M * virtuoso Does linux bother you?
1109710517 A * hillct sends Vinny and Vito to go clear up the 'problem'
1109710559 M * hillct MCLIN one day, I may come to you, and ask of you a favor...
1109710594 M * virtuoso Godfather?
1109710607 M * hillct not a direct quote
1109710614 M * virtuoso But still.
1109710621 M * hillct I was too lazy to look it up
1109710720 M * hillct that would be a halfway entertaining Eliza port
1109710733 M * hillct Eliza, Godfather Edition
1109710773 M * hillct "You come to me with your problems, and yet you show me no respect."
1109710835 M * virtuoso How often do you quote this? :)
1109710862 M * hillct not often enough to have remembered it correctly, aparently
1109711344 M * MCLIN Look, I have a  linux server with 273 thin clients, but don't I know how can I do to avoid that if some user 
1109711363 M * MCLIN is already log in on a PC this one can't log in on another PC with the same nick
1109711613 M * hillct it's a function of what linux services your PC clients are using
1109711637 M * hillct anything besides SMB?
1109711755 M * MCLIN I'm not using any service
1109711809 M * MCLIN I made a program to avoid this but it doesn't works good
1109711928 M * hillct I guess I missed something. YOu said PC clients. Are you just using the linux box for authentication?
1109711942 M * MCLIN yes
1109711946 M * hillct guess I'm not clear what you're asking
1109711956 M * MCLIN this are thin clients
1109712061 M * MCLIN they boot form the server you know
1109712070 M * hillct K
1109712074 M * hillct diskless
1109712077 M * hillct nice
1109712108 M * MCLIN so do y know how can I do this???
1109712151 M * hillct diskless client config aren't particularly standardized
1109712170 M * hillct at what layer does the problem occur?
1109712181 M * hillct authentication (I imagine not)
1109712220 M * hillct home directory export?
1109712241 M * MCLIN ok you are clear with what I wanna do
1109712251 M * MCLIN ??
1109712277 M * hillct I've done it before along the lines of the model JWZ used in his nightclub
1109712287 M * hillct but never in a production enviroment
1109712294 M * hillct I did it for my own edification
1109712354 M * hillct there are lots of ways to do it, so it's tough to answer a general question like how do I get users ot login from multiple clients
1109712359 M * MCLIN and how did you do??
1109712417 M * hillct I followed the JWZ model exactly
1109712422 M * hillct I only had two clients
1109712446 M * hillct I didn't encounter a problem logging into multiple clients with the same userid
1109712459 M * hillct what error are you seeing?
1109712538 M * MCLIN no but I wanna do is the opposite
1109712606 M * MCLIN if a user is already login on a Pc this one CAN'T get into another PC with the same login
1109712619 M * hillct yah
1109712666 M * hillct wait, so you want to prevent them from logging in from multiple clients?
1109712666 M * MCLIN only one user  on a PC at the time 
1109712719 M * MCLIN yes
1109712740 M * hillct the most trivial solution is ot put a lock file in their home directory, and have their login script check it and log them out if they try  to login from multiple clients
1109712793 M * hillct or parse the lastlog data to determine if a user is still logged in
1109712864 M * MCLIN look I was doing this
1109713001 M * MCLIN working with the Xsession of the clients and send to a file the name of the user to have a list of user that are connected
1109713046 M * MCLIN but I don't know how to eliminate it form the list when he make logout or shutdown 
1109713195 M * hillct you're thinking too high level
1109713203 M * hillct consider simplifying things
1109713212 M * MCLIN how??
1109713242 M * hillct place a single file in the user's home directory containing the IP of their current client
1109713258 M * hillct when the user logs out, delete the file
1109713268 J * vdb ~vdb@d54C2C0C8.access.telenet.be
1109713270 M * hillct .login
1109713273 M * hillct and .logout
1109713276 M * hillct trivia;
1109713280 M * hillct trivial
1109713419 M * MCLIN but then when he try to login in another PC I have to check all the PCs to find the file
1109713542 J * Tbery ~tb@84.242.127.4
1109713589 M * hillct ?
1109713591 M * hillct wait
1109713597 M * MCLIN ok
1109713610 M * hillct aren't you serving the home directory via NFS or similar?
1109713623 M * Tbery Hi do you know in witch source is mkpasswd?
1109713634 M * Tbery ok debian?
1109713639 M * daniel_hozac Tbery: expect?
1109713658 M * Tbery thx
1109713689 M * MCLIN via NFS
1109713704 M * hillct so why would you need to search each client?
1109713715 N * Doener|gone Doener
1109713716 M * hillct each user has only one home directory
1109713727 M * hillct you know which user is logging in
1109713727 M * Doener evening folks!
1109713733 M * hillct you know their home directory
1109713746 M * hillct you can easily find the lockfile
1109713764 M * Tbery expect in not it right..
1109713963 M * MCLIN yes but I'll have to do a ssh to each PC to get this
1109714043 M * hillct no
1109714046 M * hillct ?
1109714073 Q * nck Quit: Leaving
1109714074 M * hillct you said you were serving the home directory from the server via NFS
1109714136 M * hillct thus the home directory should be easily accessible right on the server
1109714201 M * MCLIN ok suposse that is easy to find how can I know that he did the logout or shutdown??
1109714272 M * hillct ?
1109714288 M * hillct when the users logs out the file should be deleted
1109714302 M * MCLIN yes 
1109714305 M * hillct if the user powers down the file may not get deleted
1109714333 M * hillct so you check the IP address you stored in the file
1109714344 M * hillct and see if that IP is active on the network
1109714367 M * hillct if it isn't, the user probably shutdown uncleanly, so delete and overwrite the lock file
1109714370 M * hillct simple
1109714412 M * MCLIN yes but if some option to know when the users make logout
1109714443 M * hillct part od the default profile logout script should be to delete the lock file
1109714651 M * MCLIN and where is located the logout script??
1109714665 M * MCLIN .bash_logout?????
1109714686 M * hillct that'd be my preference
1109714691 M * hillct depends on your config
1109714702 M * daniel_hozac that runs every time you close a shell though.
1109714721 M * daniel_hozac open xterm, close xterm, login at 2nd machine.
1109714784 M * hillct true
1109714792 M * hillct .profile_logout
1109714802 M * hillct hmm
1109714851 M * MCLIN so .bash or .profile??/
1109714899 M * MCLIN I don't have that file 
1109714958 M * Doener MCLIN: how is authentication handled on the server?
1109714973 Q * Tbery Quit: Ukončuji
1109714998 M * hillct yah. you could tag LDAP records...
1109715023 M * hillct the lockfile solutions seems to me to be the simplest though
1109715069 N * Bertl_oO Bertl
1109715099 M * Doener wb Bertl
1109715158 M * Bertl tx
1109715161 M * MCLIN .profile_logout
1109715163 M * MCLIN some persons told me about ldap but I don't know how it works...
1109715250 M * Bertl evening folks!
1109715302 M * hillct Bertl!
1109715347 M * Bertl hmm, I'm now reading this discussion (and I got a good part of it read backwards)
1109715361 M * Bertl and I have absolutely no idea what it is about?!
1109715371 M * Bertl can anybody sum it up for me?
1109715423 M * Doener he got a server that does authentication for a number of diskless clients and wants to avoid a single user to be logged in on more than one box
1109715436 M * Doener (at the same time)
1109715460 M * MCLIN that's right
1109715551 M * MCLIN Bertl: some idea for my problem
1109715559 M * Bertl login is done via ssh? or what?
1109715616 M * Doener he didn't wanted (or forgot?) to tell me ;)
1109715628 M * Doener s/wanted/want/
1109715641 M * Doener coffee, i'm coming for you! *g*
1109715646 M * Bertl ;)
1109715671 M * Bertl maybe 'HE' could speak up and answer that now ;)
1109715729 M * MCLIN there's no process for the authentication
1109715772 M * Bertl so how are the folks going to 'use' the amchine and if you have no authentication, how do you plan to tell who is using that machine?
1109715805 M * Doener so the boxes are just using the server to boot and get their files?
1109715826 M * MCLIN yes
1109715882 M * MCLIN that's exactly what they do
1109715965 M * hillct ok, I have an actual vserver question ;)
1109715971 M * Doener great! :)
1109715996 M * Bertl MCLIN: well, then the only thing you can account or verify is that the machine has booted or mounted some nfs volume, right?
1109716005 M * hillct how do I handle immutable-linkage-invert for XFS ?
1109716026 M * Bertl hmm, should work as with other filesystems
1109716043 M * hillct I just can't find the attribute mapping
1109716055 M * Bertl attribute mapping?
1109716070 M * hillct -it fails for xfs
1109716087 M * Bertl are we talking about 2.4 or 2.6 here?
1109716092 M * hillct so the atributes must be named differently
1109716094 M * hillct 2.6
1109716105 M * Bertl setattr --help
1109716121 M * MCLIN Bertl: yes thats the only way to know
1109716130 M * hillct setattr is the ext2/3 tool
1109716142 M * Bertl no it is not, trust me ;)
1109716145 M * hillct K
1109716155 A * hillct reads the docs AFAIN
1109716159 M * hillct AGAIN
1109716165 M * Bertl if that doesn't work for you, then your filesystem has xattrs disabled
1109716182 M * hillct checked that too
1109716185 A * hillct reads
1109716196 M * MCLIN so Bertl: what can I do??
1109716311 M * Bertl well, you can record those events (and maybe limit them somehow) but I guess it has nothing to do with user restriction at all (not to talk from linux-vserver ;)
1109716322 Q * vdb Quit: using sirc version 2.211+KSIRC/1.3.11
1109716385 M * hillct ok, maybe I did this wrong
1109716387 M * hillct [root@laptop /]# setattr it /vservers 
1109716387 M * hillct lstat(): No such file or directory
1109716404 M * Bertl ahem, what are you trying to do?
1109716427 M * Bertl maybe you want to create a barrier?
1109716434 M * hillct set imutable and no-tail-merge
1109716440 M * MCLIN but how can record this events??
1109716463 M * Bertl hillct: for what purpose, if I may ask?
1109716463 M * hillct Bertl yes
1109716484 M * Bertl did you do the setattr --help I suggested before?
1109716499 M * MCLIN when he mount?? but I have to use sockets then
1109716512 M * hillct well, ideally, I want to be able ot set imutable the files used for hard linking in vskel.pl skeletons
1109716520 M * hillct down the road
1109716531 M * hillct but it'sd be nice to be able to set a barrier as well
1109716538 M * Bertl MCLIN: probably the server logs it to the syslog
1109716553 M * hillct since the RPM tried it with chattr and of course failed
1109716601 M * hillct I guess it's possible I missed setting xattrs when I built the kernel
1109716603 M * hillct maybe
1109716612 J * Dus10 ~ddortch@68-248-179-131.ded.ameritech.net
1109716617 M * Bertl welcome Dus10!
1109716626 M * Bertl hillct: well, then there will be none I guess ;)
1109716635 Q * hillct Read error: Connection reset by peer
1109716659 Q * SiD3WiNDR Ping timeout: 480 seconds
1109716668 M * Dus10 hey
1109716683 M * Dus10 been a while since I have been here
1109716695 M * Dus10 I just downloaded the redhat 90 dist
1109716699 M * Dus10 as I run slackware
1109716712 M * Dus10 and I need redhat for this service... silly proprietary crud
1109716718 M * Dus10 how do I use the image?
1109716723 M * Dus10 is there docs on it?
1109716734 M * Bertl well, do you know how to setup linux-vserver?
1109716742 M * Dus10 I have it running
1109716749 M * Dus10 and I have been using it for about a year
1109716754 M * Dus10 with 5 vservers
1109716765 M * Bertl well, then create a skeleton vserver and just copy the image over that dir ...
1109716777 M * Dus10 ic
1109716778 M * Dus10 k
1109716792 J * SiD3WiNDR luser@bastard-operator.from-hell.be
1109716818 M * Dus10 vserver test2skel build
1109716825 M * Dus10 then unpack the image over it...
1109716828 M * Dus10 ?
1109716862 M * Bertl yeah, well, probably you want to adjust some details like ip or such but maybe not ...
1109716864 J * shuri ~shuri@dsl.speedline209.226.electronicbox.net
1109716877 M * Bertl welcome shuri!
1109716883 M * Dus10 yea
1109716886 M * Bertl Dus10: but yeah, that's it basically ...
1109716916 M * Bertl it's just a lot easier to specify the --ip at creation ...
1109716961 M * Dus10 ic
1109716967 M * Dus10 I was not aware that was possible
1109716968 M * Dus10 :)
1109716981 M * Doener Bertl: pinging the physical box from a vserver within qemu i get:
1109716982 M * Doener 23:42:43.004041 IP 10.0.0.10 > 10.0.0.1: icmp 64: echo request seq 1
1109716988 M * Doener 23:42:49.023342 IP 10.0.0.1 > 10.0.0.1: icmp 92: host 10.0.0.10 unreachable
1109716997 M * Doener the former on tun0, the latter on lo
1109717002 M * Bertl Dus10: vserver - build --help
1109717024 M * Doener physical box: 10.0.0.1, qemu 10.0.0.2, vserver 10.0.0.10, ng9.1
1109717042 M * Bertl Doener: you have to make something answer the arp
1109717055 M * Bertl (or create static routes)
1109717069 M * Bertl s/routes/arp entries/
1109717083 M * Doener ah, so we have no arp for the vnets yet?
1109717093 M * Bertl simplest way is to define the vserver ip on the host
1109717109 M * Bertl yes, we have arp, but the anser can not be assigned easily ;)
1109717118 M * Bertl *answer even
1109717130 J * hillct ~hillct@client200-5.dsl.intrex.net
1109717135 M * Bertl wb hillct!
1109717150 M * Doener hm? i only see who-has with tcpdump, no replies
1109717178 M * hillct network badness
1109717183 M * hillct grrr
1109717216 M * Bertl Doener: the issue is: kernel will not do promisceous arp
1109717223 M * matta does ngnet use proxy arp?
1109717225 M * matta or aliases?
1109717239 M * Bertl so it does look into it's caches, and sees that it has no local ip for that request
1109717254 M * Bertl therefor it doesn't accept that arp request ...
1109717282 M * Bertl matta: no proxy arp yet, requires a virtual switch (which is not there yet)
1109717318 M * matta I have a pretty nice proxy arp setup with a xen server
1109717327 M * Bertl basically you can see the ngnet setup a schizophrenic host
1109717338 M * Doener heh
1109717346 M * Bertl the guests do not see eachother and they do not se the host
1109717351 M * matta it creates an interface on the host, it's a tun device (I think?)
1109717364 M * matta alias 169.254.1.1/32 on that
1109717366 M * Bertl nevertheless they can pretty much talk with the network ...
1109717384 M * matta alias the IP in the VM... but add a static route for 169.254.1.1/32
1109717393 M * matta and use that as the gateway
1109717438 M * Bertl that's how xen works?
1109717450 M * Bertl via a host gateway?
1109717551 M * hillct OK< I don't get this
1109717589 M * Bertl hmm?
1109717627 M * hillct still no luck with setting up a barrier
1109717643 M * Bertl show me your command line and the output please!
1109717644 M * micah hmm, where can I pick up 1.9.4.9?
1109717653 M * micah looking to patch against -rc5
1109717666 M * hillct [root@laptop /]# setattr it /vservers 
1109717666 M * hillct lstat(): No such file or directory
1109717681 M * Bertl hillct: please, please do what I suggested!
1109717691 M * hillct sorry
1109717700 M * hillct must have missed it
1109717704 M * Bertl micah: right beside the 1.9.5-rc1 release ...
1109717711 M * Bertl http://vserver.13thfloor.at/Experimental/patch-2.6.11-rc5-vs1.9.5-rc1.diff
1109717735 T * Bertl http://linux-vserver.org/ | latest stable 1.2.10, devel 1.9.5-rc1, ng9.0  -- He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;)   
1109717752 M * hillct Bertl sorry. I must have missed the suggestion
1109717760 M * Bertl setattr --help 
1109717768 M * Bertl (third time means luck ;)
1109717783 M * hillct you really want the output of setattr --help?
1109717790 M * hillct  I thought you merant for me to read
1109717792 M * Bertl no, you should look at it ;)
1109717796 M * micah Bertl: great, thanks! I was trying to find it off of the wiki
1109717796 M * hillct yah
1109717801 M * hillct I did
1109717806 M * hillct what am I missing?
1109717806 M * Bertl do you see any i or t there?
1109717811 M * hillct yes
1109717822 M * Bertl what distro is that?
1109717840 M * Bertl and what tools do you use?
1109717846 M * hillct is the lstat error indicative of not having extended attributed built in the kernel module?
1109717853 M * hillct this is FC2
1109717867 M * Bertl no, IMHO it's the result of badly using the setattr command
1109717877 M * hillct ah
1109717900 M * Bertl you want to do 'setattr --iunlink /path/to/some/file'
1109717914 M * Bertl or 'setattr --barrier /path/to/some/dir'
1109717916 M * hillct ah
1109717939 M * hillct I thought it was usable shorthand
1109717945 M * hillct man page says so
1109717949 M * hillct guess not
1109717949 M * Bertl and I really fail to see any mentioning of i or t in my setattr version (granted it's probably the newest tool)
1109717970 M * Bertl you have a manpage for that?
1109717998 M * hillct ha!
1109718002 M * hillct damnit
1109718008 M * hillct what was I reading then
1109718022 M * hillct sorry about that
1109718027 M * Bertl np
1109718073 M * hillct so, now lets assume at this point I don't know what the hell I'm doing at all
1109718077 M * Bertl and don't mix barrier and immutable stuff
1109718084 M * hillct OK
1109718086 M * hillct well
1109718092 M * hillct my main goal is this:
1109718105 M * hillct I want to make vskel.pl usable on xfs
1109718106 M * Bertl barrier is what you want on the directory above the vserver's root dir
1109718113 M * hillct yah
1109718118 M * hillct seperate thing
1109718137 M * Bertl the iunlink is what you set when you've made a hardlink between vservers
1109718147 M * Bertl (this is not possible for directories!)
1109718154 M * hillct yah
1109718158 M * hillct of course
1109718170 A * hillct got some coffee and is now functioning :)
1109718177 M * Bertl excellent!
1109718196 M * hillct OK, so, 
1109718200 A * hillct tries
1109718396 M * hillct doh
1109718401 A * hillct feels stupid
1109718425 M * hillct I duno where I got the idea of that shorthand
1109718429 M * hillct I guess from chattr
1109718437 M * Bertl yeah, probably
1109718462 M * micah oh wow, is vs1.9.5-rc1 much better than 1.9.4rc4?
1109718528 Q * shuri Read error: Operation timed out
1109718593 M * micah when I say "better" I mean more stable :)
1109718598 M * hillct Bertl thanks for not giving up completely there. Duno why I got it in my head it had to be done in this totally screwed up way
1109718657 M * Bertl np
1109718680 M * Bertl micah: well, it's much more advanced than 1.9.4rc4 ...
1109718692 M * hillct Bertl is there a reason vskel.pl was designed to create initial skels from the host server rather tan a reference vserver?
1109718726 M * hillct I updated it to take a prefix argument so I could use any arbitrary vserver as the source
1109718735 M * Bertl you have to ask the author of that tool, no idea ...
1109718741 M * micah Bertl: pretend you were putting a vserver patch on a server that you wanted to be stable, would you use 1.9.5-rc1, or would you use one of the others? I am not so much wanting features, but stability :)
1109718752 M * hillct ah
1109718761 M * Bertl micah: probably 1.2.10 ;)
1109718845 M * micah Bertl: ok, well... out of the 1.9 series :)
1109718887 M * Bertl then guess 1.9.5-rc1 is pretty good ... so I'd go for that ...
1109718900 M * Doener Bertl: just adding a local route is enough to get connectivity from the vserver to the outside
1109718929 M * Bertl example? and did you verify with a new (i.e. arp clean) setup?
1109719017 M * Doener # arp
1109719017 M * Doener Address                  HWtype  HWaddress           Flags Mask            Iface
1109719017 M * Doener 10.0.0.10                        (incomplete)                              tun0
1109719021 M * Doener doener ~ # ping 10.0.0.10
1109719022 M * Doener PING 10.0.0.10 (10.0.0.10) 56(84) bytes of data.
1109719022 M * Doener 64 bytes from 10.0.0.10: icmp_seq=1 ttl=64 time=4.29 ms
1109719049 M * Doener i added the following the the startup vshelper:
1109719050 M * Doener ip r a local $VIP dev eth0
1109719140 M * Bertl hmm, which is probably equiv to
1109719154 M * Bertl arp -Ds $VIP dev eth0
1109719167 M * Bertl +pub
1109719275 M * Doener 10.0.0.1 does not show up in the qemu host's arp table
1109719348 M * Bertl do you have a local network at 192.168.0.x in or near your test setup?
1109719395 P * hillct 
1109719418 M * Doener the physical host's real network is on 192.168.0.x
1109719477 M * Bertl hmm, okay, but I guess 172.16.x.x is unused?
1109719486 M * Doener yep
1109719500 M * Bertl well, then let's use that for the vserver (just for a test)
1109719525 M * Bertl create one 172.16.0.1 ip on the 'real' machine as dummy device entry
1109719546 M * Bertl and assign 172.16.0.2 to the vserver (but just from inside the vserver)
1109719560 M * Bertl then try to reach the other end with ping
1109719590 M * Bertl you'll see the arp requests and the ignored answer
1109719597 M * Doener so: physical: 172.16.0.1, qemu 10.0.0.1, qemu-server 10.0.0.2, vserver 172.16.0.2, right?
1109719627 M * Bertl qemu 10.0.0.1 (is tap on real?)
1109719631 M * Bertl or tun
1109719639 M * Doener yep
1109719646 M * Bertl okay, then yes
1109719652 M * Doener s/qemu-server/qemu-guest/
1109719669 M * Bertl okay, let's agree on a nomenclature hear
1109719672 M * Bertl *here
1109719685 M * Bertl real = physical machine
1109719714 M * Bertl (qemu-)host = the virtual machine in qemu
1109719738 M * Bertl and (qemu-)guest = the virtual server in the qemu
1109719744 M * Bertl is that okay?
1109719749 M * Doener ok
1109719780 M * Doener hm, what about gateway/routing setup?
1109719787 M * Bertl so try the first ping (a single one) from the vserver
1109719797 M * Bertl no additional routing setup inside qemu
1109719834 M * Bertl but a rout on the real amchine over 10.0.0.2
1109719840 M * Bertl *route
1109719848 M * Bertl (or better to the interface)
1109719885 M * Bertl or make the 172.16.0.1 an alias of the tun device
1109720013 M * Doener ok, ping from vserver to real failed (expected i guess)
1109720030 M * Bertl yep, just look at the arp packets
1109720080 J * shuri ~shuri@dsl.speedline209.226.electronicbox.net
1109720081 Q * prae Quit: Pwet
1109720293 M * Doener no arp packets on real/host. no tcpdump allowed on guest
1109720313 M * Bertl hum?
1109720320 M * Bertl sec
1109720442 M * Doener ok, allowed tcpdump on guest, no arp packets anywhere
1109720458 M * Bertl that's what I see here:
1109720470 M * Bertl 00:40:42.817269 52:54:0:12:34:56 ff:ff:ff:ff:ff:ff 0806 60: arp who-has 172.16.0.1 tell 10.0.0.2
1109720474 M * Bertl 00:40:42.817368 0:ff:69:5d:fe:d9 52:54:0:12:34:56 0806 42: arp reply 172.16.0.1 is-at 0:ff:69:5d:fe:d9
1109720483 M * Bertl 00:40:42.822317 52:54:0:12:34:56 0:ff:69:5d:fe:d9 0800 98: 172.16.0.2 > 172.16.0.1: icmp: echo request (DF) (ttl 64, id 0, len 84)
1109720488 M * Bertl 00:40:42.822490 0:ff:69:5d:fe:d9 ff:ff:ff:ff:ff:ff 0806 42: arp who-has 172.16.0.2 tell 172.16.0.1
1109720504 M * Bertl (which is repeated three times, as it is ignored by the host)
1109720547 M * Bertl the 'first' problem is that 10.0.0.2 asks fro the arp info
1109720570 M * Bertl and the second one is that the host doesn't answer for replies to 'guest' requests
1109720626 M * Doener ouch
1109720649 M * Doener i used .1 on both
1109720654 M * Bertl ;)
1109720700 M * Doener ok, now i get the same
1109720763 M * Bertl if you now add the ip to the host
1109720782 M * Bertl (given your iptables rules allow it)
1109720791 M * Bertl (for the guest that is ;)
1109720813 M * Bertl the arp will work fine, and the echo reply will be delivered
1109720818 M * Doener should i add the ip address or just the local route?
1109720818 M * Bertl (to the guest)
1109720855 M * Bertl now the first issue mentioned is probably solved with a trivial change ...
1109720860 M * Bertl (consider it a bug, which doesn't really affect anything IMHO)
1109720911 M * Bertl but the second issue, the arp answer for guest ips is not really trivial
1109720917 M * Doener AFAICT just adding the local route is like: ok kernel, you don't see that ip address, but believe me, it is on this host, just trust me, i'm your root ;)
1109720956 M * Bertl yeah, but I'd like to do that 'without' the entry on the host
1109720966 M * Bertl based on the 'local' entries of the guests
1109720990 M * Bertl (of course modulo the permit from the host admin)
1109721006 M * Bertl but maybe adding the local route is the way to go anyway?
1109721038 M * Doener after adding the route only, i get:
1109721043 Q * shuri Read error: Operation timed out
1109721045 M * Doener 00:50:12.366597 arp who-has 172.16.0.1 tell 172.16.0.2
1109721045 M * Doener 00:50:12.375641 arp reply 172.16.0.1 is-at 5e:b8:c7:7c:52:ff
1109721045 M * Doener 00:50:17.376398 arp who-has 172.16.0.2 tell 172.16.0.1
1109721045 M * Doener 00:50:17.377586 arp reply 172.16.0.2 is-at 52:54:00:12:34:56
1109721053 M * Doener which looks pretty nice to me
1109721064 M * Bertl indeed
1109721073 M * Bertl let me try that here ...
1109721125 M * Bertl btw, do you have proper entries in the iptables (for 172.16.0.2) or none yet?
1109721157 M * Doener i'm using your vshelper-delegate thingy and adapted it
1109721170 M * Doener i can make the host unreachable from within the vserver
1109721175 M * Bertl yes, but for 172.16.0.2 ?
1109721194 M * Doener yeah, i adapted it to use that address ;)
1109721201 M * Bertl okay, great!
1109721215 M * Doener on the host to add the local route: # ip r a local 172.16.0.2 dev eth0
1109721233 M * Doener on the guest to make the host unreachable: # ip r a local 10.0.0.1 dev en0
1109721270 M * Doener (unreachable from real that is)
1109721277 M * Bertl sounds good
1109721291 M * Doener sounds pretty bad to me?
1109721321 M * Bertl hmm, I'm probably too tired, what did I miss?
1109721361 M * Doener the last two lines ;) from within the guest i can kill the host's networking (and the guest's networking with it)
1109721510 M * Doener the host just stops replying to arp requests
1109721594 M * Bertl hum, any routing entry should be vserver local ...