1219451488 J * doener_ ~doener@i577BB1D4.versanet.de 1219451583 Q * doener Ping timeout: 480 seconds 1219452978 Q * quote Ping timeout: 480 seconds 1219454557 Q * __gh__ Quit: Client exiting 1219456157 N * Bertl_zZ Bertl 1219456160 M * Bertl back now ... 1219456187 M * daniel_hozac that wasn't much sleep ;) 1219456510 M * Bertl yeah, no idea why I can't get a good sleep atm 1219456764 P * Tooom 1219458109 M * Bertl daniel_hozac: ah, btw, you said (last time) you tested on PID space enabled kernels only .. did you add some of the backwards compatibility stuff we talked about back then, or are you using the separate migrate stuff only? 1219458147 M * Bertl if the latter, did you have any success (did you try?) with the migrating init pid approach? 1219458163 M * daniel_hozac i didn't get around to that. 1219458169 M * daniel_hozac i got distracted by other things. 1219458188 M * Bertl same here, just wanted to avoid duplication 1219461187 Q * Aiken Remote host closed the connection 1219461373 J * Aiken ~Aiken@ppp118-208-65-150.lns1.bne4.internode.on.net 1219462657 Q * derjohn_mob Ping timeout: 480 seconds 1219468285 J * derjohn_mob ~aj@e180197032.adsl.alicedsl.de 1219474528 M * Bertl okay, off to bed now ... cya! 1219474534 N * Bertl Bertl_zZ 1219478076 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1219480452 Q * Hollow Remote host closed the connection 1219480540 Q * padde Remote host closed the connection 1219480706 Q * squat Remote host closed the connection 1219480713 Q * nox Remote host closed the connection 1219480730 Q * mnemoc Remote host closed the connection 1219480733 Q * karasz Remote host closed the connection 1219480805 J * squat ~squat@85-10-210-61.clients.your-server.de 1219480811 J * Hollow ~hollow@proteus.croup.de 1219480820 J * nox ~nox@static.88-198-17-175.clients.your-server.de 1219480835 J * mnemoc ~amery@yoda.expert-erp.net 1219480842 J * karasz ~karasz@yoda.expert-erp.net 1219480887 Q * mEDI_S Ping timeout: 480 seconds 1219480971 J * mEDI_S ~medi@snipah.com 1219481034 J * padde ~padde@patrick-nagel.net 1219485302 N * DoberMann[ZZZzzz] DoberMann 1219486045 J * friendly ~friendly@ppp59-167-128-87.lns3.mel6.internode.on.net 1219486090 J * yarihm ~yarihm@249-43-239-77-pool.cable.fcom.ch 1219486490 Q * friendly Quit: Leaving. 1219487190 J * ViRUS ~mp@p579B448F.dip.t-dialin.net 1219487543 J * friendly ~friendly@ppp59-167-128-87.lns3.mel6.internode.on.net 1219488604 J * pmenier ~pmenier@ACaen-152-1-63-64.w83-115.abo.wanadoo.fr 1219488893 N * Bertl_zZ Bertl 1219488897 M * Bertl morning folks! 1219489504 M * pmenier morning Bertl 1219489533 M * pmenier running 2.6.26.2 and now 2.6.26.3 since 7 days without problem 1219489862 M * Bertl good to hear! 1219490579 N * pmenier pmenier_off 1219494918 Q * friendly Quit: Leaving. 1219495686 M * Wonka with vserver patch, i assume? 1219495707 M * Bertl yeah, I assume so too :) 1219496329 J * wenchien ~wenchien@59.105.176.102 1219496870 M * Bertl wb wenchien! 1219497040 M * wenchien Bertl: hi :) 1219498399 Q * Aiken Quit: Leaving 1219499721 M * ViRUS I'm running a linux box with vserver and grsecurity for 218 days now without any major problems. 1219499775 M * ViRUS just in case I missed something. Does anyone know if there were any security patches available for linux kernel 2.6.22, versever 2.2.0.5 and grsec 2.1.11 ? 1219499901 M * ViRUS it seams to be pretty stable still. The patches for vserver 2.2.0.5 -> 2.2.0.7 don't look crucial for me. 1219499937 M * Bertl check the mainline security fixes for 2.6.22 1219500016 M * Bertl (i.e. from 2.6.22.x to 2.6.22.19) 1219500069 M * ViRUS Bertl, do you know any good resource where to look. Following the changelogs is cumbersome 1219500135 M * Bertl the 2.6.22.x changelogs shouldn't be that cumbersome, but maybe kernel trap is a good place to check 1219501891 J * mire ~mire@122-175-222-85.adsl.verat.net 1219501985 Q * mire 1219504454 J * mrfree ~mrfree@host210-19-dynamic.9-79-r.retail.telecomitalia.it 1219504836 J * hparker ~hparker@linux.homershut.net 1219509409 Q * mrfree Quit: Leaving 1219510758 M * snooze im getting "traceroute: unknown protocol icmp" in a natted guest.. any ideas how to resolve that? with iptables i guess 1219510788 M * Bertl use tracepath 1219510796 M * snooze what if thats not an option? 1219510802 M * snooze :) 1219510807 M * Bertl enable raw sockets for the guest 1219510818 M * snooze how do i do that? 1219510819 J * dna ~dna@78-245-dsl.kielnet.net 1219510824 M * Bertl (and prepare for network sniffers :) 1219510834 M * snooze hehe 1219510841 M * Bertl CAP_NET_RAW 1219510843 J * Loki|muh loki@satanix.de 1219510889 M * Bertl http://linux-vserver.org/Capabilities_and_Flags 1219510941 M * snooze RAW_ICMP sounds nice tho? 1219511062 M * Bertl that should be default by now 1219511085 M * Bertl (and it probably is, if ping inside the guest works) 1219511139 M * snooze yeah it does 1219511354 M * snooze hm 1219511364 M * snooze so i added NET_RAW in bcapabilities 1219511368 M * snooze still getting the same 1219511390 M * Bertl that's unusual .. you did restart the guest? 1219511397 M * snooze yes 1219511412 M * Bertl do you have blocking rules in your iptables? 1219511441 M * Bertl could you do an strace -fF on that traceroute and also check that tracepath works as expected? 1219511506 M * snooze only rule: SNAT all -- 172.16.0.0/21 !172.16.0.0/21 to:192.168.254.21 1219511513 M * snooze and that one is for postrouting 1219511572 Q * emag Remote host closed the connection 1219511581 J * emag APDHVreHqg@gurski.org 1219511642 M * snooze tracepath is working 1219511860 M * snooze open("/etc/protocols", O_RDONLY) = -1 ENOENT (No such file or directory) 1219511862 M * snooze heh, might be why 1219511875 M * Bertl sounds good :) 1219511897 M * snooze now i got 1219511898 M * snooze traceroute: findsaddr: Can't find interface "*" 1219511899 M * snooze :D 1219511926 M * Bertl what does 'ip addr ls' show? 1219511948 M * Bertl and again, what does the strace -fF giveß :) 1219511951 M * Bertl -ß 1219511998 M * snooze 1: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:c0:4f:4a:38:4c brd ff:ff:ff:ff:ff:ff inet 172.16.0.10/21 brd 172.16.7.255 scope global secondary eth0 1219512068 M * snooze http://paste.linux-vserver.org/12380 1219512334 M * Bertl well, your traceroute is kind of weird 1219512345 M * Bertl it first does a lookup on the ip to get the interface 1219512358 M * Bertl and then seems to do a lookup on the interface to get ips 1219512368 M * Bertl maybe try to specify an explicit IP 1219512402 M * snooze explicit ip? it has a static one atm anyway 1219512407 M * snooze no dhcp 1219512413 M * Bertl na, for the traceroute 1219512433 M * Bertl alternatively you can disable the NIDE_NETIF 1219512438 M * Bertl *HIDE 1219512627 M * snooze with ~HIDE_NETIF i dont get any error 1219512635 M * snooze but.. 1219512645 M * snooze traceroute only outputs stars, timeouts :) 1219512666 M * Bertl means you don't reach the target, or, the returned packets do not reach you 1219512706 M * snooze ping works as you know 1219512714 M * snooze hm 1219512737 M * snooze and the trace works on the host system of course 1219512748 M * snooze then is there something i have todo with iptables? 1219512785 M * Bertl you might want to look at the traceroute packets with tcpdump (on the host) 1219512809 M * Bertl but you are aware that traceroute is below the IP layer and thus not really suited for a guest? 1219512809 M * snooze will do 1219512839 M * snooze yeah, but i still want it working on that guest :) 1219512861 M * Bertl okay, you might consider disabling the network isolation then 1219512882 M * snooze as long as it doesnt affect other guests 1219512913 M * Bertl well, it will allow this guest to do arbitrary evil to the networking stack, but besides that no new harm 1219512951 A * sid3windr reads the discussion about raid controllers and can only say, areca cards rock. 1219512966 M * snooze like changing settings of interfaces on the host system Bertl ? 1219512979 M * Bertl yep 1219513013 M * snooze thats not very nice :) 1219513135 M * Bertl well, maybe you get away with the 'right' combo of options and/or flags 1219513247 M * snooze hm 1219513282 M * snooze might as well try getting tracepath acceptable instead 1219513313 M * Bertl that'd be preferable in many ways, and needs no changes to the guest as it is a layer 3 tool 1219513349 M * snooze i didnt know there was such a difference between traceroute and tracepath though 1219513363 M * snooze dont they both play around with ttl values? 1219513387 M * Bertl traceroute is like ping, does everything at layer 2 1219513410 M * Bertl tracepath is a true ip tool 1219513451 M * snooze cant be for no reason its using a lower layer 1219513456 M * snooze no? 1219513479 M * Bertl well, like ifconfig only able to see aliases? 1219513531 M * snooze yeah ive noticed that 1219513548 M * snooze never really cared :) 1219513575 M * Bertl well, ifconfig is like 15 years old, has problems with 'eyesight' 1219513596 M * Bertl (15 years is long in computer sciences :) 1219513617 M * snooze yea hehe 1219513732 J * ViRUS_ ~mp@p579B48A0.dip.t-dialin.net 1219514162 Q * ViRUS Ping timeout: 480 seconds 1219516154 J * Beuc ~yo@82.238.35.175 1219516338 M * Bertl wb Beuc! 1219516572 M * Beuc hey! 1219518649 Q * phedny Ping timeout: 480 seconds 1219519972 Q * pisco_ Remote host closed the connection 1219520446 Q * hparker Ping timeout: 480 seconds 1219520689 J * hparker ~hparker@linux.homershut.net 1219521020 J * pisco_ ~pisco@tor.noreply.org 1219521133 Q * dna Read error: Connection reset by peer 1219521777 Q * _gh_ Ping timeout: 480 seconds 1219522797 Q * NaioN Ping timeout: 480 seconds 1219522934 J * _gh_ ~gerrit@67.170.155.50 1219522968 Q * pisco_ Remote host closed the connection 1219523036 J * NaioN ~stefan@misc.mordor.unilogicnetworks.net 1219523080 J * pisco_ ~pisco@tor.noreply.org 1219523826 J * mrfree ~mrfree@host210-19-dynamic.9-79-r.retail.telecomitalia.it 1219524458 J * jmcaricand jm@79.80.176.227 1219524477 Q * jmcaricand 1219525113 Q * derjohn_mob Ping timeout: 480 seconds 1219525129 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1219525294 N * DoberMann DoberMann[ZZZzzz] 1219525420 J * ido ~ido@lolcocks.com 1219525448 M * Bertl welcome ido! 1219525483 M * Bertl I'm off for now ... maybe back a little later (unless I fall asleep :) 1219525490 N * Bertl Bertl_oO 1219525807 Q * nenolod Read error: Connection reset by peer 1219525866 J * nenolod ~nenolod@ip70-189-74-62.ok.ok.cox.net 1219526827 Q * balbir Ping timeout: 480 seconds 1219528532 J * hparker ~hparker@linux.homershut.net 1219528746 Q * mrfree Quit: Leaving 1219528837 J * mrfree ~mrfree@host210-19-dynamic.9-79-r.retail.telecomitalia.it 1219528842 Q * mrfree 1219528942 Q * bonbons Quit: Leaving 1219532444 J * FCOJ ~mordur@dsl-195-100.hive.is 1219533842 J * Aiken ~Aiken@ppp118-208-65-150.lns1.bne4.internode.on.net 1219533846 Q * ViRUS_ Quit: Leaving 1219535216 Q * FCOJ Quit: Leaving