1226793846 Q * m_o_d Ping timeout: 480 seconds
1226794202 Q * ntrs_ Ping timeout: 480 seconds
1226795232 J * pisco_ ~pisco@86.59.118.153
1226795296 Q * pisco Ping timeout: 480 seconds
1226795955 Q * Piet Quit: Piet
1226796328 Q * hparker Quit: Read error: 104 (Peer reset by connection)
1226797372 Q * Mojo1978 Remote host closed the connection
1226798416 J * dowdle ~dowdle@71-221-8-241.blng.qwest.net
1226798647 Q * dowdle_ Ping timeout: 480 seconds
1226798708 M * Bertl off to bed now .. have a good one everyone!
1226798713 N * Bertl Bertl_zZ
1226799559 Q * doener_ Quit: leaving
1226799710 J * hparker ~hparker@2001:470:1f0f:32c:212:f0ff:fe0f:6f86
1226803519 J * ntrs_ ~ntrs@77.29.9.223
1226804003 Q * ntrs_ Ping timeout: 480 seconds
1226804592 Q * dowdle Remote host closed the connection
1226805719 Q * geb Remote host closed the connection
1226806936 N * quinq qzqy
1226814744 Q * DLange Ping timeout: 480 seconds
1226815808 J * DLange ~DLange@dlange.user.oftc.net
1226816719 J * ktwilight__ ~ktwilight@222.122-66-87.adsl-dyn.isp.belgacom.be
1226817004 Q * ktwilight_ Ping timeout: 480 seconds
1226818180 J * ntrs_ ~ntrs@77.29.12.174
1226823059 Q * svenk Ping timeout: 480 seconds
1226825188 Q * hparker Quit: Read error: 104 (Peer reset by connection)
1226827418 J * svenk ~sven@213.73.89.36
1226828585 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1226828874 Q * _gh_ Ping timeout: 480 seconds
1226830041 J * cga ~weechat@94.36.130.212
1226830304 J * ntrs__ ~ntrs@77.29.16.36
1226830717 Q * ntrs_ Ping timeout: 480 seconds
1226833003 N * Bertl_zZ Bertl
1226833008 M * Bertl morning folks!
1226839278 J * dna ~dna@52-246-dsl.kielnet.net
1226839443 Q * Aiken Remote host closed the connection
1226840571 Q * ktwilight__ Read error: Connection reset by peer
1226840615 J * ktwilight__ ~ktwilight@222.122-66-87.adsl-dyn.isp.belgacom.be
1226841681 Q * cga Quit: WeeChat 0.2.6
1226842071 Q * ktwilight__ Ping timeout: 480 seconds
1226842115 J * ktwilight ~ktwilight@222.122-66-87.adsl-dyn.isp.belgacom.be
1226843720 M * openblast hi, i think there is not much going on with netng at the moment right?
1226843984 M * Bertl hmm?
1226844210 M * arekm any progress? :>
1226844314 M * Bertl you mean, regarding the X11 thing?
1226844383 Q * ktwilight Read error: Connection reset by peer
1226844419 J * ktwilight ~ktwilight@222.122-66-87.adsl-dyn.isp.belgacom.be
1226844797 J * ntrs_ ~ntrs@77.29.12.214
1226844916 N * qzqy quinq
1226845183 Q * ntrs__ Ping timeout: 480 seconds
1226845604 J * Piet ~piet@86.59.118.153
1226845633 M * Bertl openblast: what do you expect/see in netng?
1226846844 M * arekm Bertl: no, ipv6 thing
1226846869 M * Bertl ah, good that you remind me .. almost forgot ...
1226847241 M * openblast Bertl iptables inside vserver would be nice
1226847251 M * openblast but i dont know it is feasible :)
1226847275 J * doener ~doener@i577ADBB3.versanet.de
1226847282 M * Bertl mainline is working on that, but you can also relay guest requests to the host and implement the rules there
1226847323 M * Bertl note that I'm not really convinced that iptables _inside_ a guest will do any good (for networking on the host)
1226847336 M * openblast ah with mainline you mean the kernel developers?
1226847345 M * openblast hm
1226847361 M * Bertl Linux-VServer developers are kernel developers too :)
1226847371 M * openblast hehe
1226847373 M * Bertl what I mean with mainline is kernel.org
1226847390 M * openblast ok
1226847441 M * openblast why do you think iptables inside a guest is bad?
1226847471 M * Bertl well, for several reasons ...
1226847495 M * Bertl first, most policy is host wide, no?
1226847520 M * Bertl i.e. it doesn't make sense to block e.g. echo requests for guest A but have them work for guest B
1226847534 M * Bertl (not that you cannot do that on the host :)
1226847540 M * openblast hm ok :)
1226847569 M * Bertl second, if you do accounting or mangling with iptables
1226847597 M * Bertl it often involves nat or similar, which is again something you do not want to be done from the guest
1226847618 M * Bertl think nat to a guest/host IP (of a different guest)
1226847628 M * openblast yeah
1226847644 M * Bertl so, there are two options to get iptables for guests working
1226847663 M * Bertl the simple, straight forwar but slow and inefficient approach
1226847696 M * Bertl add another layer of indirection (i.e. a virtual network stack) which is traversed first
1226847713 M * openblast yes
1226847717 M * Bertl and then pass everything through the second 'real' network stack again
1226847722 M * openblast i wouldnt want that of course
1226847730 M * Bertl probably doing the very same checks again ...
1226847744 M * Bertl this is what OVZ and also mainline is going to provide
1226847758 M * openblast ah ok
1226847792 M * Bertl the second approach is to put the policy on the host (the business logic)
1226847815 M * Bertl and basically act upon guest requests with implementing the proper rules (on the host)
1226847844 M * Bertl skipping the addition network stack, and also ensuring that the network policy can get implemented host wide
1226847872 J * geb ~geb@4.4.82-79.rev.gaoland.net
1226847873 M * openblast ok yes
1226847887 M * geb hi
1226848019 M * openblast thank you for your explanation Bertl, made it quite clear
1226848048 M * Bertl btw, there was a prototype which actually implemented the latter in userspace
1226848071 M * openblast oh, what was it called?
1226848073 M * Bertl but it seems the interest was too low to persue that
1226848077 M * openblast hm k
1226848106 M * Bertl basically a helper script inside the guest, which sent the requests to the host
1226848128 M * openblast ah
1226848333 M * openblast but no problem atm im just setting things up on the host, im really looking forward to 2.3 for ipv6 :)
1226853148 J * derjohn_mob ~aj@e180198251.adsl.alicedsl.de
1226853217 J * doener_ ~doener@i577BB07E.versanet.de
1226853321 Q * doener Ping timeout: 480 seconds
1226853369 M * Bertl arekm: okay, I have a debug patch for you (in a few minutes)
1226853425 J * ktwilight_ ~ktwilight@222.122-66-87.adsl-dyn.isp.belgacom.be
1226853447 Q * ktwilight Read error: Connection reset by peer
1226853581 M * arekm ok
1226854017 M * Bertl arekm: http://vserver.13thfloor.at/Experimental/delta-ipv6-debug01.diff
1226854038 M * Bertl make sure Linux-VServer debugging is enabled, as well as general kernel debugging
1226854461 Q * ktwilight_ Remote host closed the connection
1226854483 J * ktwilight_ ~ktwilight@222.122-66-87.adsl-dyn.isp.belgacom.be
1226854627 Q * derjohn_mob Ping timeout: 480 seconds
1226855546 Q * ktwilight_ Ping timeout: 480 seconds
1226855629 M * arekm what's considered to be "general kernel debugging" ? 
1226855641 M * Bertl DEBUG_INFO
1226857673 J * hparker ~hparker@2001:470:1f0f:32c:212:f0ff:fe0f:6f86
1226859581 J * _gh_ ~gerrit@c-71-193-204-84.hsd1.or.comcast.net
1226860151 J * alex1234 alex@78-86-117-217.zone2.bethere.co.uk
1226860155 M * alex1234 hello
1226860166 M * alex1234 quick question, how can i set multiple interfaces to a guest?
1226860181 M * alex1234 im looking to assigna VLAN via a tap interface to a guest i have
1226860212 M * alex1234 so it can use the VLAN link that the host has setup
1226860234 M * Bertl you do not assign 'interfaces' to guest, only IPS
1226860256 M * Bertl ip you assign an IP to a guest, the interface(s) 'holding' it will show up
1226860259 M * alex1234 okay well ive assigned the ip inside km31919:/usr/local/etc/vservers/smurf/interfaces/0
1226860280 M * alex1234 km31919:/usr/local/etc/vservers/smurf/interfaces/0# cat dev
1226860281 M * alex1234 eth4
1226860281 M * alex1234 tap0.10
1226860291 M * alex1234 does this look right?
1226860297 M * Bertl not really
1226860310 M * alex1234 how can i configure the tap properly ? :)
1226860328 M * alex1234 ive tried hunting through the wiki :>
1226860328 M * Bertl first, what you probably mean is a tun device not tap
1226860346 M * Bertl tap is ethernet layer, and I guess you want IP layer (tun)
1226860368 M * Bertl but putting that aside, you can only have one entry in the dev file
1226860387 M * Bertl (but you can have several entries in interfaces :)
1226860396 M * alex1234 its a ethernet interface
1226860408 M * Bertl who created it?
1226860414 M * alex1234 i did
1226860418 M * alex1234 via openvpn on the host
1226860425 M * Bertl so it is already there, and maybe has an IP?
1226860430 M * alex1234 on the host, yes
1226860453 M * Bertl then you want to use 'nodev' instead of 'dev'
1226860471 M * Bertl with dev, the utils will assign the IP, which might not be what you want
1226860488 M * alex1234 an noip / noname etc?
1226860497 M * alex1234 and*
1226860509 M * Bertl http://www.nongnu.org/util-vserver/doc/conf/configuration.html
1226860517 M * Bertl stop guessing, check the docu :)
1226860611 M * alex1234 dont seem to see nodev in the /etc/vservers/vserver-name/interfaces  section :>
1226860617 M * alex1234 wait
1226860620 M * alex1234 im blind
1226860627 M * Bertl :)
1226860800 M * Bertl most likely you either want ip/prefix/nodev or ip/prefix/dev/vlandev
1226860803 M * alex1234 done! :)
1226860815 M * alex1234 i didnt realise i needed another dir
1226860828 M * Bertl ok, np
1226860829 M * alex1234 ./etc/vservers/vserver-name/interfaces/2,3,4 etc
1226860831 M * alex1234 :>
1226860872 M * alex1234 thanks...
1226860873 J * cga ~weechat@94.36.130.212
1226861331 J * dowdle ~dowdle@71-221-8-241.blng.qwest.net
1226861867 N * pmenier pmenier_off
1226861890 Q * pmenier_off Quit: Konversation terminated!
1226862130 M * arekm Bertl: ok, kernel running, so now what?
1226862168 M * Bertl let's enable the network debugging part, with
1226862209 M * Bertl sysctl -w vserver.debug_net=255
1226862226 M * Bertl then recreate the 'wrong' binding you had (with mrt?)
1226862247 M * Bertl record dmesg, and upload the output and strace -fF
1226862306 M * arekm hm, but I cannot reproduce binding() but wrong IPv6 is used as source when mtring instead of proper guest IPv6
1226862385 M * Bertl hmm, that's different from what we had last time
1226862404 M * arekm we had both issues last time
1226862404 M * Bertl IIRC, you showed me an explicit source ip binding to the wrong ip
1226862513 M * arekm wait, reproduced binding, too
1226862779 M * arekm crap, pastebin broke
1226862941 M * arekm dmesg: http://pastebin.ca/1257940
1226862962 M * arekm strace: http://pastebin.ca/1257941
1226862997 M * arekm 2002:594c:1b49:1:211:d8ff:feb3:200 belongs to other gues
1226862998 M * arekm t
1226863046 M * arekm :100 is correct for this test guest
1226863083 M * arekm and "default via fe80::211:22ff:fe33:4455" is default route
1226863133 M * Bertl okay, will take some time to analyze
1226863133 M * arekm + kernel uses default route with src address: src 2002:594c:1b49:1:211:d8ff:feb3:200
1226863144 M * arekm according to ip r g
1226863146 M * Bertl it might help to redo with timestamps for the strace
1226863211 J * ktwilight ~ktwilight@222.122-66-87.adsl-dyn.isp.belgacom.be
1226863275 M * arekm strace http://pastebin.ca/1257950 dmesg http://pastebin.ca/1257951
1226863632 M * Bertl tx
1226863719 M * Bertl I presume you have a different timezone inside the guest than on the host, right?
1226863735 M * arekm UTC guest, CET host
1226863740 M * Bertl okay, np
1226864166 Q * alex1234 
1226865011 Q * independence Read error: Connection reset by peer
1226865166 J * independence independen@titan.blinkenshell.org
1226866001 J * dowdle_ ~dowdle@71-221-8-241.blng.qwest.net
1226866212 Q * dowdle Ping timeout: 480 seconds
1226866415 J * ntrs__ ~ntrs@77.29.18.27
1226866536 N * dowdle_ dowdle
1226866843 Q * ntrs_ Ping timeout: 480 seconds
1226867565 J * ghislainocfs2 ~Ghislain@adsl2.aqueos.com
1226867578 P * ghislainocfs2 
1226868526 M * Hawq .
1226869188 Q * tam Ping timeout: 480 seconds
1226869274 J * Aiken ~Aiken@ppp118-208-13-1.lns1.bne1.internode.on.net
1226870072 Q * independence Quit: reboot
1226870418 Q * geb Remote host closed the connection
1226871323 Q * ntrs__ Ping timeout: 480 seconds
1226871541 Q * dna Quit: Verlassend
1226871569 Q * cga Quit: WeeChat 0.2.6
1226872698 J * ghislainocfs2 ~Ghislain@adsl2.aqueos.com
1226872767 Q * ghislainocfs2 
1226873063 J * geb ~geb@4.4.82-79.rev.gaoland.net
1226878160 Q * Aiken Quit: Leaving