1234656415 J * pflanze ~chris__@trex.iro.umontreal.ca 1234657167 J * Slydder1 ~chuck@dslb-088-072-230-006.pools.arcor-ip.net 1234657278 J * Doomguy93 ~Doomguy93@cable-roi-fe9adc00-95.dhcp.inet.fi 1234657290 P * Doomguy93 Leaving 1234657473 Q * dna Quit: Verlassend 1234658780 J * friendly ~friendly@ppp121-44-218-114.lns10.mel4.internode.on.net 1234659014 M * Supaplex stupid static. 1234659022 A * Supaplex stabs the audio support in the guest 1234659215 M * Supaplex wow. the guest is completely locked up :( 1234659756 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1234660119 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1234662248 Q * nenolod Remote host closed the connection 1234662344 J * nenolod nenolod@petrie.dereferenced.org 1234664304 Q * Slydder1 Quit: Leaving. 1234664846 Q * hparker Remote host closed the connection 1234664860 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1234666848 J * derjohn_foo ~aj@e180202228.adsl.alicedsl.de 1234667275 Q * derjohn_mob Ping timeout: 480 seconds 1234668282 J * Cachanilla c9aa84de@webchat.mibbit.com 1234669477 Q * Aiken Remote host closed the connection 1234669741 Q * Cachanilla Quit: http://www.mibbit.com ajax IRC Client 1234670615 N * Bertl_oO Bertl 1234670664 M * Bertl derjohn_foo: either your kernel is broken or you are missing debug info (as comes with KERNEL_DEBUG_INFO) 1234670686 M * Bertl anyway, I still suggest to try without the Linux-VServer patches 1234670704 M * Bertl off to bed now ... enjoy! 1234670709 N * Bertl Bertl_zZ 1234674580 M * Supaplex guest comments of mine are for vmware. :p nm me. 1234675184 J * ghislainocfs21 ~Ghislain@adsl2.aqueos.com 1234675487 Q * ghislainocfs2 Ping timeout: 480 seconds 1234679405 Q * friendly Quit: Leaving. 1234685521 J * hijacker ~hijacker@87-126-142-51.btc-net.bg 1234687125 J * doener ~doener@i577BB589.versanet.de 1234687227 Q * doener_ Ping timeout: 480 seconds 1234687503 J * cga ~weechat@94.36.93.49 1234689318 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1234690026 J * increment power@r220-101-150-198.cpe.unwired.net.au 1234690056 M * increment can someone explain this server to me 1234690325 M * derjohn_foo increment, server? You mean what Linux-VServer is? 1234690338 M * derjohn_foo in the first step we have quite good docs in the wiki 1234690688 M * increment i mean this irc server 1234690719 M * increment seems a programmers paradise 1234690741 M * increment i cant make much sense of it 1234691304 J * Aiken ~Aiken@ppp118-208-45-4.lns3.bne1.internode.on.net 1234691458 P * increment 1234691468 M * derjohn_foo increment, freenode is ... 1234691480 M * derjohn_foo ah, he's gone. well, probably not a programmer 1234691536 M * derjohn_foo Bertl_zZ, KERNEL_DEBUG_INFO -> CONFIG_DEBUG_INFO 1234691543 M * derjohn_foo yes, that is not set here .... 1234691584 Q * hijacker Quit: Leaving 1234691676 J * JonB ~NoSuchUse@77.75.164.169 1234692215 Q * JonB Quit: This computer has gone to sleep 1234692216 M * ghislainocfs21 ping Daniel 1234692250 M * ghislainocfs21 is anyone successfully used cgroup under vserver ? 1234692541 M * ghislainocfs21 ha dam the config_cgrou_ns again 1234692563 J * Slydder1 ~chuck@dslb-088-072-230-006.pools.arcor-ip.net 1234693473 J * JonB ~NoSuchUse@77.75.164.169 1234693617 J * harobed ~harobed@arl57-1-82-231-110-14.fbx.proxad.net 1234693757 M * ghislainocfs21 yes, victory this was the NS, cgroups works now great :) 1234694357 Q * Aiken Quit: Leaving 1234694377 J * Aiken ~Aiken@ppp118-208-45-4.lns3.bne1.internode.on.net 1234694755 P * ghislainocfs21 1234696732 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1234696787 Q * Aiken Remote host closed the connection 1234696944 J * Aiken ~Aiken@ppp118-208-45-4.lns3.bne1.internode.on.net 1234697001 Q * Aiken Remote host closed the connection 1234697134 J * Aiken ~Aiken@ppp118-208-45-4.lns3.bne1.internode.on.net 1234697171 Q * Aiken 1234697288 J * Aiken ~Aiken@ppp118-208-45-4.lns3.bne1.internode.on.net 1234697347 Q * Aiken Remote host closed the connection 1234699752 J * dna ~dna@92-215-103-86.dynamic.dsl.tng.de 1234699900 N * Bertl_zZ Bertl 1234699904 M * Bertl morning folks! 1234699909 M * JonB hey Bertl 1234700216 J * ghislainocfs2 ~Ghislain@adsl2.aqueos.com 1234701377 Q * Supaplex Remote host closed the connection 1234701692 J * Supaplex ~supaplex@166.70.62.193 1234702002 Q * vasko Quit: reboot to lenny 1234702301 J * vasko ~vasko@unreal.rainside.sk 1234702781 Q * JonB Quit: This computer has gone to sleep 1234703120 J * bmlike mike@no.phear.eu 1234704421 Q * bmlike Quit: Lost terminal 1234704485 Q * Slydder1 Ping timeout: 480 seconds 1234705181 Q * PowerKe_ Ping timeout: 480 seconds 1234705713 J * JonB ~NoSuchUse@77.75.164.169 1234705721 Q * ser Ping timeout: 480 seconds 1234707212 Q * ag- Quit: Aiee, killing interrupt handler! 1234708736 N * ensc Guest138 1234708746 J * ensc ~irc-ensc@p57AA4CDD.dip.t-dialin.net 1234708851 Q * Guest138 Ping timeout: 480 seconds 1234708932 J * dna_ ~dna@92-215-103-86.dynamic.dsl.tng.de 1234709106 Q * dna Ping timeout: 480 seconds 1234709118 Q * JonB Quit: Leaving 1234709725 J * ghislainocfs21 ~Ghislain@adsl2.aqueos.com 1234709893 J * ag- ~ag@landsraad.roxor.cx 1234710030 Q * ghislainocfs2 Ping timeout: 480 seconds 1234710883 Q * ag- Remote host closed the connection 1234711064 Q * padde Remote host closed the connection 1234711084 J * padde ~padde@patrick-nagel.net 1234712464 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1234712905 Q * FireEgl Read error: Connection reset by peer 1234713581 J * Slydder1 ~chuck@dslb-088-072-230-006.pools.arcor-ip.net 1234713710 J * FireEgl FireEgl@173-16-9-10.client.mchsi.com 1234714894 Q * cga Quit: WeeChat 0.2.6 1234717021 J * pmenier ~pmenier@ACaen-152-1-75-116.w83-115.abo.wanadoo.fr 1234719417 J * saulus ~saulus@d142254.adsl.hansenet.de 1234719526 Q * saulus_ Ping timeout: 480 seconds 1234719660 J * geb ~geb@92.140.194.158 1234719721 M * geb hi 1234719924 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1234720142 Q * Slydder1 Remote host closed the connection 1234720202 J * Slydder1 ~chuck@dslb-088-072-230-006.pools.arcor-ip.net 1234721888 M * derjohn_foo Bertl, I have not kernel with debug symbols (?). That vmlinux file is about 70 MB, the stripped one was only 3 mb. what does it mean when the kernels BUGs with an address in "[< >]" ? 1234721903 M * derjohn_foo IP: [] update_curr+0xee/0x13c 1234721918 M * derjohn_foo addr2line says "/usr/src/linux-2.6.28.5/kernel/sched.c:9421" 1234722094 M * derjohn_foo Bertl, See http://paste.linux-vserver.org/12739 1234722680 J * PowerKe ~tom@94-224-78-200.access.telenet.be 1234723311 Q * balbir_ Ping timeout: 480 seconds 1234723676 J * hijacker ~hijacker@87-126-142-51.btc-net.bg 1234724499 Q * Hollow Remote host closed the connection 1234724500 J * Hollow_ ~hollow@shiva.xnull.de 1234724559 N * Hollow_ Hollow 1234725367 Q * vumoryhis Read error: Connection reset by peer 1234725537 Q * pmenier Quit: Konversation terminated! 1234725920 J * wycah ~wycah@193.43.249.169 1234725966 Q * wycah Remote host closed the connection 1234726422 J * cyqu ~cyqu@193.43.249.169 1234727869 M * pflanze Somehow my interfaces configuration isn't being respected anymore 1234727881 M * Bertl hmm? 1234727894 M * pflanze /etc/vservers/checker/interfaces/0/dev: lo 1234727894 M * pflanze /etc/vservers/checker/interfaces/0/ip: 10.1.1.1 1234727913 M * pflanze and lo / 192.168.1.1 in the interfaces/1/ subdir 1234727923 M * pflanze but ifconfig from inside the guest only shows 127.0.0.1 1234727942 M * pflanze and on the host I'm not seeing the aliases either anymore. 1234727953 M * pflanze (on 2.6.28.5-vs2.3.0.36.7 compared to vs2.2) 1234728017 M * Bertl no prefix or netmask ... 1234728037 M * Bertl and without 'name' there will be no alias either 1234728042 M * pflanze aha. 1234728053 M * Bertl so looks perfectly normal to me 1234728091 M * pflanze I did create this guest using "vserver checker build -m debootstrap --context 501 --hostname novo-checker --interface lo:10.1.1.1 -- -d lenny -m http://debian.savoirfairelinux.net/debian/ -- --arch i386", following the directions on the wiki 1234728117 M * Bertl on which wiki/page? 1234728151 M * pflanze http://linux-vserver.org/Building_Guest_Systems 1234728169 M * pflanze "Building guests using the debootstrap build method" 1234728177 M * pflanze I just replaced eth0 with lo0 1234728182 M * pflanze ehr lo 1234728197 M * pflanze ah, /24 1234728246 M * pflanze I was missing that one. (Anything to add to this command line for naming? Or is this incommon practice?) 1234728286 M * Bertl aliases are legacy stuff, but you can add 'name': before the 'dev' part 1234728347 M * pflanze k 1234728517 A * pflanze added those two details to the wiki 1234728568 M * Bertl unfortunately tour comment is wrong 1234728593 M * pflanze What's wrong? 1234728597 M * Bertl networking will work without /24 too, and /24 is just one way to do it 1234728627 M * pflanze Hm. 1234728636 M * Bertl i.e. please remove it or explain the complete interface syntax 1234728669 A * pflanze realizes that the iptables rule on his machine is "-A POSTROUTING -s 10.0.1.128/25 -d ! 10.0.1.128/25 -j MASQUERADE" 1234728671 M * pflanze doh 1234728671 M * Bertl it's like saying ifconfig eth0 192.168.0.1 netmass 255.255.255.0 up 1234728699 M * Bertl and don't forget the 255.255.255.0 on your network config, otherwise it won't work 1234728935 M * pflanze If you've got CONFIG_VSERVER_AUTO_LBACK=y and CONFIG_VSERVER_AUTO_SINGLE=y, 1234728959 M * pflanze will 127.0.0.1 be set up independently from that interface definition? 1234728989 M * pflanze i.e. having just one entry under interfaces/ with 192.168.1.1 for example will then be used as second entry? 1234729019 M * Bertl it will be used a single IP and special cased 1234729147 M * pflanze It seems guests still have access to services running in the hosts which are bound to the 127.0.0.1 address. 1234729168 M * pflanze In my old setup I did prevent that using iptables. 1234729181 M * Bertl depends on the guest config 1234729183 M * pflanze How would I do that with the AUTO_* stuff? 1234729204 M * Bertl the auto stuff just means that the kernel _assigns_ an lback address 1234729232 M * Bertl the guest flags decide about mapping and remapping 1234729238 M * pflanze hm. But it's somehow different from the normal one, right, being the same 127.0.0.1? 1234729262 M * pflanze I thought the point was making loopback interfaces in the guest safe. (Without requiring heavy iptables rules) 1234729291 M * Bertl if you read the help text to the kernel option, you will see that the ip assigned is in the format 127.x.y.1 1234729336 M * pflanze so I should probably use ip instead of ifconfig to check now. 1234729342 M * Bertl if you use the lbac mapping, all 127.a.b.c addresses will be remapped 1234729357 M * pflanze what's lbac mapping? 1234729374 M * pflanze ah AUTO_LBACK 1234729384 M * Bertl http://linux-vserver.org/Capabilities_and_Flags 1234729385 M * pflanze remapped how? 1234729389 A * pflanze reads 1234729422 M * Bertl don't confuse kernel compile time options (see help texts) with guest flags (see Capabilities and Flags) 1234729437 M * pflanze hm. 1234729441 Q * daniel_hozac Ping timeout: 480 seconds 1234729442 M * pflanze I see 1234729466 Q * opuk Ping timeout: 480 seconds 1234729468 A * pflanze doesn't see the wood for the trees though 1234729495 M * pflanze I guess I should read some entry page first 1234729519 M * pflanze "vserver news for old dummies" 1234729540 M * Bertl did you read the kernel config options' help texts? 1234729553 M * pflanze yes, but I didn't really grok the tests to the above mentioned two options; 1234729555 M * pflanze going to reread now. 1234729562 M * pflanze s/tests/texts 1234729722 M * pflanze well, the config help texts don't mention your 127.a.b.c thingie, as far i can see 1234729723 M * Bertl the guest's nflags SINGLE_IP and LBACK_REMAP/LBACK_ALLOW/HIDE_LBACK directly control the functionality, where the CONFIG options control which will be done by default 1234729773 M * pflanze so one should first read the networking section in Capabilities_and_Flags? 1234729859 J * Aiken ~Aiken@ppp118-208-45-4.lns3.bne1.internode.on.net 1234730006 J * daniel_hozac ~daniel@2002:5043:693::102 1234730039 J * opuk ~kupo@potatisbulle.com 1234730117 A * pflanze needs to go eat something; will be back later 1234730268 M * derjohn_foo Bertl, See http://paste.linux-vserver.org/12739 1234730286 M * derjohn_foo I managed to compile a kernel with debug info 1234730297 M * Bertl I saw that, but it doesn't really match up 1234730326 M * Bertl kernel/sched.c:9421 is in cpuacct_charge() here 1234730327 M * derjohn_foo well, as the 250Hz variant works pretty well, I could simply ignore it 1234730338 M * derjohn_foo ah 1234730344 M * derjohn_foo the line in question is 1234730355 M * derjohn_foo u64 *cpuusage = percpu_ptr(ca->cpuusage, task_cpu(tsk)); 1234730364 M * Bertl but the kernel itself says it is in update_curr 1234730370 M * derjohn_foo I think I didnt mark the line in the pastebin 1234730396 M * derjohn_foo it's part of * charge this task's execution time to its accounting group. 1234730420 M * derjohn_foo i can also paste the whole sched.c 1234730441 M * Bertl no, thanks, did you test without the Linux-VServer patches yet? 1234730476 M * derjohn_foo no, unfortunelately not. should I go with a complete vanilla one or with my patchset excluding vserver ? 1234730492 M * Bertl the latter and please use the very same kernle config 1234730506 M * derjohn_foo aye ! 1234732057 Q * hijacker Remote host closed the connection 1234732116 Q * opuk Ping timeout: 480 seconds 1234732141 Q * daniel_hozac Ping timeout: 480 seconds 1234732345 J * opuk ~kupo@potatisbulle.com 1234732360 J * daniel_hozac ~daniel@2002:5043:693::102 1234733692 Q * Slydder1 Remote host closed the connection 1234733731 Q * bonbons Quit: Leaving 1234733746 J * Slydder1 ~chuck@dslb-088-072-230-006.pools.arcor-ip.net 1234734326 J * ktwilight ~ktwilight@201.65-66-87.adsl-dyn.isp.belgacom.be 1234734429 M * ktwilight yay to debian lenny :) 1234734526 Q * ktwilight_ Ping timeout: 480 seconds 1234734718 M * Bertl did it become stable/outdated? 1234734740 M * ktwilight Bertl, became stable :D 1234734799 M * Bertl that means I have to suggest to use 'squeeze' from nowon :) 1234734894 M * ktwilight :) 1234737093 M * pflanze I'm back and I want to spend the time to fully understand vserver networking now. 1234737227 M * pflanze Hm, Where should I start? 1234737286 M * Bertl first, forget about the network models used by other virtualization technologies 1234737316 M * pflanze I've never used anything else than vserver for a long time, and only uml before that. 1234737324 M * Bertl then, get intimate with the Linux networking (stack and setup) 1234737347 M * pflanze I'd appreciate some schematic of that. 1234737364 M * pflanze I know ifconfig, route, and to a little extent the ip tools. 1234737366 M * Bertl i.e. how to use iproute(2), iptables, and routing setups in general 1234737373 M * pflanze And iptables quite well. 1234737382 M * pflanze Routing in general is not a problem. 1234737413 M * pflanze I don't understand where you hook in the vserver setups though; I guess main confusion comes from that ifconfig doesn't show all information, 1234737415 M * Bertl try to understand the difference between ifconfig and ip (from iproute(2)) 1234737419 M * pflanze as opposed to "ip". 1234737436 M * Bertl that's because ifconfig is like 10 years old and outdated 1234737439 M * mnemoc ifconfig is pre-netlink, ancient and obsolete, since linux... 2.3? 1234737460 M * pflanze so do you guys never use ifconfig anymore? 1234737469 M * mnemoc of course not 1234737480 M * pflanze heh 1234737485 M * Bertl it's fine to use it, but you need to know the limitations :) 1234737570 M * Bertl like: not being able to show secondaries 1234737582 M * pflanze well there's no man 2 iproute; 1234737593 A * pflanze searches apt repo 1234737623 M * Bertl the (2) is because some distros name it iproute and others iproute2 1234737632 M * pflanze ah 1234737635 M * Bertl not the man chapter, see 'man ip' for detailt 1234737639 M * Bertl *details 1234737646 M * Guy- well, such details as they are, at any rate 1234737647 M * pflanze well I've also installed iproute-doc now 1234737663 M * Bertl excellent, work your way through that 1234737690 M * Guy- but I note the documentation has improved a lot in the years since about 2002 when I last looked at it :) 1234737720 M * Guy- luckily it's often possible to get by with just the command line help 1234737764 M * pflanze So, any schematic to look at, first? 1234737793 A * pflanze checks http://lartc.org/ 1234737809 M * Bertl you can look at the packet flow diagrams (there are quite a number out there) but they are not really accurate, as the flow diagram changes quite often 1234737845 Q * Slydder1 Quit: Leaving. 1234737851 M * Bertl while the details are interesting, (and essential for handling iptables properly) they are not really relevant to understand Linux-VServer networking 1234737910 M * pflanze Well, "ip" is a different user interface to some internals than "ifconfig", and I'd appreciate some overview/schematic of what is being accessed by them. 1234737960 M * pflanze I manage to deal with iptables well enough; it's just that I'm unsure what "interface" really means, for example, etc. 1234737983 M * pflanze I mean, they are "holding" ip configurations, but also have some physical backings, sometimes, 1234737986 M * pflanze and sometimes not. 1234737993 M * Bertl http://www.policyrouting.org/iproute2-toc.html 1234738029 M * pflanze Is the "route" tool obsolete too? 1234738035 M * pflanze Just "ip" and "iptables" remaining? 1234738038 M * Bertl basically 1234738048 M * Bertl and tc, of course 1234738055 M * pflanze yes, and iwconfig 1234738070 M * Bertl that is wireless specific 1234738073 M * pflanze yes 1234738090 M * Bertl like ethtool or mii* stuff 1234738164 M * pflanze never used those, thanks for the hint 1234738218 M * mnemoc pflanze: welcome to modern linux :) 1234738253 M * Bertl now, putting the 'details' aside, Linux networking boils down to IPs and device (aka interfaces) 1234738277 M * Bertl the IPs can have different 'qualities 1234738286 M * Bertl ' and scopes 1234738331 M * Bertl mainline defined a 'primary' IP (which corresponds to what you maintain via ifconfig) 1234738347 M * pflanze k 1234738361 M * Bertl and there are secondaries and aliases (named secondaries so to say) 1234738388 M * pflanze is eth0:1 an alias? 1234738394 M * Bertl the aliases were introduced before secondaries, so they share more with primaries than secondaries 1234738394 M * pflanze or eth0:foo 1234738419 M * Bertl yep, an alias is 'marked' with ':' 1234738423 M * pflanze (or is eth0:xyz ifconfig specific notation anyway?) 1234738447 M * Bertl kind of, the alias can basically be chosen arbitrarily 1234738523 M * mnemoc what's the name of vlan's foo.? 1234738527 M * Bertl there is also the '.' notation 1234738532 M * mnemoc *g* 1234738537 M * pflanze ifconfig eth0 1.2.3.4 sets the primary ip; ifconfig eth0:1 1.2.3.5 sets an alias, though, not a primary ip right? 1234738560 M * pflanze so you can set non-primary ip's with ifconfig, too (just to be sure, your statement was a bit incorrect here)? 1234738564 M * Bertl it creates an alias 1234738584 M * pflanze (imprecise). ok 1234738606 M * pflanze so far, I'm clear. 1234738680 M * Bertl well, it is not defined per se if ifconfig will create a primary or a secondary when you create an alias :) 1234738711 M * Bertl (it depends on the netmask/prefix and the existing IPs) 1234738711 M * pflanze you mean, if eth0 wasn't configured, and you say "ifconfig eth0:foo 1.2.3.4" it will set the primary ip? 1234738731 M * Bertl no, for example (try that on your test machine/laptop) 1234738746 M * Bertl ifconfig eth0 192.168.0.1 netmask 255.255.255.0 up 1234738757 M * Bertl ifconfig eth0:0 192.168.1.1 netmask 255.255.255.0 up 1234738767 M * Bertl ifconfig eth0:1 192.168.0.2 netmask 255.255.255.0 up 1234738775 M * Bertl then do 'ip addr ls' 1234738881 M * Bertl and here is an interesting one (which is mostly unknown :) 1234738894 M * Bertl ip addr add 192.168.2.1 dev eth0 label eth0hansi 1234738947 M * Bertl (check it with ifconfig afterwards :) 1234738995 M * pflanze yeah I get it; I guess the reason for "primary" is that this is the ip taken by default for outgoing traffic? 1234739019 M * Bertl nope, it is the 'primary' IP for each network 1234739042 M * Bertl the source address chosen for outgoing traffic depends on the routing setup 1234739050 Q * dna_ Quit: Verlassend 1234739057 M * Bertl (granted the routing setup will usually follow the primary ip) 1234739078 M * pflanze hm, ifconfig did set up routing, too, right, and "ip" doesn't? 1234739091 M * pflanze (I mean, "ip" requires "route" commands to set it up) 1234739109 M * Bertl depends on what you refer to with 'routing' 1234739110 M * mnemoc `ip route` 1234739113 M * pflanze (explicit ones) 1234739147 M * pflanze In my old vserver setup, I've got two interfaces for each vserver: a "loc" and "pub" one, 1234739149 M * Bertl certain routes, network related, will be auto configured, others need to be added explicitely 1234739152 M * pflanze loc being the first, pub the second, 1234739159 M * pflanze both on "lo". 1234739190 N * ensc Guest191 1234739197 M * pflanze Now iirc the processes on the vserver guests are using the first interface's ip for outgoing traffic by default. 1234739199 J * ensc ~irc-ensc@p57AA4CDD.dip.t-dialin.net 1234739232 Q * Adrinael Read error: Connection reset by peer 1234739236 J * Adrinael adrinael@rid7.kyla.fi 1234739251 M * pflanze And I think if you use "ifconfig" for such playing around, and create loc first, then pub, it will have loc as primary ip and pub as secondary, that's where my thought came from. 1234739268 M * Bertl the first IP is used as fallback for source IP selection, if there is no other source IP available (from routing setup) 1234739270 M * pflanze Anyway, since vserver-utils won't be using ifconfig, that thinking is moot, anyway. 1234739288 M * pflanze k 1234739306 Q * Guest191 Ping timeout: 480 seconds 1234739355 M * Bertl so, as I said, once you are comfortable with Linux routing (I would suggest to do some more reading on that) 1234739372 M * pflanze (Also, ifconfig creates routing entries automatically (I *think* it is the ifconfig tool which does this) if you bring up / configure an interface) 1234739378 M * Bertl you can easily understand Linux-VServer networking, with the following information: 1234739412 M * Bertl Linux-VServer is based on IP isolation (i.e. you 'assign' a subset of the host IPs to each guest) 1234739477 M * pflanze well, how do you mean isolation, chbind [alike], or accessibility? 1234739484 M * Bertl Linux-VServer can special case single IP setups (for performance) 1234739503 M * pflanze i.e. what user processes can bind to as source, or as target? 1234739504 J * nou Chaton@causse.larzac.fr.eu.org 1234739527 M * Bertl and finally, Linux-VServer slightly changes the source IP selection (to fit the isolation) 1234739613 M * pflanze old vserver (2.2 right?) did use the chbind tool; is that gone now? 1234739632 M * pflanze or obsoleted 1234739633 M * Bertl nope, still there for compatibility 1234739644 M * pflanze ok, but obsolete? 1234739657 M * Bertl well, it is a wrapper around ncontext nowadays 1234739662 M * pflanze ok 1234739731 M * pflanze old vserver did have the hack where using 127.0.0.1 from within a vserver would be remapped to the first ip it has been assigned to 1234739758 M * pflanze is this still prevailing, or replaced with something else? 1234739789 M * Bertl this was extended to use a separate entry (lback) which can be set separately 1234739808 M * Bertl i.e. you can still make it identical to the first IP assigned 1234739825 M * Bertl (and thus get backwards compatible behaviour) 1234739846 Q * Aiken Remote host closed the connection 1234739893 M * pflanze "lback" can have several meanings: the loopback device ("lo"), and then vserver functionality around that, approximately.. 1234739927 M * Bertl yes lback is the abbreviation for 'loopback ip' 1234740086 M * pflanze I knew these rules: (a) vserver did remapping of 127.0.0.1 to the first assigned ip, (b) the kernel (upstream functionality maybe?) did remapping of 0.0.0.0 to the first assigned ip; (c) vserver-util would use chbind/whatever to do the assignment of the ips (which would show up in /proc/self/status, btw, not anymore today as it seems) 1234740129 M * pflanze (d) vserver did nothing to prevent access from one vserver to another's ip's, this had to be done using iptables. 1234740156 M * Bertl not completely right but quite close 1234740161 M * pflanze (for creating "localhost" ip's safe from 'outside' access) 1234740178 M * pflanze What was wrong already, and what's even more wrong with vs2.3? 1234740199 M * Bertl first, for a), yes, the remapping was done for 127.0.0.1, and is now done (when selected) for 127. 1234740268 M * Bertl second, the 'remapping' of 0.0.0.0 to the first (and only) IP of a guest was done implicitely before, and can now be selected explicitely too (single ip specialcasing) 1234740309 M * Bertl note, b) doesn't happen when you have more than one IP (or the single IP special casing turned off) 1234740354 M * Bertl for c) util-vserver used and still uses the kernel API to assign the IPs to a guest 1234740376 M * Bertl (they are shown in /proc/virtnet//* 1234740379 Q * cyqu Ping timeout: 480 seconds 1234740417 M * Bertl for d) Linux-VServer still doesn't do anything to block network traffic between guests or host and guests 1234740430 M * pflanze ok 1234740444 M * pflanze So, I was completely right for vs2.2 (?). 1234740459 M * Bertl not for b :) 1234740476 M * pflanze you mean, it was vserver specific? 1234740493 M * pflanze I had always 2 ips 1234740501 M * Bertl firstly that, and secondly, it depends on the single ip case 1234740516 M * pflanze I had always 2 ips and it still worked, so hu? 1234740538 M * Bertl no, there was no replacement for IP sets (for 0.0.0.0) 1234740539 M * pflanze 2 ips in my guests, that is, one the "loc" and the other the "pub" one, meaning, 1234740546 M * Bertl otherwise it would not have worked 1234740559 M * pflanze one was for localhost (the first), the other to be accessed by other vservers and ip forwarding. 1234740582 M * pflanze and it depended on the order, iirc, if I got the order wrong, it would use the wrong one for localhost, of course. 1234740602 M * pflanze ehr 1234740609 M * Bertl localhost is another misconception 1234740610 M * pflanze stop, that was 127.0.0.1 remapping 1234740632 M * pflanze but 0.0.0.0 would choose the "loc" ip too. iirc. 1234740644 M * Bertl localhost is something related to dns resolving 1234740645 M * pflanze misconception? 1234740650 M * pflanze yes sure. 1234740650 J * cyqu ~cyqu@193.43.249.169 1234740653 M * Bertl it can be _any_ ip 1234740660 M * pflanze When I say "localhost" I mean the purpose. 1234740673 M * Bertl and it was common practice to set 'localhost' to the first guest IP for 2.0 1234740675 M * mugwump well, glibc assumes it's 127.0.0.1 in the resolver code 1234740679 M * Bertl nope 1234740696 M * pflanze And/but since some services don't look up localhost in /etc/hosts, there's the 127.0.0.1 special casing right. 1234740723 M * Bertl all proper services look up localhost (via resolver) 1234740741 M * Bertl only broken software 'assumes' localhost will resolve to 127.0.0.1 1234740750 M * pflanze Some software assumes the ip directly. 1234740758 M * pflanze yep. 1234740763 M * Bertl (which means it is broken) 1234740766 M * pflanze yep. 1234740771 M * mugwump eg ntp 1234740779 M * pflanze but anyway that 127. specialcasing was nice enough. 1234740809 M * Bertl first, there was no special handling of 127.x.x.x 1234740828 M * Bertl then there was special handling of 127.0.0.1 (to make some broken software happy) 1234740844 M * Bertl lateron we extended that to 127. 1234740857 M * pflanze aha,k 1234740873 M * pflanze But is this a kernel config option now, with 2.3? 1234740899 M * mugwump http://sources.redhat.com/ml/libc-alpha/2002-10/msg00045.html # broken software including anything using glibc and certain flags to getaddrinfo(3) 1234740911 M * Bertl pflanze: no, that is selectable for each guest independantly 1234740933 M * pflanze ok, so VSERVER_AUTO_LBACK and VSERVER_AUTO_SINGLE are for different, independent things?. 1234740958 M * Bertl no, they control wether those flags will be added automatically or not 1234740964 M * pflanze aha 1234740965 M * Bertl flags/ips 1234740985 M * pflanze they just set the default if the vserver config is missing? 1234740988 M * Bertl the AUTO_LBACK will assign an IP 127.x.y.1 to each guest, where x.y is the nid 1234741013 M * Bertl and the AUTO_SINGLE will enable single IP special casing when only one IP is assigned 1234741048 M * Bertl yes, that was done for backwards compatibility and easy migration 1234741053 M * pflanze I still don't understand the single ip special casing: I've always had two ip's, so, ? 1234741067 M * Bertl (e.g. for the case when you are using debian :) 1234741119 M * pflanze What's Debian doing? 1234741121 M * Bertl on Linux, there is a special IP (0.0.0.0) which basically means, all configured IP addresses (that's implicit not explicit) 1234741136 M * pflanze hm 1234741142 M * pflanze true, for incoming connections. 1234741145 M * Bertl for the debian quesiton: it is using outdated/old packages :) 1234741162 M * pflanze I'm always compiling vserver+utils manually 1234741168 M * Bertl now, inside a guest, 0.0.0.0 is supposed to mean all IPs assigned to a guest 1234741176 M * pflanze there aren't even vserver packages in Debian anymore now, iirc 1234741214 M * pflanze for binding for listening connections, yes, that was the case already with vs2.2, right 1234741251 M * Bertl I'm trying to explain the single ip special casing to you, so better listen if you want to understand it :) 1234741283 M * pflanze I'm just dumping thoughts, ignore them :) 1234741319 M * pflanze you can read anything including my confusion and your confusion about my confusion into them. 1234741329 J * saulus_ ~saulus@d003231.adsl.hansenet.de 1234741333 M * Bertl so, on the host, the 0.0.0.0 special IP check is quite simple, something like if (addr == 0.0.0.0) return okay; 1234741355 M * Bertl for a guest, that check becomes something like: 1234741379 M * Bertl if (addr == 0.0.0.0 and ip in set) return okay 1234741404 M * pflanze what's ip? 1234741416 M * Bertl the ip trying to connect to the socket 1234741422 M * pflanze ah. 1234741436 Q * saulus Ping timeout: 480 seconds 1234741447 M * Bertl now 'ip in set' can become rather complicated, especially with many 'ips' 1234741487 M * Bertl but, if there is only a single IP in the set, then we can drastically simplify that by using that ip instead of 0.0.0.0 1234741507 M * Bertl (which eliminates the need to lookup any set/ip completely) 1234741529 M * Bertl this is (or was) a rather common case worth optimizing for 1234741565 Q * saulus_ 1234741577 M * Bertl and since 2.3, it can be enabled/disabled via a flag 1234741607 M * Bertl does that explain it for you? 1234741639 M * pflanze First I'm trying to get clear about the cases; 1234741656 M * pflanze and the berkeley networking stuff isn't as easy as one might think, in the detail, 1234741669 M * pflanze anyway, there are 3 basic cases, right: 1234741695 M * pflanze (1) process inside vserver binds to one+ ip's to listen on; 1234741721 M * pflanze (2) process inside connects to the outside world (using one of the local ip's as sender ip) 1234741737 M * pflanze (3) process outside tries to connect to a process listening inside. 1234741767 M * Bertl that is some arbitrary categorization which is not related to Linux-VServer at all 1234741779 M * pflanze hm 1234741787 M * Bertl there is no difference between inside or outside connections 1234741809 M * pflanze maybe, but between listen(2) and connect(2)? 1234741815 M * Bertl the mechanisms are quite simple 1234741826 M * Bertl you can only bind IPs assigned to the guest 1234741835 M * mugwump to the iptables stack these are distinct cases though 1234741842 M * mugwump eg, internal connections are always on lo 1234741852 M * Bertl binding to 0.0.0.0 inside a guest will bind either the IP set, or the first IP (special case) 1234741860 M * pflanze mugwump: when I say "outside world" I mean outside vserver 1234741867 M * Bertl mugwump: not related 1234741867 M * pflanze mugwump: when I say "outside world" I mean outside vserver *guest* 1234741873 M * mugwump right 1234741891 M * Bertl all 'local' connections will use the loopback interface 1234741900 M * Bertl (regardless of Linux-VServer or not) 1234741907 M * mugwump yeah. you might still be able to write a good rule for that 1234741919 M * pflanze yep, even if the ip's being used for it are defined on other interfaces, right? 1234741930 M * mugwump well it will pick the source address which is the routable one 1234741939 M * Bertl yes, that's what 'an ip is host local' means 1234741942 M * pflanze Which is one of the things which is confusing me a bit, i.e. where I would enjoy some 'wiring diagram'. 1234741954 M * pflanze but unimportant for now. 1234741981 M * Bertl there is no 'wiring' if an IP is 'local' it will be reached via the lo interface, period. 1234742007 M * pflanze yes, I mean how does this happen, 1234742019 Q * harobed Ping timeout: 480 seconds 1234742023 M * pflanze that you configure some ip on eth0 and then it uses lo. 1234742045 M * pflanze Makes sense of course but is somewhat unintuitive. 1234742078 M * Bertl is it? 1234742093 M * pflanze I mean, not necessarily unintuitive, but it's unclear how it happens and thus makes me suspicious that I'm missing something. 1234742128 M * pflanze Which might be something important on how vserver uses the "network stack"/whatever. 1234742132 M * pflanze Then maybe not.dunno. 1234742132 M * Bertl ip route ls table local 1234742147 M * pflanze yeah, I should probably first play with ip and then see. 1234742155 M * Bertl (yeag, read the documentation for more details) 1234742229 M * Bertl Linux-VServer does not change the way the network stack works, nor does it change the way routing is done 1234742243 M * pflanze Two questions right now: 1234742259 M * pflanze - still unclear why I was using two ip's per guest and the remapping magic worked 1234742261 M * Bertl it only slightly alters the source IP selection (to fit within the IP sets) and it does hide unassigned IPs 1234742278 M * Bertl what remapping magic? 1234742293 M * pflanze hm yes, that's where I came up with the 3 cases. 1234742308 M * pflanze ok so I need to step back one step.