1259107560 M * Bertl off to bed now ... have a good one everyone!
1259107564 N * Bertl Bertl_zZ
1259108658 J * scientes ~scientes@174-21-223-62.tukw.qwest.net
1259109363 M * urbee Bertl_zZ: how would i check how much RAM is the guest using then ?
1259110359 Q * dowdle Remote host closed the connection
1259113213 Q * geb Ping timeout: 480 seconds
1259114125 M * cehteh urbee: vserver-stats
1259114368 Q * AmokPaule Quit: Nettalk6 - www.ntalk.de
1259116517 Q * scientes Ping timeout: 480 seconds
1259117155 J * SubZero ~SubZero@chello089076140236.chello.pl
1259118039 Q * SubZero Read error: Connection reset by peer
1259121401 J * saulus_ ~saulus@c150048.adsl.hansenet.de
1259121679 J * Loki_muh loki@satanix.de
1259121679 Q * Loki|muh Read error: Connection reset by peer
1259121689 N * Loki_muh Loki|muh
1259121807 Q * SauLus Ping timeout: 480 seconds
1259121814 N * saulus_ SauLus
1259122046 Q * nenolod Quit: Leaving
1259122222 Q * biz Ping timeout: 480 seconds
1259122444 J * biz ~biz@node2.cluster1.pyrox.eu
1259123168 Q * Marillion Ping timeout: 480 seconds
1259123470 J * Marillion ~dirk@hetzner4.127011.net
1259126453 J * balbir ~balbir@122.172.23.236
1259128273 J * BenG ~bengreen@cpc2-aztw22-2-0-cust521.aztw.cable.virginmedia.com
1259129348 J * imcsk8 ~ichavero@189.155.130.144
1259129668 Q * balbir Ping timeout: 480 seconds
1259130312 J * balbir ~balbir@122.172.28.134
1259130958 J * hparker ~hparker@66.232.208.131
1259131689 Q * balbir Remote host closed the connection
1259132498 N * DoberMann[ZZZzzz] DoberMann[PullA]
1259132810 J * daniel_hozac ~daniel@c-6c3771d5.08-230-73746f22.cust.bredbandsbolaget.se
1259133078 Q * daniel_hozac Remote host closed the connection
1259133135 J * daniel_hozac ~daniel@c-6c3771d5.08-230-73746f22.cust.bredbandsbolaget.se
1259133166 Q * daniel_hozac Remote host closed the connection
1259133184 J * daniel_hozac ~daniel@c-6c3771d5.08-230-73746f22.cust.bredbandsbolaget.se
1259133763 Q * hparker Quit: Read error: 104 (Peer reset by connection)
1259134177 Q * derjohn_mob Ping timeout: 480 seconds
1259134490 J * scientes ~scientes@174-21-223-62.tukw.qwest.net
1259134714 M * daniel_hozac Bertl_zZ: the IPv6 stuff is not fixed... if anything, i think it's even worse now.
1259134960 J * balbir ~balbir@122.172.15.8
1259136697 J * nenolod ~nenolod@petrie.dereferenced.org
1259138019 J * friendly ~friendly@ppp118-209-197-246.lns20.mel6.internode.on.net
1259138883 J * nas ~chatzilla@opengw.lga.net.sg
1259138957 M * nas guys when i issue sudo in vserver i get setuid(0): Resource temporarily unavailable; but when i go to host server first then enter the guest server and issue sudo i don't get the error. any idea?
1259139052 M * Guy- nas: do you use grsec perhaps?
1259139081 M * nas no idea
1259139098 M * nas just suddenly
1259139207 M * Guy- nas: I mean, does your kernel contain the grsecurity patch?
1259139422 M * nas how to identify what patches are installed in the kernel?
1259139676 M * Guy- nas: does the output of 'uname -a' contain something like 'grsec'?
1259139747 M * Guy- my other guess would be that you're running the guest without the SUID(?) capability
1259139784 M * Guy- otoh... it looks like a resource limit issue
1259139809 M * Guy- you're trying to exceed the number of processes allowed to root
1259139817 M * Guy- from man 2 setuid: EAGAIN The uid does not match the current uid and uid brings process over its RLIMIT_NPROC resource limit.
1259139881 M * Guy- uh, I'm confused - maybe it's even the nproc limit of the user running sudo
1259140094 Q * FireEgl Quit: Leaving...
1259140157 J * FireEgl Proteus@2001:470:e056:1:4::9
1259141081 Q * balbir Read error: Connection reset by peer
1259141921 J * davidkarban ~david@80.250.18.198
1259142242 J * balbir ~balbir@122.166.161.5
1259142649 Q * davidkarban Quit: Ex-Chat
1259143277 M * nas ok no grcsec and guest is running suid
1259143302 M * nas so maybe it is limit exceed
1259143321 M * nas how to increase the nproc limit of the user running sudo?
1259143348 Q * nenolod Remote host closed the connection
1259143436 J * davidkarban ~david@80.250.18.198
1259143667 M * nas ulimit is unlimited
1259143680 J * AmokPaule ~amokpaule@brsg-4dbbfa40.pool.mediaWays.net
1259143722 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net
1259143764 J * kir ~kir@swsoft-msk-nat.sw.ru
1259144037 Q * puck Ping timeout: 480 seconds
1259144504 J * puck ~puck@leibniz.catalyst.net.nz
1259144854 Q * friendly Quit: Leaving.
1259146708 M * Guy- try 'ulimit -a'
1259146742 M * Guy- and look in /etc/security/limits.conf
1259146853 N * Bertl_zZ Bertl
1259146858 M * Bertl morning folks!
1259146911 M * Bertl daniel_hozac: kind of suspected that ... how did the RAID upgrade go?
1259146972 M * daniel_hozac it was... problematic. :-)
1259146982 M * daniel_hozac but it is working as it should now.
1259147001 M * Bertl hard or software raid?
1259147020 M * daniel_hozac software.
1259147046 M * Bertl care to share what the problem was?
1259147069 M * daniel_hozac the upgrade was from 500 GB to 1 TB drives.
1259147081 M * daniel_hozac and i didn't want to rebuild the array 5 times (5 drives in the array).
1259147081 J * jfs ~jfs@ip-80-236-230-142.dsl.scarlet.be
1259147108 M * daniel_hozac so i dd'd the old drives to the new ones, but had problems finding the RAID superblock so i could move it.
1259147159 M * daniel_hozac once i got the superblock moved though, it's been smooth.
1259147182 M * Bertl interesting approach ... it should be at the end, no?
1259147199 M * daniel_hozac yeah.
1259147228 M * daniel_hozac my problem was really that i repartitioned the drives before getting the superblock out of the way.
1259147263 M * daniel_hozac leaving it somewhere in the middle :)
1259147265 M * Bertl I presume creating a new raid on the new drives and just copy the contents wasn't an option?
1259147303 M * daniel_hozac two of the drives were already part of the RAID.
1259147316 M * daniel_hozac (one of the 500 failed a while back)
1259147339 M * Bertl ah, I understand ... thanks for the info
1259147345 M * urbee Bertl_zZ: how would i check how much RAM is the guest using then ?
1259147365 M * Bertl urbee: depends on your definition of 'RAM'
1259147615 M * Bertl daniel_hozac: so, regarding ipv6, what does it do now?
1259147636 Q * zbyniu Read error: Connection reset by peer
1259147657 M * daniel_hozac well, 0.0.0.0 and :: can only be bound if :: is bound first.
1259147695 M * Bertl hmm, okay, we had that state, was supposedly fixed by bonbons
1259147698 M * daniel_hozac and i have one guest that cannot bind to :: at all, it is not binding 0.0.0.0, and nothing on that host is bound to 0.0.0.0 on that port either.
1259147716 M * daniel_hozac or ::.
1259147742 M * daniel_hozac i might have ported it incorrectly, but it was really just a copy of that function from 2.6.31.
1259147779 M * Bertl okay, I guess you haven't tested with 2.6.31/2.6.32-rc yet?
1259147783 M * daniel_hozac no.
1259147790 M * daniel_hozac i will do so next.
1259147885 M * Bertl k, on a different note, ascii reported an old potential exploit working on 'vserver - exec' via tiocsti
1259147896 M * daniel_hozac hmm?
1259147927 M * Bertl stuffing characters into the terminal buffer, which get executed (as root) at return
1259147969 J * barismetin ~barismeti@zanzibar.inria.fr
1259147971 M * Bertl and I thought about fixing it in the kernel by adding a ccap blocking that ioctl
1259147979 M * daniel_hozac hmm.
1259148016 M * daniel_hozac can't we just check it for the terminal belonging to the calling context?
1259148019 M * Bertl running luit vserver - exec is a fix for existing setups
1259148021 M * urbee Bertl: u can see i'm confused here :p If i have 1gb of phsycal RAM, how do i check how much a guest is using it
1259148129 M * BenG urbee vserver-stat?
1259148134 J * sharkjaw ~gab@90.149.121.45
1259148137 M * Bertl urbee: that's quite hard to do .. first, there is some amount of kernel memory used/shared with the guest (which will reside in RAM), then there are buffers and caches (filesystem, etc) which have some unknown share with the guest, finally there is RSS, which is pages unique to the guest
1259148196 M * Bertl (or at least pages instantiated by that guest)
1259148250 M * Bertl urbee: if you want exact numbers, you need to either define how the 'sharing' should be accounted or to prevent guests from sharing at all
1259148265 J * zbyniu ~zbyniu@ip-62.181.188.13.static.crowley.pl
1259148345 M * Bertl if you define some 'metric' to account for the sharing, you still have to track each page separately, as you don't know in advance what will be shared .. further, memory on an inactive guest can vary greatly if the metric consists of accounting fractions according to the number of page users
1259148485 M * Bertl all in all, a lot of overhead to calculate something you usually do not need ...
1259148511 M * urbee but if i guarantee some user 256MB ram, and then set RSS to 256M its not the same?
1259148537 M * BenG no certainly not
1259148586 M * BenG check out the results of vserver-stat or have a look in /proc/virtual, VSZ is commonly much larger and is additional to RSS
1259148600 M * daniel_hozac no.
1259148604 M * daniel_hozac VSZ is address space.
1259148612 M * Bertl urbee: no, the user will typically get _more_ 'RAM' through sharing ...
1259148614 M * daniel_hozac it has no real relation to memory usuage.
1259148631 M * BenG crikey
1259148663 M * theocrite J'adore cette doc : http://search.cpan.org/dist/POE-Component-IRC/lib/POE/Component/IRC.pm Pour les inputs, ça va de "Important Commands" à "Not-So-Important Commands" puis "Purely Esoteric Commands" dont le summon qui a pour description "Don't even ask."
1259148667 M * theocrite Opps
1259148671 M * theocrite Sorry :(
1259149200 M * Bertl daniel_hozac: ad ioctl, I don't think that it is really useful or used nowadays, it seems to be a bsd leftover
1259149276 M * Bertl urbee: so yes, as guarantee setting the RSS is perfectly fine .. all which can happen is that the pages are potentially shared with other guests, and that the guest itself might share pages with others to its own benefit
1259149286 M * daniel_hozac okay. i looked, and i guess there's no easy way for us to check the permissions either.
1259149288 M * BenG does anyone recall the location of the page of kernel options that I need use for scheduling?
1259149339 M * Bertl scheduling happens automatically in a Linux-VServer kernel, no special options are required
1259149439 M * daniel_hozac fair scheduling perhaps :)
1259149486 M * BenG Bertl, I seem to recall you said to disable an option like this: # CONFIG_CGROUP_NS is not set
1259149496 M * daniel_hozac yes.
1259149507 M * daniel_hozac but that's not strictly for scheduling.
1259149513 M * daniel_hozac that's just for using cgroups with util-vserver.
1259149537 M * BenG oh, okay, so... does anyone recall the location of the page of kernel options that I need use for cgroups?
1259149629 M * Bertl http://linux-vserver.org/util-vserver:Cgroups
1259149686 M * BenG that doesn't give the me the kernel options for .config, I'm just check my kernel 
1259149731 M * vServer_User should /dev/shm be mounted inside a guest?
1259149753 M * Bertl daniel_hozac: this one should work: http://vserver.13thfloor.at/ExperimentalT/delta-tiocsti-feat01.diff
1259149815 M * BenG http://pastebin.org/57019 - those are my current options in any case
1259149855 M * Bertl vServer_User: depends on the guest, by default nothing is mounted there
1259149873 M * daniel_hozac Bertl: looks good.
1259149918 M * vServer_User i'm just curious about lacklustre memcache performance, and wondering if not having /dev/shm mounted is the issue
1259149944 M * Bertl does it use /dev/shm?
1259149954 M * vServer_User i know eaccelerator does
1259149960 M * vServer_User i'm not 100% sure about memcache
1259149989 M * Bertl well, should be easy to test, no?
1259150003 M * vServer_User how would one do that
1259150034 M * Bertl do a performance test with and without /dev/shm mounted?
1259150055 M * vServer_User can i mount SHM in a guest like i would in the host?
1259150069 M * vServer_User mount -t tmpfs -o size=1G,nr_inodes=3k,mode=777 tmpfs /dev/shm
1259150077 M * Bertl via the guest configs fstab, yes, it's just a tmpfs
1259150150 M * vServer_User shm           /dev/shm     tmpfs    defaults        0     0 ?
1259150180 M * daniel_hozac defaults is not equal to the options you just listed.
1259150213 M * vServer_User shm           /dev/shm     tmpfs    size=1G,nr_inodes=3k,mode=777 0 0
1259150227 M * vServer_User can i mount it inside the guest without restart?
1259150255 M * Bertl yeah, by entering the namespace (vnamespace)
1259150298 M * daniel_hozac or using vmount.
1259150305 M * vServer_User gotcha http://linux-vserver.org/Frequently_Asked_Questions#I_want_to_.28re.29mount_a_partition_in_a_running_guest_..._but_the_guest_has_no_rights_.28capability.29_to_.28re.29mount.3F
1259150306 M * daniel_hozac (which enters the namespace for you)
1259150733 M * BenG still having problems with scheduling here
1259150741 M * BenG root@0[cgroup]# vserver twotime start
1259150741 M * BenG /usr/lib/util-vserver/vserver.functions: line 1490: /dev/cgroup/twotime/cpu.shares: Permission denied
1259150777 M * Bertl kernel/patch/util-vserver version?
1259150795 M * BenG 2.6.31.6-vs2.3.0.36.24
1259150809 M * BenG 0.30.216~r2855
1259150837 M * BenG oh, it worked just then
1259150850 M * Bertl ah, that reminds me: daniel_hozac can we get a pre2856+ tarball?
1259150867 M * Bertl (so that testfs can work again :)
1259150898 M * BenG root@0[dev]# vserver threetime start
1259150898 M * BenG cat: write error: Numerical result out of range
1259150947 M * Bertl what values did you put there?
1259150968 M * BenG where?
1259150986 M * Bertl in the cpu.shares file?
1259151031 M * BenG 512
1259151188 M * BenG as recommended here: http://linux-vserver.org/util-vserver:Cgroups
1259151247 M * Bertl works fine here
1259151249 M * BenG hmmm, I've waited a bit now it starts without error
1259151296 M * Bertl waiting doesn't sounds like a proper solution :)
1259151379 Q * sharkjaw Quit: Leaving
1259151481 M * BenG ah, okay it's not the waiting, it doing it a second time that allows it to start
1259151519 M * BenG I have a mount like this:  cpuset on /dev/cgroup type cgroup (rw,cpuset)
1259151524 M * BenG is that what I want?
1259151535 J * nenolod ~nenolod@petrie.dereferenced.org
1259151649 J * geb ~geb@earth.gebura.eu.org
1259151928 Q * balbir Ping timeout: 480 seconds
1259151957 M * vServer_User i dont think the shm is being used at all :(
1259152020 M * BenG ah, okay, I see my mounting mistake, cpuset is only of the of the available subsystems, and I need more
1259152040 M * BenG how's this?   vserver on /dev/cgroup type cgroup (rw)
1259152054 M * daniel_hozac that's better.
1259152071 M * BenG root@0[dev]# vserver twotime start
1259152071 M * BenG cat: write error: Numerical result out of range
1259152084 M * BenG still getting that the first time I try to start
1259152099 M * Bertl you sure you got a number in those files?
1259152130 M * BenG root@0[dev]# cat /etc/vservers/twotime/cgroup/cpu.shares 
1259152131 M * BenG 2048
1259152160 M * BenG root@0[dev]# cat /dev/cgroup/twotime/cpu.shares 
1259152160 M * BenG 1024
1259152233 M * BenG looks like it to me
1259152321 M * daniel_hozac 2048 is too big.
1259152331 M * daniel_hozac 1024 is the maximum.
1259152358 M * BenG oh okay, it's accepted when I echo it into /dev/cgroup/twotime/cpu.shares manually
1259152372 M * BenG and it's a suggest value from the documentation
1259152381 M * daniel_hozac hmm.
1259152388 M * daniel_hozac might be how the cpuset is setup.....
1259152388 M * BenG also I get the same error from one with 512 as the value
1259152389 M * Bertl yeah, why is it too big?
1259152401 M * daniel_hozac or cgroup rather.
1259152495 M * BenG I mounted the /dev/cgroup myself, as util-vserver seemed to create files and not mount anything itself
1259152525 M * daniel_hozac the util-vserver initscript will mount it if /etc/vservers/.defaults/cgroup exists.
1259152533 M * daniel_hozac probably not on Debian.
1259152536 M * daniel_hozac but everywher else.
1259152540 M * vServer_User for shm in a guest, does the host or guest need /dev/shm mounted? 
1259152563 M * BenG bascially I've just followed http://linux-vserver.org/util-vserver:Cgroups#Draft_-_Distributing_cpu_shares_with_cgroups
1259152586 M * BenG with the addition mounting /dev/cgroups before starting anything
1259152586 J * balbir ~balbir@122.172.29.159
1259152608 M * BenG I created /etc/vservers/.defaults/cgroup as insructied
1259152611 M * BenG I created /etc/vservers/.defaults/cgroup as insructed
1259152687 M * BenG <daniel_hozac> probably not on Debian.
1259152694 M * BenG why so?
1259152713 M * daniel_hozac because Debian has its own initscript.
1259152719 M * BenG ah
1259152752 M * Bertl vServer_User: no
1259152817 M * vServer_User hmmm, i'm lost then
1259152836 M * vServer_User is it really neccessary to mount /dev/shm then?
1259152878 M * Bertl no, you can check the shm usage in /proc/virtual/<xid>/limit
1259152884 M * Bertl (among other values)
1259152886 M * vServer_User after setting shmmax on the guest, i get this error if i try to refresh sysctl
1259152886 M * vServer_User [/]$ sysctl -p
1259152887 M * vServer_User error: permission denied on key 'kernel.shmmax'
1259152912 M * BenG BIAB
1259152915 Q * BenG Quit: I Leave
1259152939 M * Bertl off for now, got some work in the basement ...
1259152945 N * Bertl Bertl_oO
1259153020 M * vServer_User in "cat /proc/virtual/42/limit", what units is SHM in?
1259153104 M * vServer_User and more importantly, how can i increase it
1259153108 J * BenG ~bengreen@cpc2-aztw22-2-0-cust521.aztw.cable.virginmedia.com
1259153363 M * BenG rebooted, results the same
1259153391 M * BenG scheduling works a treat when I set the values of cpu.shares manually
1259153472 M * BenG would like to know what's going on, is there any further action I can take?
1259153535 M * BenG 2048 and 512 definitely aren't too high by the way, they work as expected when echoed into the appropraite places
1259153553 M * daniel_hozac BenG: try curl http://people.linux-vserver.org/~dhozac/p/uv/cgroup-test.patch | patch /usr/lib*/util-vserver/vserver.functions
1259153589 J * derjohn_mob ~aj@80.85.196.112
1259153624 M * BenG same result
1259153656 M * daniel_hozac what does vserver --debug <guest> start show?
1259153708 M * BenG rather a lot, I'll paste it
1259153713 M * BenG into pastebin
1259153862 M * daniel_hozac yes, please.
1259153957 M * BenG http://pastebin.com/m53c55e46
1259154210 M * daniel_hozac what does your /dev/cgroup/cpuset.mems contain?
1259154299 M * BenG 0
1259154704 M * daniel_hozac what does grep CONFIG_NODES_SHIFT .config return?
1259154823 M * BenG no result
1259154888 M * BenG it isn't in the config at all
1259154928 M * daniel_hozac well, as a workaround, you could mount your cgroup without the cpuset.
1259154941 M * BenG okay
1259154956 M * daniel_hozac i honestly do not see how you get ERANGE, but...
1259154981 M * BenG should I have CONFIG_NODES_SHIFT set as something?
1259154988 M * daniel_hozac no.
1259154996 M * daniel_hozac not unless you have a NUMA node.
1259155028 M * BenG I've heard the term but no idea what it means
1259155048 M * daniel_hozac (e.g. a recent Intel system or an AMD system from the last couple of years)
1259155103 M * BenG it's an atom N270 I'm running on
1259155120 M * daniel_hozac so no.
1259155202 M * BenG okay, so how do I exclude cpuset from the mount
1259155402 M * BenG which sub-systems are available to a cgroup mount
1259155405 M * BenG ?
1259155427 M * daniel_hozac see /proc/cgroups
1259155525 M * BenG ah, thankyou
1259155572 M * BenG so I probably just want cpu
1259156076 M * BenG /usr/lib/util-vserver/vserver.functions: line 1491: /dev/cgroup/twotime/cpuset.cpus: Permission denied
1259156080 M * BenG is what I get now
1259156105 M * BenG I guess I should remove the cpuset files from my /etc/vservers/
1259156340 M * BenG daniel_hozac, is the cpuset value that's appears to be causeing the ERANGE isn't it
1259156448 M * daniel_hozac yes.
1259156459 M * daniel_hozac i seriously don't understand how you get it.
1259156462 M * daniel_hozac but somehow, you do.
1259156491 M * BenG well the value I'm trying to put in is 1, whereas 0 is the value currently there
1259156504 M * daniel_hozac why are you trying to put 1 there?
1259156508 M * BenG I added the value 1 as the docs told me to do that
1259156518 M * daniel_hozac well, that's been your problem all along.
1259156535 M * daniel_hozac you can't restrict your guest to a non-existant memory node.
1259156600 M * BenG I'm only just starting to understand all this, and was following the documentation
1259156625 M * BenG sorry about that
1259157506 M * BenG right then, I'll figure out how to best balance loads on my HT processor and document it on the wiki
1259157983 Q * Piet Ping timeout: 480 seconds
1259158476 J * Dinde ~dinde@with.love.from.ilovedrumnbass.com
1259158483 M * Dinde Hello
1259158559 J * Piet ~Piet__@04ZAACJID.tor-irc.dnsbl.oftc.net
1259158564 M * Dinde I'm trying to figure out wich BCAP I should enable to get pyzor working on a vserver. It actualy does a socket.error: (1, 'Operation not permitted'). I tried severals CAP as NE_RAW NET_ADMIN SYS_RESOURCE SSYS_ADMIN
1259158584 M * Dinde Any hints are welcome :)
1259158671 M * daniel_hozac what kind of socket is it?
1259158680 M * daniel_hozac do you have an strace?
1259158712 M * Dinde Hi daniel_hozac, it's a python script actualy hanging this socket creation
1259158766 M * Dinde It's trying to ping a server (pyzor ping)
1259158871 M * Dinde BTW I'm running 2.6.31-vs2.3.0.36.23 & (util) 0.30.216-pre2855
1259158879 M * daniel_hozac NET_RAW should take care of that.
1259158890 M * daniel_hozac but that's a scary capability to give to a guest.
1259158902 M * Dinde indeed
1259158905 M * daniel_hozac you might want to investigate whether you can make it do a UDP ping instead.
1259158938 M * sid3windr udp ping :/
1259158968 M * daniel_hozac ICMP works too, of course, but that requires that you run it as root or setuid.
1259158981 M * daniel_hozac (the latter being problematic with a script)
1259159018 M * Dinde Well even I supplied NET_RAW
1259159026 M * Dinde Operation not permitted
1259159034 M * Dinde (I restarted of course the vserver)
1259159101 M * Dinde and I ran this command with root account
1259159260 M * Dinde Let's investigate on pyzor
1259159263 M * daniel_hozac so, get an strace.
1259159268 M * Dinde Thanks for answering anyway daniel_hozac 
1259159378 Q * balbir Ping timeout: 480 seconds
1259159993 J * balbir ~balbir@122.172.160.254
1259160292 M * Dinde http://pastebin.ca/1686854
1259160308 M * Dinde I trimmed the beginning of the strace
1259160498 Q * BenG Quit: I Leave
1259160652 Q * scientes Ping timeout: 480 seconds
1259162983 Q * Piet Remote host closed the connection
1259163062 J * Piet ~Piet__@04ZAACJJT.tor-irc.dnsbl.oftc.net
1259163673 M * Dinde ok I found the problem EPERM, didn't knew that forward rules doesn't apply to vserver on iptables even if forward is set to accept.
1259164204 Q * imcsk8 Quit: This computer has gone to sleep
1259164997 J * BenG ~bengreen@cpc2-aztw22-2-0-cust521.aztw.cable.virginmedia.com
1259165684 J * dowdle ~dowdle@scott.coe.montana.edu
1259165969 Q * BenG Quit: I Leave
1259166071 Q * kir Quit: Leaving.
1259167130 J * SubZero ~SubZero@chello089076140236.chello.pl
1259167142 Q * davidkarban Quit: Ex-Chat
1259168430 Q * Piet Remote host closed the connection
1259168472 J * BenG ~bengreen@cpc2-aztw22-2-0-cust521.aztw.cable.virginmedia.com
1259168506 J * Piet ~Piet__@04ZAACJLM.tor-irc.dnsbl.oftc.net
1259169342 Q * BenG Quit: I Leave
1259169698 Q * derjohn_mob Ping timeout: 480 seconds
1259169856 Q * SubZero 
1259169956 Q * barismetin Quit: Leaving...
1259170112 N * Bertl_oO Bertl
1259170145 M * Bertl Dinde: there is no 'forwarding' between host and guests or between guests
1259170174 M * Bertl Linux-VServer uses IP isolation not virtual network stacks
1259170912 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1259170959 M * Bertl hey bonbons, daniel_hozac has some troubles with a backported version of the ipv6 fix, maybe you could take a look at it?
1259171055 M * bonbons Bertl, do you have a pointer to the backport?
1259171061 M * Bertl yeah, sec
1259171087 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/k/delta-27-ipv6-fix01b.diff
1259171097 M * Bertl there you go :)
1259171121 M * bonbons what was specifically needed for the backport? as far as I know/remember the bigger changes happened after 2.6.27 ...
1259171132 M * Bertl what I wonder now is, does 2.6.27 need that?
1259171151 M * Bertl yeah, I remember that was around 2.6.29/2.6.30, wasn't it?
1259171166 M * bonbons yeah, that's what my memory tells me
1259171204 M * bonbons 2.6.27 and 2.6.28 did work for a long time, so I'm wondering what changes are needed
1259171243 M * Bertl daniel_hozac: so, did you have issues with 2.6.27.x as it was or was that precautionary patching?
1259171276 M * daniel_hozac i've had issues with 2.6.27 in the past as well.
1259171288 M * bonbons all I can think of is something related to mapped addresses
1259171304 M * daniel_hozac that was just the :: vs. 0.0.0.0 problem though.
1259171327 M * daniel_hozac the backport not only didn't take care of it, it also gave me new ones :-)
1259171515 M * bonbons ok, what are the new issues that did show up?
1259171703 M * daniel_hozac one of my guests can't bind to ::, even though nothing else should be blocking that.
1259171720 M * daniel_hozac (sendmail)
1259171739 M * daniel_hozac some other guests have a mailer running on 127.0.0.1, as does the host, but that's it.
1259171746 M * urbee Non vserver related question: i'd like to deny a whole bunch of IP ranges (whole hungary if i'm exact) with iptables, how would that be possible? I've got the ips in a text file, i dont wanna block ip by ip, but all at once :)
1259171751 M * daniel_hozac binding to 0.0.0.0 is fine.
1259171810 M * Bertl urbee: write a program which figures a balanced btree of accept/deny ranges :)
1259171916 M * pmjdebruijn urbee: it's called a nullroute on your router :)
1259172054 M * bonbons daniel_hozac: ok, I will have a look, though I can't promise a time-frame
1259172141 J * er ~sapanbhat@aegis.CS.Princeton.EDU
1259172153 M * er hello folks
1259172157 M * Bertl hey er!
1259172180 M * er hey Bertl, you're just the person I was looking for :)
1259172223 M * Bertl \o/
1259172234 M * daniel_hozac bonbons: it's okay, i'll take a look too.
1259172238 M * daniel_hozac i haven't had time yet either
1259172250 M * er do you have a couple of minutes? this is about the PlanetLab kernel that you produced a few months ago.
1259172263 M * Dinde Yes Bertl got it :)
1259172268 M * Dinde Thanks guys :)
1259172270 M * Bertl daniel_hozac: would still be good we got a testnet.sh running
1259172274 M * er We're looking to deploy it sometime soon, and have run into an issue.
1259172276 M * Dinde Everything is working now :)
1259172296 M * Bertl Dinde: excellent!
1259172307 M * Bertl er: you mean the kernel we did half a year ago?
1259172311 M * Dinde <3 vserver :)
1259172342 M * er Bertl: yes :-/ We still haven't deployed it.
1259172361 J * ghislain ~AQUEOS@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr
1259172368 M * Bertl k, what's the issue?
1259172396 M * daniel_hozac Bertl: yeah, that's how i'll take a look at it.
1259172396 M * daniel_hozac heh.
1259172412 M * er so the issue is with packet tagging. We have this line in __alloc_skb:
1259172422 M * er +   if (!in_interrupt()) skb->skb_tag = nx_current_nid(); else skb->skb_tag = 0;
1259172450 M * er skb_tag is used later by various netfilter hooks to implement PlanetLab's node-level packet accounting
1259172457 M * Bertl daniel_hozac: even better, let me know when you have something or need something, once we have that test suite, it should be easy to handle the ipv6 stuff in a structured way
1259172488 M * Bertl daniel_hozac: I also updated the ntt somewhat, will finish it and upload later tonight
1259172489 M * er what's happening is that skb_tag is being set to 0 for certain packets sent by slices, and debugging this a bit shows that nx_current_nid() == 0 in slice context.
1259172518 M * ghislain bert: hello :) i got a silly question, is any tmpfs system created on a guest on the guest fstab count in the meemory limit of the guest ? 
1259172519 M * er i.e., when in_interrupt is false.
1259172531 M * daniel_hozac ghislain: no.
1259172570 M * Bertl er: so your skbs are allocated out of context?
1259172608 M * Bertl er: to be precise, outside a network context, but inside a process context?
1259172718 M * er Bertl: I'm not that familiar with the semantics of network/process contexts in vserver, but the __alloc_skb definitely happens in process context.
1259172747 M * Bertl do you have a debug setup where you can trigger this behaviour?
1259172750 M * daniel_hozac what he means is, whether vx_current_xid() == 0 as well.
1259172755 Q * ensc|w Remote host closed the connection
1259172761 M * daniel_hozac (which it was)
1259172785 J * er_ ~sapanbhat@aegis.CS.Princeton.EDU
1259172820 M * er_ whoops, got disconnected.
1259172839 M * Bertl glitch in the matrix? :)
1259172865 M * er_ a glitch in the matrix would make your cat speak with you with my voice :)
1259172873 M * ghislain daniel_hozac: thanks :)
1259172874 M * er_ no, this was a simple network issue.
1259172917 M * Bertl ghislain: there was the idea to add that as option some time ago, but IIRC, nobody wanted to test it
1259172966 M * ghislain bertl: seems i have silly idea no ? :) 
1259172976 M * er_ daniel_hozac said that in certain cases the xid/nid get elevated to 0
1259172986 M * ghislain bertl: i can test it but this si in semi production mode
1259172994 M * ghislain bertl: read i  have a customer on it
1259173010 M * er_ is there a way to figure out the actual nid/xid in context?
1259173013 M * Bertl er: so both, xid and nid are zero at the same time or nonzero, right?
1259173021 M * er_ right, both are zero.
1259173044 M * Bertl yeah, the current_xid/nid does that
1259173069 M * Bertl some sockets get allocated out of context, specifically when the kernel allocates them
1259173122 M * Bertl the question is, do we have sockets created from inside a guest which do not get tagged (nid wise)?
1259173212 Q * er Ping timeout: 480 seconds
1259173212 N * er_ er
1259173242 M * er hm, we're not currently using the socket tag. that's because when skbs are allocated, the socket is not in context.
1259173272 M * Bertl do we know what kind of sockets those are? do we have a test setup to trigger the issue?
1259173283 M * er one example is an ICMP socket.
1259173290 M * er the funny thing is, when you signed off on this kernel
1259173317 M * er all this worked, i.e., the kernel passed tests involving pings, traceroutes, tcp syn scans etc.
1259173330 M * Bertl so what changed?
1259173368 M * er i'm not sure :) we upgraded a few minor versions and a few vserver patches I think, I'll have to check.
1259173458 M * er so if I gather right, there's no easy answer to the question?
1259173473 M * er there's no current->actual_not_effective_vxinfo
1259173488 M * er so that I can get that->nid?
1259173521 M * er er xid.
1259173591 J * malveo ~malveo@79.143.115.144
1259173703 M * Bertl current->xid and current->nid will _always_ contain the current xid/nid
1259173810 M * daniel_hozac whether that's the process's xid/nid is a different matter though :)
1259173976 M * er right :(
1259174063 M * er the hack I can think of at the moment to solve this is to add 2 words to current that holds the actual, not effective nid/xid
1259174114 M * Bertl daniel_hozac: it is _always_ the process nid/xid :)
1259174138 M * Bertl the question is more, if the socket is always allocated _from_ a process in that context
1259174151 M * er Bertl: which other process could be in context?
1259174173 M * Bertl not in context .. there are several options
1259174173 M * daniel_hozac Bertl: enter_vx_admin will change that.
1259174174 M * er definitely not softirqd because in_interrupt() is false.
1259174197 M * daniel_hozac so it's not true for xid.
1259174201 M * daniel_hozac but it is for nid.
1259174243 M * Bertl yeah, that is why I was asking for xid and nid change
1259174260 M * er i tried both, and here, both are set to zero.
1259174278 M * er could it be for some reason that the nid is not properly set up, that it's not getting set to the slice xid?
1259174289 M * Bertl again, do you have a test setup to trigger that?
1259174298 M * er Bertl: yes. 
1259174321 M * Bertl good, then put a WARN_ON() exactly where you checked that
1259174340 M * Bertl let's get a stack trace when xid/nid is zero where it shouldn't be
1259174364 M * er Bertl: ok. doing that now.
1259174954 Q * er Remote host closed the connection
1259174969 J * er ~sapanbhat@aegis.CS.Princeton.EDU
1259175031 J * barismetin ~barismeti@jua06-1-82-242-159-114.fbx.proxad.net
1259175168 J * BenG ~bengreen@cpc2-aztw22-2-0-cust521.aztw.cable.virginmedia.com
1259175802 M * Bertl er: btw, you are aware that skbs are copied, and cached to some extend .. i.e. it doesn't make much sense to 'tag' them when they are allocated?
1259175852 M * er Bertl: our implementation has covered for those semantics so far.
1259175857 Q * gnuk Quit: NoFeature
1259175870 M * er so we copy the tag when an skb is copied/cloned
1259175876 M * er and we take special care for the caching semantics.
1259175897 M * er FYI - you implemented the original version of the skb tagging in __alloc_skb :)
1259175967 J * ensc|w ~ensc@www.sigma-chemnitz.de
1259176039 M * er from then on, I followed your example. anyhow, this is what I've put in that fragment. let's see what happens:
1259176042 M * er if (current->comm[0]=='p' && current->comm[1]=='i' && current->comm[2]=='n' && current->comm[3]=='g') {        WARN_ON(nx_current_nid() == 0);
1259176042 M * er     }
1259176551 M * Bertl okay, looks promising
1259176674 J * kir ~kir@swsoft-msk-nat.sw.ru
1259176738 Q * ensc|w Remote host closed the connection
1259176967 J * derjohn_mob ~aj@tmo-108-178.customers.d1-online.com
1259177205 M * er hm. nothing appears, so maybe current <> ping :-/
1259177320 M * er but doing it from root context produced the right result.
1259177409 M * er http://pastebin.com/m68e6bf84
1259177444 M * Bertl well, that is expected, right?
1259177474 M * er yes.
1259177499 M * er OK, I didn't check the assumption that nid is actually 0. doing that now.
1259178318 M * er it is not 0. the nid is being set, but the xid is not. 
1259178324 Q * BenG Quit: I Leave
1259178327 M * er problem solved.
1259178415 J * ensc|w ~ensc@www.sigma-chemnitz.de
1259178441 M * Bertl okay, so everything is fine?
1259178571 M * er yes. thanks a *ton* for helping out, as always. 
1259178575 M * er (also daniel_hozac)
1259178579 M * Bertl you're welcome!
1259179009 Q * barismetin Quit: Leaving...
1259180882 Q * eyck Ping timeout: 480 seconds
1259182393 Q * dowdle Remote host closed the connection
1259182520 J * dowdle ~dowdle@scott.coe.montana.edu
1259184347 Q * bonbons Quit: Leaving
1259184673 Q * nenolod Ping timeout: 480 seconds
1259184744 J * uva_ bno@118-168-237-67.dynamic.hinet.net
1259184752 Q * uva Read error: Connection reset by peer
1259184916 Q * snooze Ping timeout: 480 seconds
1259184976 Q * geb Ping timeout: 480 seconds
1259185328 M * Bertl daniel_hozac: okay, I uploaded the latest version of ntt (v0.02), still not complete, but should do for basic stuff
1259185564 M * daniel_hozac okay.
1259185682 J * geb ~geb@250.4.82-79.rev.gaoland.net
1259185844 M * er think I might have found the issue...
1259185848 M * er     skb->mark = sk->sk_mark;
1259185864 J * nenolod ~nenolod@petrie.dereferenced.org
1259185868 M * er happens just after a socket is allocated.
1259185880 M * er er... an skbuff is allocated.
1259185909 M * Bertl or better, before an skbuf is used
1259185984 M * er right, this wasn't there in 2.6.22
1259186015 M * er and probably not in the kernel that you signed off...
1259186120 M * er so I guess I'll port the tagging code to tag sockets as well.
1259186153 M * Bertl shouldn't you have that with the nid already?
1259186242 M * er right, it would amount to the same thing -> if (!in_interrupt) { alloced_sk->sk_mark = nx_current_nid(); }
1259186499 J * snooze ~o@1-1-4-40a.gkp.gbg.bostream.se
1259187081 J * imcsk8 ~ichavero@148.229.1.11
1259187830 M * er yay! it's working, it passes the test suite again.
1259188185 J * blues ~blues@acvy174.neoplus.adsl.tpnet.pl
1259188307 Q * blues_ Ping timeout: 480 seconds
1259188688 M * Bertl excellent!
1259188727 M * Bertl now go and update the kernel :)
1259188750 Q * blues Quit: Reconnecting
1259188751 J * blues ~blues@acvy174.neoplus.adsl.tpnet.pl
1259188921 Q * er Quit: er
1259188993 J * eyck ~eyck@77.79.198.68
1259190062 M * Bertl hey eyck! how's going?
1259190206 M * micah hm I have a guest that refuses to stop
1259190226 M * micah "Asking all remaining processes to terminate..." which cannot be interrupted
1259190240 M * daniel_hozac and what's left in the guest?
1259190240 M * Bertl anything in dmesg?
1259190252 Q * derjohn_mob Ping timeout: 480 seconds
1259190254 M * micah on the host?
1259190259 M * daniel_hozac yes.
1259190268 M * micah no
1259190567 M * Bertl then it shouldn't be that bad ...
1259190583 M * Bertl i.e. just something waiting on nfs/networking or disk I/O
1259190683 Q * FloodServ synthon.oftc.net services.oftc.net
1259190912 Q * jfs Quit: Quitte
1259190947 Q * geb Ping timeout: 480 seconds
1259190957 J * geb ~geb@earth.gebura.eu.org
1259192110 J * derjohn_mob ~aj@c189166.adsl.hansenet.de
1259192177 N * DoberMann[PullA] DoberMann[ZZZzzz]
1259192348 M * vServer_User bertl, can i probe you about shared memory in guests
1259192375 M * vServer_User im sure thats my bottleneck, but i dont think i have shm set up correctly
1259192738 M * micah Bertl: there is no disk i/o on that server, all other guests are down and no NFS. 
1259192750 M * micah it seems the vps doesn't work any longer either
1259192892 J * FloodServ services@services.oftc.net
1259193035 M * daniel_hozac what kernel?
1259193176 J * ghislain1 ~AQUEOS@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr
1259193276 M * Bertl vServer_User: there is nothing special about shared memory in guests
1259193299 M * micah daniel_hozac: was using the debian 2.6.18 kernel, it was happening there. tried updating to the 2.6.26 debian kernel which did not solve the problem (and yes, I know of the problems with that kernel)
1259193347 M * Bertl vServer_User: you can set sysctl values via the guest config (if required)
1259193376 M * Bertl micah: well, with those kernels it is kind-of expected :)
1259193412 M * Bertl switch to the 2.6.31/32-rc kernels you folks are working on
1259193433 M * micah Bertl: dunno, i thought the 2.6.18 kernel worked really well and I have created and destroyed a good 200+ guests with these kernels without this problem
1259193449 M * micah so there must be something unique about this one
1259193452 Q * ghislain Ping timeout: 480 seconds
1259193472 M * Bertl okay, upload the guest and config as tar, I'll have a look
1259193498 M * micah I can try the newer kernel to see if it happens there too
1259193512 M * micah but I am hesitant to use that kernel yet