1286238390 Q * fzylogic Quit: DreamHost Web Hosting http://www.dreamhost.com
1286242964 J * imcsk8 ~ichavero@evdomip-80-222.iusacell.net
1286255426 Q * FireEgl Read error: Connection reset by peer
1286256378 J * FireEgl ~FireEgl@173-16-9-10.client.mchsi.com
1286256595 Q * FireEgl Read error: Connection reset by peer
1286257596 J * FireEgl FireEgl@Sebastian.Atlantica.CJB.Net
1286259676 Q * derjohn_foo Ping timeout: 480 seconds
1286260347 J * ghislain ~AQUEOS@adsl2.aqueos.com
1286260431 J * kir ~kir@swsoft-msk-nat.sw.ru
1286262496 J * derjohn_foo ~aj@213.238.45.2
1286263032 J * user5498 ~user5498@194.97.106.98
1286263097 M * user5498 hello, i want that the vserver could not listen onthe host interface. Should i set up a tap device? So that i can only reach the vserver from the host maschin
1286263134 Q * imcsk8 Quit: This computer has gone to sleep
1286264066 J * ghislain1 ~AQUEOS@adsl2.aqueos.com
1286264162 Q * FireEgl Remote host closed the connection
1286264310 Q * ghislain Ping timeout: 480 seconds
1286264445 M * CcxCZ how do I set timeout on vserver ... stop before guest is forcibly killed?
1286264957 J * FireEgl FireEgl@Sebastian.Tcldrop.US
1286265086 M * cehteh there is a config var for that
1286265112 M * cehteh google "great flower page" (i forgot which entry)
1286265233 M * CcxCZ /etc/vservers/vserver-name/apps/vshelper/sync-timeout maybe?
1286265256 J * petzsch ~markus@p4FF45B32.dip.t-dialin.net
1286266206 N * Bertl_zZ Bertl
1286266210 M * Bertl morning folks!
1286266230 M * hijacker morning
1286266330 M * user5498 morning bertl
1286266335 M * Bertl user5498: with the 'default' IP isolation, you cannot do that
1286266364 M * Bertl all IPs are host IPs, you can only select which of them get assigned to a guest
1286266410 M * Bertl but you can of course, block traffic from outside the host to the guest as it will use a different interface than from host to guest
1286266450 M * user5498 so there is no "simple" way to assigne a vserver tho an interface?
1286266485 M * Bertl there is no concept of 'assigning' guests to interfaces or the other way round :)
1286266501 M * Bertl you assign IPs (layer 3) to guests
1286266505 M * user5498 hmm, damn...
1286266524 M * user5498 and if i take a 127.0.0.x address?
1286266565 M * user5498 it should not be routed to the outside, or?
1286266587 M * Bertl as I said, traffic from host to guest will use a different interface anyway (i.e. lo) so you can easily check for that in iptables (regardless of the IP you assign to a guest)
1286266624 M * user5498 okay
1286266651 M * Bertl CcxCZ: the timeout is usually something like 120 seconds, you sure that your guest will take longer to shut down?
1286266661 M * user5498 interface=eth0:ip eth0 or whatever i will write will only be the name inside the guest?
1286266687 M * Bertl no, it will be the host interface util-vserver will assign the IP to
1286266709 M * Bertl i.e. the eth0 (or whatever you put there) isn't relevant for the guest at all
1286266776 M * user5498 okay, i'am a little bit confused.
1286266827 M * Bertl once again, Linux-VServer uses IP isolation, i.e. you assign a subset of host IPs to a guest, and the guest is then able to bind to those IPs
1286266883 M * Bertl natually those IPs have to exist on the host to be used inside a guest, so util-vserver provides a convenience function to setup those IPs on guest start and tear them down on guest shutdown
1286266898 M * Bertl this is what the <device> part is for
1286266943 M * user5498 okay
1286267010 M * user5498 tap simulates a ethernet device, so could i create one and assign a ip to it, to use it for the vserver?
1286267067 M * Bertl you can, but note that the guest will only use the IP, not the tap device (unless you assign it to the guest and run some software on it)
1286267106 M * user5498 ah okay... so i also can use tun :)
1286267200 M * Bertl sure, for the guest it doesn't really matter where the IP is
1286267209 M * user5498 then i should be able to use iptables SNAT to connect the Vserver to internet.
1286267239 M * Bertl that is the usual way to do it if you assign private IPs to the guest(s)
1286267270 M * user5498 thanks for your help
1286267292 M * Bertl you're welcome!
1286267305 M * user5498 have an ice day :)
1286267316 M * user5498 nice*
1286267335 Q * user5498 Quit: Verlassend
1286268026 M * CcxCZ Bertl: yes it takes pretty long (PostgreSQL DB running inside)
1286268068 J * barismetin ~barismeti@zanzibar.inria.fr
1286268079 M * Bertl okay, because usually when the timeout kicks in, it is a good sign that something inside the guest got stuck
1286268080 M * CcxCZ And I think took less than 2 minutes before it was killed, but I might be mistaken
1286268109 M * Bertl but you might smply increase the timeout to something like an hour and see if everything shuts down properly
1286268113 M * Bertl *simply
1286268329 J * ntrs ~ntrs@77.28.164.101
1286268737 J * thierryp ~thierry@zankai.inria.fr
1286273200 J * Romster ~romster@202.168.100.149.dynamic.rev.eftel.com
1286273835 Q * balbir_ Ping timeout: 480 seconds
1286275018 J * ntrs_ ~ntrs@77.28.168.17
1286275291 Q * ntrs Ping timeout: 480 seconds
1286275759 J * balbir_ ~balbir@122.172.47.71
1286276851 Q * barismetin Remote host closed the connection
1286277171 Q * balbir_ Read error: Connection reset by peer
1286278687 J * balbir_ ~balbir@122.167.171.15
1286279996 J * barismetin ~barismeti@zanzibar.inria.fr
1286282487 Q * thierryp Remote host closed the connection
1286283556 J * _ruben_ ~ruben@2.82.161.8
1286283736 M * _ruben_ is vserver.13thfloor.at down?
1286283814 M * Alteisen no, i can open it
1286283833 M * Bertl _ruben_: should be fine, any problems?
1286283844 M * _ruben_ does not open here
1286283852 M * _ruben_ strange...
1286284017 M * _ruben_ should it reply to ping echo's ?
1286284115 M * _ruben_ answering myself: yes it should ping
1286284118 M * ard are you connecting to 209.135.140.107?
1286284138 M * _ruben_ i just tried from another location and it works
1286284154 M * _ruben_ seems to be a problem with my isp
1286284177 M * _ruben_ that's the ip
1286284196 M * ard heh...
1286284202 M * ard it's only 20 hops away from here...
1286284208 M * _ruben_ $ traceroute vserver.13thfloor.at
1286284208 M * _ruben_ traceroute to vserver.13thfloor.at (209.135.140.107), 30 hops max, 60 byte packets
1286284208 M * _ruben_  1  192.168.252.1 (192.168.252.1)  5.008 ms  6.313 ms  6.925 ms
1286284208 M * _ruben_  2  192.168.1.254 (192.168.1.254)  15.322 ms  19.972 ms  20.566 ms
1286284208 M * _ruben_  3  * * *
1286284210 M * _ruben_  4  bl3-75-165.dsl.telepac.pt (213.13.75.165)  54.699 ms  55.253 ms  55.850 ms
1286284210 M * _ruben_  5  lis2-cr1-te-0-0-2-0.cprm.net (195.8.30.217)  62.335 ms  62.903 ms  63.935 ms
1286284212 M * _ruben_  6  lon1-cr1-po-10-0-0.cprm.net (195.8.0.86)  98.100 ms  72.875 ms  68.157 ms
1286284212 M * _ruben_  7  xe-7-2-0.edge3.London1.Level3.net (212.113.15.89)  71.072 ms  71.313 ms  74.465 ms
1286284214 M * _ruben_  8  ae-34-52.ebr2.London1.Level3.net (4.69.139.97)  74.827 ms  74.966 ms  75.859 ms
1286284214 M * _ruben_  9  ae-43-43.ebr1.NewYork1.Level3.net (4.69.137.74)  146.863 ms ae-44-44.ebr1.NewYork1.Level3.net (4.69.137.78)  147.216 ms ae-43-43.ebr1.NewYork1.Level3.net (4.69.137.74)  148.644 ms
1286284215 M * Bertl (please use paste.linux-vserver.org for everything longer than 3 lines) 
1286284216 M * _ruben_ 10  ae-4-4.ebr1.NewYork2.Level3.net (4.69.141.18)  150.602 ms  153.097 ms  153.240 ms
1286284216 M * _ruben_ 11  ae-1-100.ebr2.NewYork2.Level3.net (4.69.135.254)  154.551 ms  154.867 ms  156.311 ms
1286284218 M * _ruben_ 12  ae-2-2.ebr1.Chicago1.Level3.net (4.69.132.65)  169.453 ms  166.668 ms  167.122 ms
1286284218 M * _ruben_ 13  ae-1-100.ebr2.Chicago1.Level3.net (4.69.132.42)  173.726 ms  173.922 ms  174.653 ms
1286284220 M * _ruben_ 14  ae-4-4.car2.StLouis1.Level3.net (4.69.132.189)  180.758 ms  181.249 ms  181.470 ms
1286284220 M * _ruben_ 15  ae-11-11.car1.StLouis1.Level3.net (4.69.132.185)  178.685 ms  178.942 ms  181.661 ms
1286284222 M * _ruben_ 16  RIVER-CITY.car1.StLouis1.Level3.net (4.53.160.10)  182.321 ms  182.943 ms  182.675 ms
1286284222 M * _ruben_ 17  205.242.181.29 (205.242.181.29)  184.666 ms  186.406 ms  188.232 ms
1286284224 M * _ruben_ 18  r-1.core04.stl.rosehosting.com (206.196.99.250)  165.407 ms  167.103 ms  164.137 ms
1286284224 M * _ruben_ 19  * * *
1286284226 M * _ruben_ 20  * * *
1286284226 M * _ruben_ sorry for the spamming
1286284257 M * _ruben_ it stops on rosehosting core router
1286284271 M * ard weird... rosehosting is AS6428, so why should it not work for you...
1286284274 M * ard 20  vs407.rosehosting.com (209.135.140.107) [AS6428]  118.192 ms  123.853 ms  121.891 ms
1286284282 M * ard is the step after your 18
1286284322 M * _ruben_ yes, i can confirm that from the other location i tracerouted
1286284399 M * ard Heh, is your other ip also from portugal?
1286284416 M * _ruben_ yes
1286284423 M * ard I know we had to block a lot of latin language countries temporarily to survive a DDOS :-)
1286284436 M * ard (we != 13thfloot.at)
1286284470 M * _ruben_ let me check from a 3rd isp...
1286284562 Q * Romster Quit: Geeks shall inherit properties and methods of object earth.
1286284597 M * _ruben_ it worked fine
1286284636 M * _ruben_ this is a lousy adsl provider, probably
1286284650 M * _ruben_ strange nonetheless
1286284693 M * _ruben_ because it reaches the core router and stops one hop away from destination
1286284873 M * _ruben_ btw, i have a guest running a powerdns that binds to 0.0.0.0. if from another computer i send a dns query to an ip of another guest (not running dns servers) i get an answer from the ip of the powerdns guest. is this expected?
1286284933 M * _ruben_ 2.6.35.5-vs2.3.0.36.32 kernel with 0.30.216~r2772-6 utils
1286284933 M * hijacker 20  vs407.rosehosting.com (209.135.140.107)  168.072 ms  168.062 ms  168.021 ms
1286284933 M * hijacker  -works here as well
1286285136 M * _ruben_ sorry, the utils version is 0.30.216-pre2864-2+b1 (from debian backports)
1286285205 M * Bertl a service inside the guest will not be able to bind non-guest IPs unless something is broken :)
1286285240 M * _ruben_ that's what i thougth :)
1286285276 M * _ruben_ can some option in the kernel compilation cause this?
1286285329 M * Bertl not really, what does lsof -ni show inside the guest and on the host (regarding powerdns)
1286285501 M * _ruben_ inside the guest:
1286285503 M * _ruben_ pdns_serv 14853        pdns    5u  IPv4 12078252       UDP *:domain 
1286285504 M * _ruben_ pdns_serv 14853        pdns    6u  IPv4 12078253       TCP *:domain (LISTEN)
1286285522 M * _ruben_ the rest is mysql connection that i did not paste
1286285554 M * _ruben_ on the host nothing about pdns or port 53
1286285780 M * Bertl what does /proc/virtnet/<nid>/* contain for that guest?
1286285911 J * For_Us away_boy@188.247.74.42
1286285944 M * _ruben_ # cat /proc/virtnet/10002/info
1286285945 M * _ruben_ ID:	10002
1286285945 M * _ruben_ Info:	ffff88041e5af080
1286285945 M * _ruben_ Bcast:	255.255.255.255
1286285945 M * _ruben_ Lback:	127.39.18.1
1286285946 M * _ruben_ 0:	[81.92.212.24-0.0.0.0/255.255.255.128:0010]
1286285952 J * manana ~mayday090@84.17.25.149
1286285956 M * _ruben_ # cat /proc/virtnet/10002/status 
1286285956 M * _ruben_ UseCnt:	129
1286285956 M * _ruben_ Tasks:	56
1286285956 M * _ruben_ Flags:	0000000406000200
1286285956 M * _ruben_ NCaps:	0000000000000100
1286285982 M * Bertl (remember, please use paste.linux-vserver.org for everything longer than 3 lines) 
1286286047 M * Bertl and to what IP do you connect on the host?
1286286187 M * _ruben_ i'm not sure if you're asking for the host ip or something else?
1286286208 M * Bertl you said, you get connected to the guest, to which ip do you connect?
1286286252 M * _ruben_ to 81.92.212.25 for instance (running in a different guest)
1286286636 M * Bertl okay, please strace -fF that connect for me
1286286667 M * Bertl (also a tcpdump would be nice to have for port 53)
1286286842 Q * For_Us Quit: /Server irc.NiceChat.org
1286287270 M * _ruben_ strace: http://paste.linux-vserver.org/18017
1286287337 M * _ruben_ tcpdump done on the host: http://paste.linux-vserver.org/18018
1286287842 M * _ruben_ i just noticed i have CGroup Namespaces set. the wiki says it should be unset. can this be related?
1286287846 M * CcxCZ there is nice tool called wgetpaste for pasting from command line
1286287960 M * Bertl _ruben_: could you redo the tcpdump with -vvne please?
1286287962 M * _ruben_ CcxCZ: thanks for the tip. it seems it's not in debian. I used xclip
1286288186 M * _ruben_ new tcpdump: http://paste.linux-vserver.org/18019
1286288425 M * Bertl okay, could you check that the dns server is actually running inside the 10002 nid by looking at the /proc/<pid>/info (from xid=1) for that process?
1286288444 M * Bertl proc/<pid>/ninfo that is
1286288617 M * Bertl hijacker: hey, you want to test for reiserfs?
1286288640 M * Bertl (not right now, in general I mean :)
1286288659 M * petzsch thx for the 2.6.32.24 patch... make is running :-)
1286288671 M * Bertl you're welcome!
1286288805 M * _ruben_ Bertl: inside the guest NID is 10002 as expected. how can i test from xid=1?
1286288817 M * hijacker hey Bertl aye
1286288826 M * Bertl _ruben_: checking from inside the guest is fine too
1286288830 M * hijacker maybe if we have some spare minutes tomorrow morning we can do it a try ?
1286288849 M * hijacker *do = give
1286288852 M * Bertl hijacker: okay, no need to reboot there, we just need a spare reiserfs/partition to check with for now
1286288874 M * hijacker ah, well the partition is actually occupied
1286288882 M * Bertl but it would be a good idea to setup a test system (could be in a kvm or so) to test patches/fixes with
1286288897 M * hijacker alright, i will see what can be done
1286288913 M * hijacker i can setup a spare one on a different machine
1286288932 M * hijacker which will have a debian patched kernel ?
1286288941 M * hijacker Linux hanna64 2.6.32-5-vserver-amd64 ?
1286288950 M * Bertl we'll switch to the mainline/vanilla 
1286288990 M * Bertl i.e. patches will be against latest 2.6.33.x/35.x
1286289027 M * hijacker hm, that will require more time to get the kernel configured then
1286289066 M * Bertl the first step is to write a script or better extend the testfs.sh to detect that issue
1286289081 M * hijacker anyways, we can speak tomorrow about it, as I am heading home now
1286289081 M * Bertl (that can be done without any changes on your existing system)
1286289089 M * Bertl okay, so be it ...
1286289093 M * hijacker okay, great!
1286289115 M * hijacker i will get to you on this tomorrow then
1286289174 M * _ruben_ ninfo from the guest: http://paste.linux-vserver.org/18020
1286289359 Q * kir Quit: Leaving.
1286289684 J * dowdle ~dowdle@scott.coe.montana.edu
1286291156 Q * ncopa Quit: Ex-Chat
1286291271 Q * balbir_ Ping timeout: 480 seconds
1286291271 Q * manana Read error: Connection reset by peer
1286291306 Q * julius Quit: Lost terminal
1286291312 J * manana ~mayday090@84.17.25.149
1286291429 J * julius ~julius@217.20.127.15
1286291589 Q * barismetin Remote host closed the connection
1286291858 J * dna ~dna@dslb-092-078-100-157.pools.arcor-ip.net
1286292775 Q * niki Quit: Ex-Chat
1286295518 M * ard Hmmmm
1286295547 M * ard Bertl aware that the latest 2.3.0.36.32 for 2.6.35.7 also contains changes to hardware drivers?
1286295561 M * ard linux-2.6.35.7-vs2.3.0.36.32/sound/pci/hda/patch_sigmatel.c f.i. :-)
1286295574 M * pmjdebruijn accident?
1286295585 M * ard I guess so :-)
1286295596 M * ard linux-2.6.35.7-vs2.3.0.36.32/virt/kvm/kvm_main.c also contains a weird patch
1286295627 M * Bertl let me check that ...
1286295672 M * ard linux-2.6.35.7-vs2.3.0.36.32/net/sctp/output.c seems also not ok, but I am not sure about that
1286295676 A * ard is reading the diff
1286295825 Q * _Shiva_ Quit: Operator halted - Coffee not found
1286295841 M * ard linux-2.6.35.7-vs2.3.0.36.32/net/llc/af_llc.c contains an unpatch
1286295847 M * ard or reversed
1286295865 M * Bertl yeah, it is against 2.6.35
1286295872 M * Bertl give me a second to fix that up
1286295908 M * ard Are you going to fix what I am pasting, or are you going to rework the diff?
1286295989 M * Bertl I'm going to replace the patch (which is broken) in place in a minute or so :)
1286295996 M * ard cool
1286296001 M * ard Bertl is the c00lest :-)
1286296009 J * balbir_ ~balbir@122.167.171.15
1286296009 M * ard oh, and daniel_hozac  :-)
1286296038 J * bonbons ~bonbons@2001:a18:1:1402:2c0:9fff:fe2d:39d
1286296059 M * ard oh, and probably bonbons for the ipv6
1286296210 M * Bertl should be up and fine now, thanks for spotting!
1286296375 M * ard Heh... I saw "patching file virt/kvm/kvm_main.c" which caught my attention :-). I wanted to see what changes where needed to kvm :-)
1286296637 J * ntrs__ ~ntrs@77.28.162.66
1286296700 Q * petzsch Quit: Leaving.
1286296704 J * petzsch ~markus@p4FF45B32.dip.t-dialin.net
1286297062 Q * ntrs_ Ping timeout: 480 seconds
1286297185 Q * petzsch Ping timeout: 480 seconds
1286297312 M * ard Hihi, you still have autogenerated files in the diff, but that's not really a problem :-)
1286297352 M * ard you probably have an ati card in your test environment :-)
1286298000 M * Bertl that's a problem of mainline
1286298014 M * Bertl i.e. they managed to break 'make mrproper'
1286298029 M * Bertl it doesn't remove the useless stuff 'make config' generates
1286298029 M * ard ah :-)
1286298050 Q * derjohn_foo Ping timeout: 480 seconds
1286298050 M * Bertl and I haven't added all of it to my exception list yet
1286298051 M * ard it's compiling :-)
1286298690 M * ard yay! almost finished
1286298738 J * petzsch ~markus@p4FF45B32.dip.t-dialin.net
1286299391 M * ard LOL :-)
1286299431 M * ard ard@lennydev64:/usr/src/shared/kernel/d64-i7/l-2.6.35.7-vs2.3.0.36.32$ grep EXTRAVERSION ../../tar/patch-2.6.35.7-vs2.3.0.36.32.diff 
1286299431 M * ard -EXTRAVERSION = .7
1286299431 M * ard +EXTRAVERSION = .5-vs2.3.0.36.32
1286299447 M * ard I was just looking for my .7 package :-)
1286299488 M * ard wait... somethings wrong on my side
1286299551 M * Bertl no, thats the patch again :(
1286299562 M * ard :-)
1286299588 M * Bertl but it's just the extraversion
1286299602 M * Bertl so simply edit that in Makefile and rerun 'make'
1286299610 M * ard :-)
1286299624 M * ard make-kpkg :-)
1286299648 M * ard I actually forgot how to make kernels "by hand"
1286299674 M * ard well, a little bit of lying there, because for mips and arm I do the crosscompiling "by hand"
1286299689 M * Bertl updated the patch too
1286299756 J * petzsch1 ~markus@p4FF46035.dip.t-dialin.net
1286300095 Q * petzsch Ping timeout: 480 seconds
1286300332 Q * petzsch1 Quit: Leaving.
1286300922 J * imcsk8 ~ichavero@201.174.32.227
1286301772 J * petzsch ~markus@p4FF46035.dip.t-dialin.net
1286302350 Q * tokkee Ping timeout: 480 seconds
1286302889 J * Snow-Man ~sfrost@tamriel.snowman.net
1286303942 J * tokkee tokkee@osprey.tokkee.org
1286306207 J * niki ~niki@94.145.207.11
1286307294 Q * dowdle Remote host closed the connection
1286310105 Q * _ruben_ Ping timeout: 480 seconds
1286310756 Q * bonbons Quit: Leaving
1286310934 M * Bertl off to bed now ... have a good one everyone!
1286310941 N * Bertl Bertl_zZ
1286312911 Q * ghislain1 Quit: Leaving.
1286313781 J * derjohn_foo ~aj@d063090.adsl.hansenet.de
1286314136 J * dowdle ~dowdle@scott.coe.montana.edu
1286314578 Q * ntrs__ Ping timeout: 480 seconds
1286314584 Q * dna Quit: Verlassend
1286315154 Q * petzsch Quit: Leaving.
1286315488 J * petzsch ~markus@p4FF46035.dip.t-dialin.net
1286317700 J * petzsch1 ~markus@p4FF46D75.dip.t-dialin.net
1286317862 Q * petzsch Ping timeout: 480 seconds
1286319514 Q * petzsch1 Quit: Leaving.
1286319780 Q * imcsk8 Quit: Leaving