1315181620 N * Bertl_zZ Bertl
1315181625 M * Bertl back now ...
1315185031 Q * fisted Quit: oh shi--
1315186790 J * vera ~user@83.246.143.86
1315187659 Q * Aiken Remote host closed the connection
1315188205 J * fisted ~fisted@xdsl-87-78-209-188.netcologne.de
1315191496 Q * clopez_ Remote host closed the connection
1315192921 Q * vera Remote host closed the connection
1315192948 J * vera ~user@tor-exit-router37-readme.formlessnetworking.net
1315195803 M * Bertl off to bed now ... have a good one everyone!
1315195808 N * Bertl Bertl_zZ
1315196354 J * sannes ~ace@cm-84.209.106.118.getinternet.no
1315197681 J * cuba33ci_ ~cuba33ci@111-240-164-242.dynamic.hinet.net
1315197698 Q * cuba33ci Read error: Connection reset by peer
1315197706 N * cuba33ci_ cuba33ci
1315202887 J * ncopa ~ncopa@3.203.202.84.customer.cdi.no
1315203341 Q * ncopa Quit: Leaving
1315203378 J * ncopa ~ncopa@3.203.202.84.customer.cdi.no
1315204181 Q * derjohn_foo Ping timeout: 480 seconds
1315204470 J * ghislain ~AQUEOS@adsl2.aqueos.com
1315205247 J * derjohn_foo ~aj@213.238.45.2
1315205750 J * thierryp ~thierry@zankai.inria.fr
1315206834 J * jeroen__ ~jeroen@imap.powerinternet.eu
1315207799 Q * vera Quit: Leaving
1315212354 N * nicholi Guest8857
1315212361 J * nicholi ~nicholi@108-89-98-36.lightspeed.irvnca.sbcglobal.net
1315212463 Q * Guest8857 Ping timeout: 480 seconds
1315212770 J * kir ~kir@swsoft-msk-nat.sw.ru
1315213334 J * harobed ~harobed@pda57-1-82-231-115-1.fbx.proxad.net
1315213546 Q * harobed 
1315214255 Q * thierryp Remote host closed the connection
1315214318 J * thierryp ~thierry@zankai.inria.fr
1315215039 Q * thierryp Remote host closed the connection
1315215103 J * thierryp ~thierry@zankai.inria.fr
1315216467 Q * fisted Ping timeout: 480 seconds
1315216505 J * fisted ~fisted@xdsl-87-78-212-63.netcologne.de
1315216840 J * clopez_ ~clopez@155.99.117.91.static.mundo-r.com
1315224394 J * Hurga nobody@dslb-088-078-044-092.pools.arcor-ip.net
1315226056 N * Bertl_zZ Bertl
1315226061 M * Bertl morning folks!
1315226092 M * Hurga Hi there Bertl.
1315230589 Q * thierryp Remote host closed the connection
1315232428 Q * hparker Ping timeout: 480 seconds
1315232568 Q * FireEgl Ping timeout: 480 seconds
1315233754 J * mooo ~moooo@1RDAAARS2.tor-irc.dnsbl.oftc.net
1315234430 J * hparker ~hparker@2001:470:1f0f:32c:beae:c5ff:fe01:b647
1315234886 Q * mooo Quit: off
1315235469 J * sweil ~stefan@p54ADB562.dip.t-dialin.net
1315238463 Q * derjohn_foo Ping timeout: 480 seconds
1315239438 J * hijacker_ ~hijacker@cable-84-43-136-96.mnet.bg
1315239668 J * bonbons ~bonbons@2001:960:7ab:0:a038:2199:51df:2add
1315241208 M * Bertl time for a nap ... bbl
1315241213 N * Bertl Bertl_zZ
1315241690 Q * kir Quit: Leaving.
1315242761 N * nicholi Guest8961
1315242767 J * nicholi ~nicholi@108-89-98-36.lightspeed.irvnca.sbcglobal.net
1315242867 Q * Guest8961 Ping timeout: 480 seconds
1315243755 Q * clopez_ Ping timeout: 480 seconds
1315244485 Q * Hurga Killed (NickServ (Too many failed password attempts.))
1315244500 J * Hurga nobody@dslb-088-078-044-092.pools.arcor-ip.net
1315244671 Q * Hurga 
1315244680 J * Hurga nobody@dslb-088-078-044-092.pools.arcor-ip.net
1315244922 Q * ncopa Quit: Leaving
1315247417 M * Hurga hmm. Can someone give me an example, what CONFIG_USER_NS is good for?
1315247674 M * daniel_hozac nothing
1315247679 M * daniel_hozac it is broken in mainline.
1315247705 M * Hurga ok thanks!
1315247716 A * Hurga switches it off and recompiles.
1315250537 N * nicholi Guest8989
1315250544 J * nicholi ~nicholi@108-89-98-36.lightspeed.irvnca.sbcglobal.net
1315250638 Q * Guest8989 Ping timeout: 480 seconds
1315250900 J * FireEgl ~FireEgl@173-16-9-169.client.mchsi.com
1315251774 N * Bertl_zZ Bertl
1315251778 M * Bertl back now ...
1315251804 M * Bertl Hurga: what kernel version are you building?
1315251910 M * Bertl I presume 2.6.38.x, yes?
1315252237 M * Hurga 2.6.39.4
1315252250 M * Bertl ah, that backport, I see
1315252268 M * Bertl any particular reason for that?
1315252478 M * Hurga Upgrading an Ubuntu machine to vserver which was running 2.6.38-11 before... I wanted to stick close to the old kernel, but also thought newer is better. 
1315252495 M * Hurga Is there any reason why I should prefer 2.6.38.x,?
1315252608 M * Bertl well, the 2.6.39 kernel is more a 3.0 kernel than a 2.6.38 one
1315252647 M * Bertl except for the fact that it isn't maintained (upstream) like 2.6.38
1315252664 M * Hurga hmm ok, good reason.
1315252672 M * Bertl (read: both, 2.6.38 and 2.6.39 are not maintained)
1315252700 M * Bertl so, if you are willing to try 2.6.39, I'd go for 3.0.x whatever the latest is
1315252745 M * daniel_hozac the problem with 3.0 is that userspace needs fixes to understand it...
1315252771 M * Bertl on the host side, you mean?
1315252809 M * daniel_hozac and guests in some cases.
1315252828 M * Bertl you can always tell the guests it's a 2.6.38 kernel :)
1315252843 M * Bertl or 2.6.40 if you prefer :)
1315252864 M * Bertl and the API wasn't broken AFAIK
1315252893 M * daniel_hozac no, but several things apparently parse uname output and 3.0 was apparently very unimaginable...
1315252909 M * Hurga Bertl: Which kernel would you recommed currently, if you want to run the server for half a year at least?
1315252926 M * Bertl with or without updating?
1315253019 M * Hurga With rebooting the machine as little as possible, 
1315253072 M * Bertl well, 2.6.32 and 2.6.35 are still long term maintained, so they might be up to the job for half a year
1315253094 M * Bertl 2.6.38.x is probably the best choice right now, but not for half a year
1315253113 M * Hurga ok, thanks.
1315253119 M * Bertl 3.0.x or later will be the best choice in half a year
1315253185 M * Bertl I haven't had any issues with host userspace so far, but maybe that's because the distro I use ships a 3.x kernel with their upcoming release
1315253246 M * Bertl I can imagine that centos (is it still updated) and similar distros have a problem with a kernel reporting 3.0
1315253262 Q * hijacker_ Quit: Leaving
1315253567 J * mef ~mef@173-15-128-90-BusName-Philadelphia.hfc.comcastbusiness.net
1315253587 M * mef hello
1315253704 M * mef Got an odd problem with trying to use TPROXY from inside a vserver.
1315253716 M * mef The test code that is failing is here: http://pastebin.com/wQAReQTY
1315253747 M * mef It is failing in bind() with
1315253750 M * mef bind(3, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("172.13.0.26")}, 16) = -1 EADDRNOTAVAIL (Cannot assign requested address)
1315253754 M * mef according to strace
1315253781 M * mef This only happens when one limits the vserver to specific IP addresses, which sort of makes sense.
1315253794 M * Bertl kernel/patch version?
1315253864 M * mef hold on
1315253867 M * mef please
1315253880 M * Bertl np, take your time :) LTNS btw :)
1315253968 M * mef http://git.planet-lab.org/?p=linux-2.6.git;a=tree;h=21e97eb90a7fd758f119c85525729d8ea456a785;hb=cea1b277201577d311ca56d236f017e1ce977cbd
1315253990 M * mef yeah been busy 
1315253999 M * mef as you know i am no longer at Princeton University.
1315254014 M * mef CoBlitz got acquired by Verivue Inc.
1315254047 M * Bertl didn't know, but now I know ... 
1315254051 M * mef ha ha
1315254102 M * Bertl okay, so we are talking about a somewhat patched 2.6.32 kernel
1315254108 M * mef Patch1: patch-2.6.32-131.0.15.el6-vs2.3.0.36.29.6.diff
1315254123 M * mef yes
1315254141 M * mef so it works when we just do 0.0.0.0/0 I guess
1315254151 M * mef which makes a whole lot of sense
1315254165 M * mef but when we limit things to specific IP addresses then it fails
1315254173 M * mef presumably there is a check somewhere
1315254184 M * mef the same python code posted to pastebin.com works from the root context
1315254195 J * derjohn_foo aj@88.128.158.88
1315254299 M * Bertl well, of course, assigning an IP or an IP subset to a guest will limit the guest to those IPs, that's the purpose
1315254312 M * mef LOL
1315254313 M * Bertl now, the question is, where does that IP come from
1315254314 M * mef Yeah.
1315254329 M * mef Oh… we are trying to use TPROXY to spoof that client IP.
1315254353 M * mef Currently using CAP_NET_BIND_SERVICE,CAP_IPC_LOCK,CAP_NET_ADMIN,CAP_NET_RAW
1315254368 M * Bertl any IPs you do not give to the guest?
1315254375 M * Bertl s/IPs/CAPS/
1315254407 M * Bertl it looks like you want to avoid the IP limitation completely, yes?
1315254409 M * mef I'm fine given this slice all CAPS or whatever is required to make this work.
1315254413 M * mef Basically
1315254436 M * Bertl so, why not give 0.0.0.0 to the guest, or do not create the network context in the first place?
1315254543 M * mef Good question.  Our network model is that the machines have a management network interface that the vserver is not supposed to be able to use/see.
1315254565 M * mef But we are ok with it spoofing packets. LOL! :)
1315254624 M * mef But as you can see with the above CAP_* exercise 
1315254632 M * mef we are basically opening things up all the way.
1315254682 M * Bertl yeah, so I'd simply drop the network context
1315254698 M * mef I'm fine with just doing 0.0.0.0/0 to begin with, but am wondering whether there is a way to get what I am after by getting past this bind() issue.
1315254707 M * mef yeah…. agreed
1315254722 M * mef I'll drop the network context for now.
1315255436 Q * sannes Remote host closed the connection
1315257773 Q * bonbons Quit: Leaving
1315258594 M * mef Bertl: thanks for you help.
1315258597 M * mef ciao
1315258602 M * Bertl cya
1315258670 Q * derjohn_foo Ping timeout: 480 seconds
1315259380 J * derjohn_foo ~aj@d170103.adsl.hansenet.de
1315259548 Q * mef Ping timeout: 480 seconds
1315260161 J * fisted_ ~fisted@xdsl-87-78-215-247.netcologne.de
1315260505 Q * fisted Ping timeout: 480 seconds
1315260570 Q * sweil Remote host closed the connection
1315261455 Q * FloodServ reticulum.oftc.net synthon.oftc.net
1315261677 T * ChanServ http://linux-vserver.org/ |stable 2.2.0.7, exp 2.3.0.36.38, grsec 2.3.0.36.28|util-vserver-0.30.216-pre2914| He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we forget about the minute.
1315261677 J * FloodServ services@services.oftc.net
1315262743 Q * ghislain Quit: Leaving.
1315263434 J * clopez_ ~clopez@238.10.117.91.dynamic.mundo-r.com