1315801685 J * sannes ~ace@cm-84.209.106.118.getinternet.no
1315801705 Q * fisted Read error: Connection reset by peer
1315802429 J * fisted ~fisted@xdsl-87-78-218-128.netcologne.de
1315802843 M * Bertl_oO off to bed now ... have a good one everyone!
1315802847 N * Bertl_oO Bertl_zZ
1315802922 J * derjohn_mob aj@88.128.177.176
1315807936 J * ncopa ~ncopa@3.203.202.84.customer.cdi.no
1315809240 Q * derjohn_mob Ping timeout: 480 seconds
1315809806 J * derjohn_mob aj@80.187.238.115
1315811125 Q * derjohn_mob Ping timeout: 480 seconds
1315818952 Q * areq__ Ping timeout: 480 seconds
1315822749 J * BenG ~bengreen@cpc12-aztw24-2-0-cust146.aztw.cable.virginmedia.com
1315823350 J * areq ~areq@q.areq.eu.org
1315825122 J * derjohn_mob ~aj@213.238.45.2
1315827387 Q * BenG Quit: I Leave
1315829032 Q * Aiken Remote host closed the connection
1315831758 N * Bertl_zZ Bertl
1315831763 M * Bertl morning folks!
1315831787 M * hijacker afternoon
1315834463 Q * mcp Ping timeout: 480 seconds
1315834843 J * mcp ~mcp@wolk-project.de
1315838625 J * dowdle ~dowdle@scott.coe.montana.edu
1315840411 Q * fisted Read error: Connection reset by peer
1315840922 J * fisted ~fisted@xdsl-87-78-218-128.netcologne.de
1315841016 Q * mcp Remote host closed the connection
1315841619 J * mcp ~mcp@wolk-project.de
1315843292 Q * derjohn_mob Ping timeout: 480 seconds
1315843519 M * Bertl time for a nap ... bbl
1315843534 N * Bertl Bertl_zZ
1315846054 Q * nicholi Remote host closed the connection
1315846285 J * bonbons ~bonbons@2001:960:7ab:0:4844:2a1:8920:6e3b
1315847810 J * nicholi ~nicholi@rrcs-76-79-196-34.west.biz.rr.com
1315848463 Q * fisted Read error: Connection reset by peer
1315849200 J * fisted ~fisted@xdsl-87-78-216-133.netcologne.de
1315852106 N * Bertl_zZ Bertl
1315852109 M * Bertl back now ...
1315854956 M * Guy- Bertl: hi, I'm also hitting the "no such device" route cache problem ser had reported earlier
1315854970 M * Guy- Bertl: would disabling ipv6 mask it?
1315854977 M * daniel_hozac hmm?
1315855006 M * Bertl what kernel/patch is that?
1315855048 M * Guy- Bertl: 3.0.4-vs2.3.1-pre10.1
1315855108 M * Bertl okay, can you describe your setup (specifically the network setup) to us?
1315855149 M * Guy- yes
1315855168 M * Guy- I have one physical ethernet interface
1315855177 M * Guy- it has three VLANs
1315855197 M * Bertl okay, each of them has its own network I presume?
1315855211 M * Guy- yes
1315855212 M * Bertl i.e. address range, and we are talking ipv4 here, yes?
1315855233 M * Guy- yes and yes
1315855240 M * Bertl good, please continue
1315855275 M * Guy- I also have a dummy0 interface, and vserver guests get their IPs set up on that one
1315855282 M * Bertl ah, there we go
1315855315 M * Bertl daniel_hozac: for your information, I concluded from ser's setup that it is because the IPs are on different interfaces than they use for traffic
1315855330 M * daniel_hozac ah
1315855342 M * daniel_hozac what's the problem exactly?
1315855344 M * Bertl daniel_hozac: and some newly introduced device check blocks the traffic, unless it comes from the cache
1315855369 M * Guy- so occasionally guests fail to connect to remote IPs, getting 'No such device' errors
1315855393 M * Bertl now, the cache issue/feature will go away as well, because I plan to make the routing cache nid aware
1315855409 M * Bertl (which is rather easy nowadays)
1315855436 M * Guy- OK, so the long and short of it is that I'm not supposed to give the guests IPs on the dummy interface but should instead use one of the VLAN interfaces?
1315855451 M * Bertl Guy-: for me, the question is, do you see the same effect if you drop the dummy interface and use the actual interface?
1315855468 M * Bertl i.e. the one which will be used anyway 
1315855521 M * Guy- what I don't understand is: if I give a guest an IP on interface A, will it not be able to talk out through interface B?
1315855544 M * Bertl yes, it will, but it won't see interface B 
1315855560 M * Bertl so any checks for 'does interface B exist' will fail
1315855567 M * Guy- OK, that's fine
1315855575 M * Guy- but how is that different from the current setup then?
1315855586 M * Bertl currently the guest sees dummy0, no?
1315855601 M * Guy- yes, but no routes point towards dummy0
1315855609 M * Guy- it's supposed to talk out over a different interface
1315855612 M * Bertl but there will be no traffic going over dummy0, instead it will use one of your vlan interfaces
1315855616 M * Guy- yes
1315855642 M * Bertl so, as soon as the kernel or userspace checks "does the outgoing interface exist?" the answer will be "no"
1315855661 M * Guy- if instead of dummy0 I assign it an IP on vlan1, how is that different when the guest tries to talk out over vlan2?
1315855674 M * Bertl same problem
1315855681 M * Guy- exactly
1315855688 M * Bertl but if you assign the IP to vlan2, it will not exist
1315855699 M * Guy- the IP or vlan2?
1315855719 M * Bertl if you assign the IP which communicates over vlan2 to vlan2
1315855732 J * hparker ~hparker@2001:470:1f0f:32c:beae:c5ff:fe01:b647
1315855769 M * Bertl can you give us a specific guest config which causes your problems?
1315855780 M * Guy- yes, hang on
1315855798 M * Bertl feel free to anonymize the IPs if they are public ones
1315855819 M * Guy- I have a guest called autobuild32 which has 172.18.0.81/32 on dummy0
1315855841 M * Bertl /32 sounds wrong, but please go on
1315855918 M * Guy- I have eth0.1 which has 172.18.1.180/16
1315855947 M * Bertl okay, so why not make that 172.18.0.81/16 and put it on eth0.1 then?
1315855948 M * Guy- the default route points out through this
1315855962 M * Guy- I can do that
1315855972 M * Bertl imho that should fix your issues
1315855995 M * Guy- not all, because the host also has 172.21.8.1/16 on eth0.2
1315856010 M * Guy- and this guest has clients that access it from 172.21.0.0/16
1315856026 M * Bertl with the 172.18.0.81 IP?
1315856029 M * Guy- yes
1315856045 M * Bertl well, that should be translated/routed then, no?
1315856050 M * Guy- the clients have a static route towars 172.18.0.0/24 via 172.21.8.1
1315856078 J * derjohn_mob ~aj@d162196.adsl.hansenet.de
1315856119 M * Guy- I understand that there would be several workarounds possible (like NAT, or giving the guest an IP from 172.21.0.0/16 as well)
1315856125 M * Marillion Hi, how anybody what ist wrong, or which part i must enable/disable it - http://paste.debian.net/129624/
1315856141 M * Bertl Guy-: did you try if the issue persists in the suggested setup?
1315856162 M * Bertl s/try/check/
1315856181 M * Guy- Bertl: not yet - I'm just trying to understand what you say, i.e. what to expect :)
1315856217 M * Guy- Bertl: iiuc, you're saying that in this setup, the guest eventually won't be able to communicate with its 172.21.0.0/16 clients because it won't see the eth0.2 interface
1315856236 M * Bertl well, for me it would be interesting to see if you encounter the same issues, because if so, we probably need to remove that check (at least via an option)
1315856266 M * Bertl Marillion: you get that when doing what exactly?
1315856270 M * Guy- Bertl: that sounds very good, and I will try it; but I don't understand why I shouldn't encounter the problem
1315856323 M * Marillion Bertl: i test the patch set on http://rpm.hozac.com/dhozac/rhel/6/vserver/SRPMS/
1315856359 M * Marillion Bertl: i don't know which part bring up the error
1315856392 M * Bertl well, maybe daniel_hozac knows, I have no idea
1315856420 M * Marillion Bertl: ok, thanks for your help
1315857077 Q * derjohn_mob Ping timeout: 480 seconds
1315857326 M * daniel_hozac Marillion: hmm?
1315857329 M * daniel_hozac what are you doing?
1315857440 M * Marillion daniel_hozac: i use linux-2.6.32-131.12.1.el6 tarball and your last patch-2.6.32-vs2.3.0.36.29.6.diff patch set and compile it, would you like my .config?
1315857452 M * daniel_hozac what is your goal?
1315857471 M * daniel_hozac because you really should just use the config it ships with.
1315857517 M * Marillion i use my own config
1315857522 M * Marillion not yours
1315857529 M * daniel_hozac and that is most likely why it's breaking.
1315857565 M * Bertl do rhel kernels break when changing the config?
1315857601 M * daniel_hozac i doubt anyone tests for other configurations when you have a set target.
1315857608 M * Marillion yes, i enable xen, befor i come more error
1315857642 M * daniel_hozac you know Xen is not supported with this kernel?
1315857646 M * Bertl i.c. well, fair enough, I'd suggest you compare the .config files and check for anything related to auditing
1315857668 M * daniel_hozac (i.e. mainline is probably a better choice there)
1315857693 M * Marillion daniel_hozac: none xen in the config, i became more erros when i try to compile
1315857724 M * daniel_hozac well, let's start elsewhere then. why are you using the RHEL kernel?
1315857734 M * Marillion i don't know which part in my .config are wrong
1315857788 M * Marillion daniel_hozac: why not, is more auditing :)
1315857837 M * daniel_hozac the RHEL kernel is great if that's what you want.
1315857855 M * daniel_hozac but if you want something else, e.g. Xen, you're probably better off using something else where that is supported.
1315857858 M * daniel_hozac and maintained.
1315857976 M * Marillion the centos Kernel are compile without any errors, but i would like vserver suppot, and i find your patch set, not more :)
1315858058 M * daniel_hozac CentOS is an entire series behind right now, so it's not really comparative.
1315858076 J * derjohn_mob aj@88.128.207.82
1315858154 M * Marillion i believe that
1315858243 M * daniel_hozac you might try the SL6 kernel for a comparison.
1315858258 M * daniel_hozac (or, you know, the RHEL6 kernel)
1315858292 M * daniel_hozac but in general i would advise against using the RHEL kernel for anything other than what it was designed for.
1315858293 M * Marillion SL6? you mean SuSE Enterprise?
1315858299 M * daniel_hozac Scientific Linux
1315858304 M * Marillion ah ok#
1315858327 Q * cuba33ci Read error: Connection reset by peer
1315858391 J * BenG ~bengreen@cpc12-aztw24-2-0-cust146.aztw.cable.virginmedia.com
1315858420 J * cuba33ci ~cuba33ci@111-240-172-124.dynamic.hinet.net
1315858439 M * Marillion daniel_hozac: have you got for me your .config public available? then i can a diff with my, and i see the diffrent faster
1315858474 M * daniel_hozac should be in the SRPM.
1315858515 M * Marillion ah ok, thanks very mutch for everything
1315858741 M * Guy- Bertl: btw, one of my original motivations for using a dummy interface instead of a real one was to avoid guests losing their IPs if I down the real interface and then bring it up again
1315859466 J * Aiken ~Aiken@2001:44b8:2168:1000:21f:d0ff:fed6:d63f
1315859605 M * Bertl Guy-: why do you down/up the interfaces at all?
1315859639 M * Bertl anyway, let's defer that till we know if it works in such a setup or not
1315859643 M * Guy- it doesn't happen frequently, but occasionally I change something in their configuration
1315859663 M * Guy- and I want to test what would happen on boot
1315860607 Q * fisted Ping timeout: 480 seconds
1315861988 Q * sannes Remote host closed the connection
1315862479 Q * bonbons Quit: Leaving
1315862760 M * Guy- Bertl: I still get 'no such device'
1315862816 M * Guy- Bertl: guest at 172.18.0.75/16 wants to talk to 172.18.10.128 via br0 (which is where its IP is)
1315862954 M * Bertl and br0 shows up in the guest
1315862963 M * Guy- yes
1315862983 M * Guy- both in ifconfing and in route
1315862990 M * Bertl could you upload the output of 'ip r l' from inside the guest?
1315862998 M * Guy- yes, hang on
1315863079 M * Guy- oh, I see it now - there is a more specific route pointing out through another interface
1315863130 M * Guy- Bertl: http://paste.linux-vserver.org/20572
1315863156 M * Bertl which isn't visible inside the guest :)
1315863160 M * Guy- exactly
1315863178 M * Guy- so we're back to square 1
1315863199 M * Guy- moving the IP from the dummy interface to the real one didn't solve the problem, it just made it less frequent
1315863231 M * Bertl well, without the move, basically all routes are on interfaces not belonging to the guest
1315863251 M * Guy- yes, and now only some are
1315863302 M * Guy- while I see how this filtering can be useful (it'd be even better if the "offending" routes didn't show up at all in the guest), I would like to be able to disable it
1315863338 M * Bertl yeah, the next step will be to hide those routes completely
1315863361 M * Bertl anyway, I guess it is something we want to be selectable
1315863367 M * Guy- yes yes yes :)
1315863380 M * Bertl not that I agree that your setup is a good choice, it's more a hack
1315863390 M * Guy- I realise that
1315863395 M * Bertl but I guess many folks using Linux-VServer do such hacks :)
1315863407 M * Guy- but it's a well-understood hack with good-ish reasons behind it :)
1315863455 M * Bertl let me put it this way: it would have been simpler and a lot cleaner to setup proper S/DNAT and use multiple addresses
1315863480 M * Guy- I'm not sure I see what you mean
1315863484 M * Bertl you could avoid all those static routes on your machines
1315863518 M * Guy- at the cost of giving each guest more than one IP, which would make my already complicated split-horizon DNS even more complex
1315863521 M * Bertl i.e. either the address is on the network, then it's not routed, or it isn't, in which case you could use the default gateway
1315863541 M * Guy- part of the idea is to bypass the default gateway for performance reasons
1315863570 M * Bertl which would advise having those guests on the network directly
1315863590 M * Guy- yes, but then they would need separate IPs in each network
1315863593 M * Bertl anyway, as I said, we'll reconsider this and make it an option if possible
1315863597 M * Guy- complicating DNS
1315863610 M * Guy- thank you
1315863622 M * Bertl are you willing/able to test this?
1315863630 M * Guy- within reason
1315863679 M * Guy- I can't reboot frequently
1315863683 M * Guy- (I don't have a test environment as such)
1315863726 M * Guy- but I have several boxes set up in a similar way
1315863759 M * Guy- and I suppose I can reboot at least one of them within 1-2 days, if needed for testing
1315863780 M * Guy- is this issue related to ipv6 at all, btw?
1315863782 M * Bertl I'm pretty sure the only check which affects you is in net/ipv4/route.c line 2528
1315863832 M * Bertl and the responsible check in Linux-VServer code is in net/core/dev.c line 719
1315863886 M * Guy- I see how I could disable that
1315863924 M * Guy- but I don't understand the ipv4/route.c part
1315863927 M * Bertl simplest way is to change the nx_dev_visible(current_nx_info(), dev) to
1315863941 M * Bertl (1 || nx_dev_visible(current_nx_info(),  dev)
1315863956 M * Bertl +)
1315863990 M * Guy- yes
1315863994 M * Bertl the reason why that only happens every now and then is because the slow path is seldom used
1315864003 M * Bertl and no, it's not ipv6 related at all
1315864029 M * Guy- but the only way to get ENODEV would be for dev_get_by_index_rcu to return NULL, no?
1315864047 M * Bertl and it will, if the interface is not visible
1315864062 M * Guy- ah, and that's exactly what happens, right
1315864066 M * Guy- I had it backwards
1315864077 M * Bertl np
1315864099 M * Guy- OK - are you suggesting that I modify dev.c to work around the issue temporarily?
1315864123 M * Bertl just for testing, alternatively you could disable the check in the slowpath
1315864149 M * Guy- OK, I'll change dev.c and see what happens when I upgrade the next box
1315864156 M * Bertl (which should not harm the normal operation, but might cause issues when an interface goes away)
1315864173 M * Guy- I'd rather stick to modifying the parts I think I understand :)
1315864190 M * Bertl note that the side effect of the dev change is that all interfaces will be visible inside a guest (if looked up via index)
1315864229 M * Bertl I think what we ultimately need is a method to lookup interfaces without restriction and one with
1315864262 M * Guy- hm, I recall I had reported the problem of being able to look up all interfaces from a guest before :)
1315864273 M * Guy- so now it turns out my desires contradict each other :)
1315864281 M * Bertl yeah, so it's your fault! :)
1315864331 M * Guy- anyway, the ability to look them up is less of a problem for me now (it only caused an issue with idiotic copy protection software)
1315864519 M * Guy- good night for now :)
1315864689 M * Bertl nn
1315867017 Q * ghislain Quit: Leaving.
1315867377 J * ghislain ~AQUEOS@adsl2.aqueos.com
1315868165 Q * dowdle Remote host closed the connection
1315869212 Q * DoberMann Ping timeout: 480 seconds
1315869480 Q * ghislain Quit: Leaving.
1315870473 Q * Hunger Quit: _._
1315870614 J * Hunger ~Hunger@Hunger.hu