1328141999 J * Walex ~Walex@87-194-99-40.bethere.co.uk
1328144130 Q * fisted Ping timeout: 480 seconds
1328144218 Q * dowdle 
1328144967 J * fisted ~fisted@xdsl-81-173-185-221.netcologne.de
1328154503 Q * ensc Ping timeout: 480 seconds
1328161606 J * bigbadmoon ~blagoj@89.205.105.151
1328161631 J * sannes ~ace@cm-84.209.106.118.getinternet.no
1328162691 M * Bertl off to bed now ... have a good one everyone!
1328162695 N * Bertl Bertl_zZ
1328167160 J * petzsch ~markus@dslb-188-103-059-032.pools.arcor-ip.net
1328167511 J * ghislain ~AQUEOS@adsl2.aqueos.com
1328167704 J * CanolaOil ~a@ip72-207-16-214.sd.sd.cox.net
1328168008 J * petzsch1 ~markus@dslb-094-222-101-044.pools.arcor-ip.net
1328168118 Q * dkg Remote host closed the connection
1328168332 Q * petzsch Ping timeout: 480 seconds
1328168360 Q * CanolaOil Quit: Leaving
1328168443 J * dkg ~dkg@finestructure.net
1328168710 J * tty234_ telex@anapnea.net
1328168821 Q * tty234 Ping timeout: 480 seconds
1328168947 J * ncopa ~ncopa@3.203.202.84.customer.cdi.no
1328171339 J * bonbons ~bonbons@2001:960:7ab:0:8d68:ba36:ee0f:a356
1328172991 Q * ensc|w Remote host closed the connection
1328172999 J * ensc|w ~ensc@www.sigma-chemnitz.de
1328174592 Q * bonbons Read error: Connection reset by peer
1328174689 J * bonbons ~bonbons@2001:960:7ab:0:8d68:ba36:ee0f:a356
1328174919 J * nyerup irc@jespernyerup.dk
1328175066 M * nyerup Hi guys,
1328175134 M * nyerup I run some vservers on different vlans than their hosts, and do source-based routing to get traffic out on the right interface.
1328175235 M * nyerup On Linux 3.0.y with vs2.3.2.2 I see some odd behavior - when I connect to remote hosts on the guest's vlan, the initial connection goes out on the host's vlan interface instead of the guest's if the client in the guest binds to 0.0.0.0.
1328175285 M * nyerup If the guests binds to its' own IP when connecting, the connection goes well. Either well, all connections after the first attempt to through the correct interface.
1328175294 M * nyerup *either way
1328175354 M * nyerup I've tried the same thing on Linux 2.6.38.z with vs2.3.0.37-rc17, and this combo doesn't show this behavior.
1328175397 M * nyerup Do any of you know of a reason why this could be?
1328175442 M * daniel_hozac IIRC 3.0 changed how and when routing was done.
1328175532 M * nyerup daniel_hozac: Okay. I've searched for something like that, but my Google mojo may be failing me - do you have a link to something relevant?
1328175918 Q * bonbons Read error: Connection reset by peer
1328176055 M * daniel_hozac nothing more specific than the changelog.
1328176139 J * bonbons ~bonbons@2001:960:7ab:0:8d68:ba36:ee0f:a356
1328176163 M * daniel_hozac you might want to try with 3.2 though
1328176166 Q * thal Read error: Connection reset by peer
1328176576 M * nyerup daniel_hozac: I may be blind, but I don't see anything in the 3.0 changelog. I saw that 2.6.39 changed from storing the routing table in hashes to storing in tries, but we've tried reverting that in 3.0 without luck.
1328176597 M * nyerup But I'll try out 3.2.y right away.
1328176667 M * nyerup daniel_hozac: Is it just a hunch, or do you know that something relevant changed?
1328176745 M * daniel_hozac i don't know if anything has changed.
1328176756 J * Hollow ~Hollow@p5B2C4C4A.dip.t-dialin.net
1328177358 J * kir ~kir@swsoft-msk-nat.sw.ru
1328177864 M * nyerup daniel_hozac: Allrighty. I'll get back when I've tested 3.2.
1328177961 N * Hollow Guest1317
1328177961 J * Hollow ~Hollow@p5B2C5D0E.dip.t-dialin.net
1328178059 Q * Guest1317 Read error: Operation timed out
1328179407 M * nyerup daniel_hozac: 3.2 didn't work either.
1328179443 M * nyerup As in, it shows the same behavior as 3.0.y/vs2.3.2.2.
1328179785 M * nyerup daniel_hozac: I'm trying to replicate the configuration with the routing rules without a vserver on a 3.0.y vanilla, to see if it shows the same behavior.
1328179886 M * daniel_hozac you wouldn't be able to do that though, as there are no network contexts...
1328181139 N * Bertl_zZ Bertl
1328181144 M * Bertl morning folks!
1328183284 M * nyerup daniel_hozac: True, but I'll figure out if it's my routing configuration that is b0rken, or if I should keep digging in vserver trouble shooting.
1328184153 M * Bertl basically there could be difference between syn and flow traffic, both routing and Linux-VServer wise 
1328184993 M * nyerup Bertl: But has anything remotely related to this changed between vs2.3.0.37 and vs.2.3.2.2?
1328185010 M * nyerup Vanilla kernel worked as expected, by the way.
1328185050 M * Bertl the way how mainline arrives at the routes changed
1328185065 M * Bertl so it could be a bug there or in the way Linux-VServer interferes
1328185511 M * nyerup Okay. We'll start looking through the patch set to see if we can find anything.
1328185630 M * Bertl if it is Linux-VServer related, then my first guess would be the routing cache
1328185656 Q * hijacker Quit: Leaving
1328185671 M * nyerup That would make sense, as only the first connection comes out wrong.
1328187236 M * nyerup Bertl: I think you're right, because when I 'ip route flush cache' on the host, the problem becomes reproducible again.
1328187317 M * Bertl okay, I was planning to add the nid to the routing cache hash
1328187328 M * Bertl that might solve the problem for you
1328187351 M * nyerup Cool. Is that a bit patch?
1328187389 M * nyerup Also, I think it's a trie now. :)
1328187416 M * nyerup *big patch, sorry.
1328187510 M * Bertl nah, it should be fairly trivial, the nix is already available, there, it just needs to be passed around and used for the actual hash check
1328187524 M * Bertl but the devil's in the detail :)
1328187719 M * nyerup True. :)
1328187729 M * nyerup Anything we can do to help?
1328188419 M * Bertl yes, if you have a good test setup, that should help a lot
1328188644 M * nyerup I can easily test a new patch, but it'll be difficult to get you access to the setup.
1328188793 M * Bertl no need to I guess
1328188892 M * nyerup Great.
1328190008 M * nyerup Bertl: When would you think you'll have the time to look into this? Just so I'll know if I need an interim solution.
1328190034 M * Bertl looking into it right now
1328190057 M * nyerup Oh my. Don't let me get in your way, then. :)
1328190255 M * Bertl but you could actually try a workaround for me, just to verify that we are hitting this issue and not something else
1328190277 M * nyerup Sure.
1328190285 M * Bertl setup a private routing table based on a mark for that guest
1328190306 Q * bigbadmoon Ping timeout: 480 seconds
1328190308 M * Bertl i.e. something checking for the source ip, and adding an fwmark
1328190342 M * Bertl then a routing rule directing to a separate routing table which contains whatever you need to get the packet where it belongs
1328190421 M * nyerup Just to clarify - this is what I have now:
1328190496 J * fisted_ ~fisted@xdsl-87-78-82-145.netcologne.de
1328190543 M * nyerup # ip rule show
1328190543 M * nyerup 0:      from all lookup local 
1328190543 M * nyerup 32765:  from 1.2.3.4/32 lookup 10 
1328190543 M * nyerup 32766:  from all lookup main 
1328190544 M * nyerup 32767:  from all lookup default
1328190576 M * nyerup And then the routes needed to get 1.2.3.4's traffic the right place in routing table 10.
1328190610 M * Bertl yep, just modify that to
1328190624 Q * bonbons Quit: Leaving
1328190631 Q * fisted Ping timeout: 480 seconds
1328190631 M * Bertl 32765: from all fwmark 0x1 lookup 10
1328190658 M * Bertl and add an iptables rule checking for 1.2.3.4/32 and adding themark
1328190723 M * nyerup Alright. I'll do that.
1328190767 M * Bertl something like iptables -t mangle -A OUTPUT -s 1.2.3.4/32 -j MARK --set-mark 0x1
1328190785 M * Bertl or maybe better in PREROUTING
1328191007 M * nyerup Okay.
1328191098 J * hijacker ~hijacker@213.91.163.5
1328191604 M * nyerup Sorry for the delay. I just had to get the machine back on the kernel that showed the symptoms.
1328191927 M * nyerup Hmm. My iptables rules don't match any packets. Hold on.
1328191989 Q * bondmain_ Read error: Connection reset by peer
1328192029 J * bondau ~bondmain@C-59-100-116-94.bri.connect.net.au
1328192496 M * nyerup Bertl: I'm trying to figure out what I did wrong, but now I don't get any traffic through the guest's interface.
1328192751 Q * bondau Read error: Connection reset by peer
1328192752 M * Bertl then the marking is probably wrong, does it get used? (packet count etc)
1328192781 J * bondmain_ ~bondmain@C-59-100-116-94.bri.connect.net.au
1328192836 M * nyerup Bertl: It does, but apparently for the wrong traffic. I'm trying to isolate the test case. :)
1328193087 M * nyerup Bertl: It worked when I filtered for a specific destination IP instead.
1328193104 M * nyerup Bertl: I can confirm that that workaround works.
1328193285 M * nyerup Bertl: Sorry, now filtering on source address works. But I had to move it to the OUTPUT chain.
1328193312 M * Bertl makes sense for traffic originating from the guest
1328193332 M * Bertl okay, good, will do some checks regarding routing cache validation and come up with a patch later today for testing
1328193410 M * nyerup Bertl: Awesome.
1328194502 Q * Aiken Remote host closed the connection
1328194612 J * BenG ~bengreen@cpc10-aztw24-2-0-cust114.aztw.cable.virginmedia.com
1328195601 Q * bondmain_ Read error: Connection reset by peer
1328196466 Q * Hollow Quit: Hollow
1328197084 J * ryker ~jalberts@c-67-176-243-86.hsd1.in.comcast.net
1328198318 J * dowdle ~dowdle@scott.coe.montana.edu
1328198826 Q * petzsch1 Quit: Leaving.
1328199079 J * petzsch ~markus@dslb-094-222-101-044.pools.arcor-ip.net
1328200022 M * Bertl nyerup: http://vserver.13thfloor.at/ExperimentalT/delta-nidrth-feat01.diff
1328200035 M * Bertl almost untested, but it booted here without exploding :)
1328200178 M * Bertl off for a nap ... bbl
1328200188 N * Bertl Bertl_zZ
1328200648 M * nyerup Bertl_zZ: Great. That's an addon patch for 2.3.2.6, right?
1328200653 M * nyerup Yeah.
1328200666 M * nyerup Okay. We'll give it a spin.
1328203096 Q * BenG Quit: I Leave
1328203538 Q * ncopa Quit: Leaving
1328203938 P * kir PING 1328203938
1328203941 P * petzsch 
1328203959 J * petzsch ~markus@dslb-094-222-101-044.pools.arcor-ip.net
1328205162 Q * biz Quit: leaving
1328209474 J * bigbadmoon ~blagoj@89.205.105.151
1328210158 P * bigbadmoon 
1328214678 N * Bertl_zZ Bertl
1328214682 M * Bertl back now ...
1328216627 J * sweil ~stefan@p5086E936.dip.t-dialin.net
1328218125 Q * nkukard Ping timeout: 480 seconds
1328218177 J * nkukard ~nkukard@41-133-198-167.dsl.mweb.co.za
1328218613 N * ryker Guest1376
1328218613 Q * Guest1376 Read error: Connection reset by peer
1328218613 J * ryker ~jalberts@c-67-176-243-86.hsd1.in.comcast.net
1328218623 Q * ryker 
1328218650 Q * swenTjuln Quit: Aii
1328218788 J * swenTjuln ~Marko@toby-243.tobonet.com
1328220790 J * Aiken ~Aiken@2001:44b8:2168:1000:21f:d0ff:fed6:d63f
1328222187 Q * ghislain Quit: Leaving.
1328222925 Q * sweil Remote host closed the connection
1328223363 Q * petzsch Read error: Connection reset by peer
1328226225 J * ryker ~jalberts@c-67-176-243-86.hsd1.in.comcast.net