1434672059 J * fstd ~fstd@xdsl-81-173-190-246.netcologne.de 1434672077 Q * fstd Remote host closed the connection 1434672088 J * fstd ~fstd@xdsl-81-173-190-246.netcologne.de 1434674857 Q * DoberMann Ping timeout: 480 seconds 1434675054 J * DoberMann ~james@2a01:e35:8b44:84c0::2 1434677968 Q * fstd Remote host closed the connection 1434683308 Q * PowerKe Ping timeout: 480 seconds 1434694148 Q * derjohn_mob Ping timeout: 480 seconds 1434694446 J * vadik ~vadik_tmb@91.244.171.34 1434695376 M * Bertl off for a nap ... bbl 1434695386 N * Bertl Bertl_zZ 1434695600 J * Ghislain ~aqueos@adsl1.aqueos.com 1434698740 J * wicope ~wicope@0001fd8a.user.oftc.net 1434702516 Q * wicope Remote host closed the connection 1434706157 Q * FireEgl Quit: Leaving... 1434706696 J * derjohn_mob ~aj@2001:6f8:1337:0:c1e6:700b:1390:ac35 1434707420 Q * derjohn_mob Ping timeout: 480 seconds 1434707904 J * derjohn_mob ~aj@b2b-94-79-172-98.unitymedia.biz 1434711957 Q * yert Remote host closed the connection 1434713556 J * wicope ~wicope@0001fd8a.user.oftc.net 1434714329 Q * wicope Ping timeout: 480 seconds 1434714378 J * FireEgl FireEgl@2001:470:e0ab:1:4ca1:2658:311:9da4 1434716630 Q * Aiken Remote host closed the connection 1434717878 Q * Defaultti Quit: Quitting. 1434717927 J * Defaultti defaultti@lakka.kapsi.fi 1434718397 J * thierryp ~thierry@zeta.inria.fr 1434719433 Q * ensc|w Ping timeout: 480 seconds 1434720055 N * Bertl_zZ Bertl 1434720057 M * Bertl morning folks! 1434720886 J * fstd ~fstd@xdsl-84-44-237-33.netcologne.de 1434724642 J * Wermwud ~Wermwud@69-29-150-18.stat.centurytel.net 1434726038 Q * fstd Remote host closed the connection 1434728378 Q * CcxCZ Quit: WeeChat 1.0-dev 1434728534 J * CcxCZ ~ccxCZ@asterix.te2000.cz 1434728983 Q * vadik Ping timeout: 480 seconds 1434729306 J * fstd ~fstd@xdsl-84-44-221-245.netcologne.de 1434729323 Q * fstd Remote host closed the connection 1434729333 J * fstd ~fstd@xdsl-84-44-221-245.netcologne.de 1434729533 Q * fstd Remote host closed the connection 1434729740 Q * derjohn_mob Ping timeout: 480 seconds 1434730299 Q * thierryp Remote host closed the connection 1434730643 J * fstd ~fstd@xdsl-87-78-142-162.netcologne.de 1434730935 J * benl2 ~benl@officevillage.sonassihosting.com 1434730940 M * benl2 Hey troops 1434730950 M * benl2 I'm playing with vlan tagged interfaces on vserver guests 1434730964 M * benl2 And I've got it all working ... bar the default gateway 1434730990 M * benl2 When using a single route table, it uses the host gateway - but I want to specify a different gateway on the vlan for each guest 1434731021 M * benl2 multiple routing tables is the solution - but I'm struggling on the gateway 1434731041 M * benl2 obviously without the NET_RAW caps, the guest can't modify its ip route 1434731048 M * benl2 but how can I do it from the context of the host machine 1434731053 M * benl2 Is there any documentation on this? 1434731237 M * benl2 I feel so close to success 1434731263 M * benl2 Would I need to create a namespace for the network? 1434731265 M * benl2 As per http://linux-vserver.org/util-vserver:SplitSharedNetworks ? 1434731421 J * yang_ yang@jazz.prunk.network 1434731841 J * PowerKe ~tom@d515270CD.access.telenet.be 1434732563 Q * fstd Remote host closed the connection 1434740771 M * benl2 Ok 1434740776 M * benl2 I've made it really close 1434740778 M * benl2 got the right gateway 1434740786 M * benl2 I can ping the guest from another machine in the same VLAN 1434740791 M * benl2 but the guest itself can't ping out 1434740802 M * benl2 ping: icmp open socket: Operation not permitted 1434740881 J * derjohn_mob ~aj@x590c61af.dyn.telefonica.de 1434741012 M * benl2 From the network namespace, I can use ping, eg. 1434741013 M * Bertl does the guest have the necessary capabilities? 1434741015 M * benl2 vspace -e web11 --net ping 1434741016 M * benl2 works 1434741033 M * Bertl i.e. is it allowed to create raw sockets? 1434741056 M * benl2 as in CAP_NET_RAW? 1434741071 M * benl2 I haven't given *any* capabilities to it above what the defaults are 1434741084 M * Bertl then most likely that is your problem 1434741128 M * Bertl there is a guest capabilitiy to override the typical ping case 1434741144 M * Bertl note that this depends on the ping application if it is sufficient 1434741166 M * benl2 well, the overall issue is that the guest is now "pingable" 1434741174 M * benl2 and from the network namespace, it can ping out 1434741192 M * benl2 but from the context of the guest "vserver guest exec ping 8.8.8.8" - it doesnt work 1434741220 M * Bertl check with strace what happens, but I'm pretty sure the ping tries to create a raw socket and fails 1434741228 M * benl2 Its the same with curl etc. 1434741248 M * Bertl that is unusual, as curl doesn't create raw sockets 1434741251 M * benl2 curl: (6) Couldn't resolve host 'google.com' 1434741260 M * benl2 well - don't forget, I'm messing with namespaces here 1434741263 M * Bertl that just means that your resolver is not working 1434741267 M * benl2 no no 1434741273 M * benl2 connectivity in general isn't working 1434741284 M * benl2 but I've got no ways to demonstrate it short of curl/ping etc. 1434741294 M * Bertl what about telnet? 1434741325 M * benl2 not installed on the guest - but I'd imagine the same 1434741341 M * Bertl what about curl with an IP? 1434741353 M * Bertl again, use strace 1434741362 P * undefined 1434741368 M * benl2 lol 1434741371 M * benl2 I've got no strace either 1434741375 M * benl2 gimme a few mins 1434741383 M * benl2 let me give the guest connectivity and add some debugging apps 1434741409 M * benl2 ok ok, progress. 1434741419 M * benl2 I was missing the default route (I changed the guest interface) 1434741424 M * benl2 so it does have connectivity now! 1434741429 M * benl2 eg. curl google.com works 1434741455 M * benl2 I guess its just ping that doesn't work 1434741487 M * benl2 ICMP normally works without me changing guest caps - so is there something I've screwed up when changing the net namespace of the guest 1434741493 M * benl2 i basically did this 1434741499 M * benl2 mkdir -p /etc/vservers/guest/spaces 1434741504 M * benl2 >/etc/vservers/guest/spaces/net 1434741512 M * benl2 touch /var/run/netns/guest 1434741517 M * benl2 vserver guest start 1434741533 Q * derjohn_mob Ping timeout: 480 seconds 1434741536 M * benl2 vspace -e guest --net mount -o bind /proc/self/ns/net /var/run/netns/guest 1434741543 M * benl2 vspace -e guest --net /usr/lib/util-vserver/vprocunhide 1434741564 M * Bertl as I said, ping is a little special 1434741565 M * benl2 ip link add guest type veth peer name veth0 1434741579 M * Bertl it really depends on the pin application what capabilities are required 1434741581 M * benl2 yeah, I'm sure i'm missing something the default init scripts would otherwise do 1434741596 M * Bertl but it is safe to give more network capabilities to guests with network namespaces 1434741596 M * benl2 as pign works by default (when I'm not messing with net namespaces) 1434741603 M * benl2 oh really? 1434741640 M * Bertl well, there is less danger from e.g. raw sockets, because they will not allow sniffing host traffic for example 1434741641 M * benl2 bear in mind I'm using a veth peer tunnel from the internal guest interface to a bridge on the host with the physical nic 1434741885 M * benl2 I'll dig deeper, making good progress here! 1434741901 M * benl2 only thing to figure out is how to get the network namespace up, before the guest does its mounts 1434742075 J * derjohn_mob ~aj@x590c61af.dyn.telefonica.de 1434742503 J * bonbons ~bonbons@2001:a18:207:1701:21e0:fba4:8337:a83 1434743035 M * benl2 oh boy. 1434743045 M * benl2 I've just been reading the "great flower page" 1434743060 M * benl2 I never even new network namespaces and veth links were supported by default! 1434743072 M * benl2 I've been testing this with manual scripts 1434743094 M * Bertl daniel_hozac has been working on it for some time now 1434743099 M * benl2 clearly! 1434743102 M * benl2 I'm a lemon 1434743111 M * benl2 but I've hit another annoying wall though :( 1434743130 M * benl2 I think libc6 <2.14 doesn't support iproute2's `ip netns exec` feature 1434743139 M * benl2 setting the network namespace "guestX" failed: Function not implemented 1434743181 M * Bertl yeah, I guess that needs to be updated 1434743198 M * benl2 its a Debian Squeeze host - so I'd have to move it to Wheezy 1434743222 M * benl2 I've been cheating this issue so far by leveraging `vspace -e web11 --net` to execute commands in a given namespace 1434743782 M * benl2 I think I've found an issue anyway 1434743810 M * benl2 logging the `ip` binary when starting a guest shows that it tries to perform mounts (fstab.remote) prior to even starting the network namespace 1434743916 J * fstd ~fstd@xdsl-84-44-226-94.netcologne.de 1434744510 Q * Wermwud Max SendQ exceeded 1434744591 J * Wermwud ~Wermwud@69-29-150-18.stat.centurytel.net 1434745125 J * undefined ~undefined@00011a48.user.oftc.net 1434745215 P * undefined 1434745233 J * undefined ~undefined@00011a48.user.oftc.net 1434748328 J * thierryp ~thierry@home.parmentelat.net 1434748751 M * Bertl off for a nap ... bbl 1434748759 N * Bertl Bertl_zZ 1434748800 Q * thierryp Remote host closed the connection 1434749479 Q * bonbons Quit: Leaving 1434750456 J * Aiken ~Aiken@d63f.h.jbmb.net 1434750772 Q * Wermwud Quit: Leaving (Please imagine me slamming the door on my way out) 1434751581 Q * fstd Remote host closed the connection 1434751621 M * benl2 Hey guys 1434751637 M * benl2 I'm seeing odd behaviour when attempting to mount an nfs partition from `vspace --mount --net` 1434751650 M * benl2 it throws this error `mount.nfs: an incorrect mount option was specified` 1434751681 M * benl2 mounting from the host is fine, and from `vspace --net` is fine - but it doesn't work in `vspace --net --mount` 1434751768 M * benl2 Okay `vnamespace -e web11 -i 0 --net --` works 1434753422 J * fstd ~fstd@xdsl-87-78-82-43.netcologne.de 1434755062 Q * bzed Remote host closed the connection 1434755079 J * bzed ~bzed@bzed.netrep.oftc.net 1434755127 Q * gamingrobot_ Read error: Connection reset by peer 1434755143 J * gamingrobot_ sid10990@id-10990.ealing.irccloud.com 1434755818 Q * benl2 Quit: HydraIRC -> http://www.hydrairc.com <- In tests, 0x09 out of 0x0A l33t h4x0rz prefer it :) 1434756041 J * _are_ ~quassel@2a01:238:4325:ca00:f065:c93c:f967:9285 1434756278 Q * _are__ Ping timeout: 480 seconds 1434756400 Q * BWare Remote host closed the connection 1434756501 J * BWare ~itsme@31.25.99.5 1434757534 Q * Ghislain Read error: Connection reset by peer 1434758359 Q * fstd Remote host closed the connection 1434758370 J * fstd ~fstd@xdsl-87-78-141-10.netcologne.de