Kirill Korotaev | 1 Oct 10:09 2007
Picon

Re: Running DHCP on VPS, ( on a router.. )

Dariush,

can you please add -e option to tcpdump, so that we could check MAC in packets?
and tell me plz MAC addresses of HN, veth inside VE and your DHCP client.

Thanks,
Kirill

Dariush Pietrzak wrote:
>>DHCP server should work fine with veth bridged to host eth0 interface.
>>Can you reproduce your issue when server doesn't reply?
> 
>  it looks like this:
> 
> HN: tcpdump -n -i eth0.107
> 08:16:19.401880 00:1b:d4:7e:76:2a > 01:00:0c:cc:cc:cd SNAP Unnumbered, ui, Flags [Command], length 50
> 08:16:21.154240 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:1b:d5:2c:bf:38,
length 308
> 08:16:21.185096 IP 192.168.8.254.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
> 08:16:21.187344 arp who-has 192.168.9.254 tell 192.168.9.97
> 
> 
> HN: tcpdump -n -i br107
> 08:16:19.401880 00:1b:d4:7e:76:2a > 01:00:0c:cc:cc:cd SNAP Unnumbered, ui, Flags [Command], length 50
> 08:16:21.154240 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:1b:d5:2c:bf:38,
length 308
> 08:16:21.185096 IP 192.168.8.254.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300
> 08:16:21.187344 arp who-has 192.168.9.254 tell 192.168.9.97
> 
> and finally, from inside the vps:
(Continue reading)

Dariush Pietrzak | 1 Oct 11:46 2007

Re: Running DHCP on VPS, ( on a router.. )

Hello Kirill,

> can you please add -e option to tcpdump, so that we could check MAC in packets?
> and tell me plz MAC addresses of HN, veth inside VE and your DHCP client.
 Here's the tcpdump on HN:

11:38:39.651963 00:1b:d5:2c:bf:38 > ff:ff:ff:ff:ff:ff, ethertype IPv4
(0x0800), length 350: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request
from 00:1b:d5:2c:bf:38, length 308

11:38:39.669960 00:08:02:ac:36:20 > ff:ff:ff:ff:ff:ff, ethertype IPv4
(0x0800), length 342: 172.17.8.254.67 > 255.255.255.255.68: BOOTP/DHCP,
Reply, length 300

and on VPS it's visible as:

11:38:39.669971 00:08:02:ac:36:20 > ff:ff:ff:ff:ff:ff, ethertype IPv4
(0x0800), length 342: 172.17.8.254.67 > 255.255.255.255.68: BOOTP/DHCP,
Reply, length 300

can't find any sign of this packet in /var/log/messages, it looks like
everything in /var/log/messages is completely unrelated to dhcp, some of
those are vrrp heartbeat, others - SNAP, 

it looks like this:
grep -i 00:08:02:ac:36:20 /var/log/messages

Oct  1 10:48:09 dfw1 kernel:   src = 00:1b:d5:84:90:92:, dst =
00:08:02:ac:36:20:
Oct  1 10:59:42 dfw1 kernel:   src = 00:1b:d5:84:7a:1f:, dst =
(Continue reading)

Kirill Korotaev | 1 Oct 12:02 2007
Picon

Re: Running DHCP on VPS, ( on a router.. )

Dariush Pietrzak wrote:
>>It should print some information in /var/log/messages about what packets
>>are dropped and due to which condition.
> 
>  All the messages look like this:
> 
> Sep 30 13:31:11 dfw1 kernel: veth_xmit() dropped pkt reason 4:
> Sep 30 13:31:11 dfw1 kernel:   src = 00:1b:d5:84:90:d2:, dst = 00:08:02:ac:36:20:
>  src mac seem to belong to the stations that my dhcpd is supposed to be
> serving, I don't recognize dst macs though... I'll inwestigate it if that's
> important.

dst MAC is MAC of your host node according to tcpdump you've sent a few minutes ago.
So pkt was dropped correctly.

>  To sum up - all the messages claim that drop is due to reason 4
> 
> 
>>+		reason = 4;
>> 		if (compare_ether_addr(((struct ethhdr *)skb->data)->h_dest,
>> 					rcv->dev_addr))
>> 			goto outf;
> 
> 
>  I don't recall if I've mentioned this, but I'm using both bridge, and
> ucarp on top of the bridge.

can you check w/o ucarp please?
We setup vlan+bridge+veth to check, but it works fine on our side.
Or maybe you can give me an access to check?
(Continue reading)

Peter Hinse | 1 Oct 19:00 2007
Picon

Re: Using multicast in virtual servers

Vitaliy Gusev schrieb:
>> On the Wednesday 26 September 2007 13:00 Peter Hinse, wrote:
>>> veth1981420 Link encap:Ethernet  HWaddr 00:0C:29:F7:A0:88
>>>           inet6 addr: fe80::20c:29ff:fef7:a088/64 Scope:Link
>>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>           RX packets:4101690 errors:0 dropped:0 overruns:0 frame:0
>>>           TX packets:3166888 errors:0 dropped:0 overruns:0 carrier:0
>>>           collisions:0 txqueuelen:0
>>>           RX bytes:1071935233 (1022.2 MiB)  TX bytes:3124980969 (2.9 GiB)
>>>
>>> No bridging used right now.
> You must use a bridge. Multicast packets is not forwarded.
> 

OK, multicast works with bridging enabled. Big thx for help!

Regards,

	Peter
Michael H. Warfield | 6 Oct 17:43 2007

linux-2.6.22-ovz004

	Looking at the GIT tree it looks like 2.6.22-ovz004 was released 4 days
ago.  That should have the fixes for netfilter, correct?  Any idea when
it's going to appear on the site?  I need 2.6.22 for the TCP_MD5SUM
option (for bgp route advertising) and I need ovz004 to get netfilter
going.

	I've also noticed that CONFIG_IPV6_SIT is not set in the 2.6.22 (or
other development) builds.  Anyone know if there is some problem there?
Yes, I need that too and will probably end up recompiling the kernel
just for that - it'ss default enabled in the EL kernels and Fedora
kernels.

	Mike
--

-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw@...
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

_______________________________________________
Users mailing list
Users@...
https://openvz.org/mailman/listinfo/users
Kir Kolyshkin | 7 Oct 11:49 2007

Re: linux-2.6.22-ovz004

Michael H. Warfield wrote:
> 	Looking at the GIT tree it looks like 2.6.22-ovz004 was released 4 days
> ago.  That should have the fixes for netfilter, correct?

Should be clear from GIT log. Well, I don't see any. Do you mean some
known bugs? Any bug ##s?

>   Any idea when
> it's going to appear on the site?

We release kernels only after QA is done, more to say, we do not release
every kernel we tag in GIT.

For ovz004 it's still in progress, we're aiming for next week.

>   I need 2.6.22 for the TCP_MD5SUM
> option (for bgp route advertising) and I need ovz004 to get netfilter
> going.
>
> 	I've also noticed that CONFIG_IPV6_SIT is not set in the 2.6.22 (or
> other development) builds.  Anyone know if there is some problem there?
>   

Just file a bug asking to enable this option, telling why you need it
and which kernels have it enabled.

> Yes, I need that too and will probably end up recompiling the kernel
> just for that - it'ss default enabled in the EL kernels and Fedora
> kernels.
>
(Continue reading)

Martin Trtusek | 10 Oct 07:54 2007
Picon

Kernel 2.6.18-openvz-13-39.1d1-amd64 oops

I installed kernel 2.6.18-openvz-13-39.1d1-amd64 from
http://download.openvz.org/debian on Debian Etch one week ago and
experienced kernel oops (complete freezing, off/on necessary) after 2-3
days of running (3 times). Oops is always after cron.daily scripts (in
my case 06:25) but not everyday. Yesterday I configured netconsole for
capturing useful info, enclosed.

Hardware was tested very strong on installation. With stock Debian
kernel (initrd.img-2.6.18-5-amd64) server does not have any problem (3
months of operation). There are 3 VPS running, without really using.

Enclosed last entry in syslog (before crash). Looks like problem is
invoking  by /usr/share/vzctl/scripts/vpsnetclean
or /usr/share/vzctl/scripts/vpsreboot. Booth scripts are from vzctl
package, I installed it from http://debian.systs.org/

# vzctl --version
vzctl version 3.0.18-1dso1

I am leaving office now, additional info (if necessary) I can send
tomorrow.

Martin Trtusek
netconsole: network logging started
Warning: /proc/ide/hd?/settings interface is obsolete, and will be removed soon!
st: Version 20050830, fixed bufsize 32768, s/g segs 256
sd 0:0:0:0: Attached scsi generic sg0 type 0
sd 0:0:1:0: Attached scsi generic sg1 type 0
(Continue reading)

Dietmar Maurer | 10 Oct 11:15 2007

VPS capabilities

Where can I find more information about vps capabilities, i.e. what
exactly is:

NET_BIND_SERVICE
KILL
LINUX_IMMUTABLE
NET_ADMIN
SYS_CHROOT
VE_ADMIN

Is there any ocumentation about that available?

- Dietmar
Kirill Korotaev | 10 Oct 11:42 2007
Picon

Re: VPS capabilities

Dietmar Maurer wrote:
> Where can I find more information about vps capabilities, i.e. what
> exactly is:
> 
> NET_BIND_SERVICE
> KILL
> LINUX_IMMUTABLE
> NET_ADMIN
> SYS_CHROOT

these are std linux capabilities, so you can look at any documentation related to it,
plus comments in kernel in include/linux/capability.h and kernel sources.

> VE_ADMIN

it is a restricted subset of CAP_SYS_ADMIN+CAP_NET_ADMIN capability for VE root.
it allows to do a lot of thing allowed for std root, like configuring firewalls,
network devices, etc. but not everything, e.g. VE root can't change mtrr registers,
can't issue raw SCSI commands, etc.

Thanks,
Kirill
Dietmar Maurer | 10 Oct 11:48 2007

AW: VPS capabilities

Ah -i see. So it is possible to run vzctl inside a vps and do most vps
admin tasks there?

- Dietmar

>> VE_ADMIN
>
>it is a restricted subset of CAP_SYS_ADMIN+CAP_NET_ADMIN capability for
VE root.
>it allows to do a lot of thing allowed for std root, like configuring
firewalls,
>network devices, etc. but not everything, e.g. VE root can't change
mtrr 
>registers, can't issue raw SCSI commands, etc.

Gmane