From: Yann D. <yd...@al...> - 2000-11-14 01:44:07
|
What I'm trying to set up is bridging the eth0 virtual network interface into the local eth1 network. Probably I'm missing something. The host which will run the UML machines: eth1 Link encap:Ethernet HWaddr 00:50:FC:21:79:99 inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:52449 errors:0 dropped:0 overruns:0 frame:0 TX packets:54743 errors:0 dropped:0 overruns:0 carrier:0 collisions:520 txqueuelen:100 Interrupt:9 Base address:0x6c00 The UML machines have same mask and bcast addresses. The other real host is there: root@bylbo:~# ping 10.0.0.2 PING 10.0.0.2 (10.0.0.2): 56 data bytes 64 bytes from 10.0.0.2: icmp_seq=0 ttl=255 time=0.6 ms 64 bytes from 10.0.0.2: icmp_seq=1 ttl=255 time=0.4 ms 64 bytes from 10.0.0.2: icmp_seq=2 ttl=255 time=0.4 ms - when I fire up 2 UMLs, configure them as described in the networking.html tutorial (everything running as an unpriviledged user), they can ping each other. - when I run the net_util as root, the UML hosts do manage to make their eth0 come up (without it running they correctly fail to), but then pings don't get through. If then I "ifconfig eth0 down" one of them, then up, then down again, the daemon exits with SIGPIPE (hm, indeed it sometimes stays up): select(6, [3 4 5], NULL, NULL, NULL) = 3 (in [3 4 5]) write(2, "connect\n", 8connect ) = 8 accept(3, {sin_family=AF_INET, sin_port=htons(1581), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 6 read(4, "\0`\214\352\205k\0P\374!y\231\10\0E\0\5\334\375\241 \271"..., 1544) = 1514 write(2, "04 100 ->", 904 100 ->) = 9 write(2, " 00", 3 00) = 3 write(2, " 60", 3 60) = 3 write(2, " 8c", 3 8c) = 3 write(2, " ea", 3 ea) = 3 write(2, " 85", 3 85) = 3 write(2, " 6b", 3 6b) = 3 write(2, " 00", 3 00) = 3 write(2, " 50", 3 50) = 3 write(2, " fc", 3 fc) = 3 write(2, " 21", 3 21) = 3 write(2, " 79", 3 79) = 3 write(2, " 99", 3 99) = 3 write(2, " 08", 3 08) = 3 write(2, " 00", 3 00) = 3 write(2, " 45", 3 45) = 3 write(2, " 00", 3 00) = 3 write(2, " ->", 3 ->) = 3 write(2, " 05", 3 05) = 3 write(5, "\0\0\0\1\0\0\5\352\0`\214\352\205k\0P\374!y\231\10\0E\0"..., 1522) = -1 EPIPE (Broken pipe) --- SIGPIPE (Broken pipe) --- +++ killed by SIGPIPE +++ ...and the involved UML process enters a loop saying "failed to forward 14 to process <pid>, errno = 9", which I can only stop with Ctrl-C, which inteerupts the UML kernel itself - hence fsck on reboot. If I try pings from one real host to a virtual one or vice versa, "ping" does not get answers. However, tcpdump on the 10.0.0.1 host reports some ICMP "echo request" coming from the UML, but mostly arp messages like: 02:23:22.372252 arp who-has 10.0.0.1 tell 10.0.0.10 When I run "ping 10.0.0.10" from the host: 02:47:25.345946 10.0.0.10 > 10.0.0.1: icmp: echo request (DF) And from the remote real host to the UML: 02:24:32.314019 arp who-has 10.0.0.10 tell 10.0.0.2 -- Yann Dirson <yd...@al...> | Why make M$-Bill richer & richer ? debian-email: <di...@de...> | Support Debian GNU/Linux: | Cheaper, more Powerful, more Stable ! http://ydirson.free.fr/ | Check <http://www.debian.org/> |
From: William S. <wst...@po...> - 2000-11-14 02:20:30
Attachments:
pubme-proxyarp
|
Good evening, Yann, I'd be interested to know why you want to bridge packets between the real and the virtual ethernet lans - is there a reason why setting up a second IP network would be less preferable? For example, could you leave your real ethernet at 10.x.x.x and put the umls on 192.168.0.x/24? Taking that approach would allow you to simply route between the two networks. I could see that perhaps you don't wish to make any routing changes to the machines on the real ethernet network - lets assume that's the case and you want to have the uml host act as a bridge. You have two choices. The first is to do real bridging in the host kernel. From Configure.help: 802.1d Ethernet Bridging CONFIG_BRIDGE If you say Y here, then your Linux box will be able to act as an Ethernet bridge, which means that the different Ethernet segments it is connected to will appear as one Ethernet to the participants. Several such bridges can work together to create even larger networks of Ethernets using the IEEE 802.1 spanning tree algorithm. As this is a standard, Linux bridges will cooperate properly with other third party bridge products. In order to use the ethernet bridge, you'll need the bridge configuration tools; see Documentation/networking/bridge.txt for location. Please read the Bridge mini-HOWTO for more information. The second choice is to perform proxyarp. The host will need to stand in for all machines on both sides, acting as a standin for all arp requests. You'll have to do the arp commands by hand. I've attached a writeup I did about proxyarp. I hope it'll explain the process enough that you can give it a try yourself. I'm pretty sure that routing between two different IP networks, real ethernet bridging, or proxyarping will solve your problem; it's just a matter of what your priorities are. Best of luck. Cheers, - Bill On Tue, 14 Nov 2000, Yann Dirson wrote: > What I'm trying to set up is bridging the eth0 virtual network > interface into the local eth1 network. Probably I'm missing > something. > > The host which will run the UML machines: > > eth1 Link encap:Ethernet HWaddr 00:50:FC:21:79:99 > inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0 > UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 > RX packets:52449 errors:0 dropped:0 overruns:0 frame:0 > TX packets:54743 errors:0 dropped:0 overruns:0 carrier:0 > collisions:520 txqueuelen:100 > Interrupt:9 Base address:0x6c00 > > The UML machines have same mask and bcast addresses. > > The other real host is there: > > root@bylbo:~# ping 10.0.0.2 > PING 10.0.0.2 (10.0.0.2): 56 data bytes > 64 bytes from 10.0.0.2: icmp_seq=0 ttl=255 time=0.6 ms > 64 bytes from 10.0.0.2: icmp_seq=1 ttl=255 time=0.4 ms > 64 bytes from 10.0.0.2: icmp_seq=2 ttl=255 time=0.4 ms > > - when I fire up 2 UMLs, configure them as described in the > networking.html tutorial (everything running as an unpriviledged > user), they can ping each other. > > - when I run the net_util as root, the UML hosts do manage to make > their eth0 come up (without it running they correctly fail to), but > then pings don't get through. If then I "ifconfig eth0 down" one of > them, then up, then down again, the daemon exits with SIGPIPE (hm, > indeed it sometimes stays up): > > select(6, [3 4 5], NULL, NULL, NULL) = 3 (in [3 4 5]) > write(2, "connect\n", 8connect > ) = 8 > accept(3, {sin_family=AF_INET, sin_port=htons(1581), sin_addr=inet_addr("127.0.0.1")}}, [16]) = 6 > read(4, "\0`\214\352\205k\0P\374!y\231\10\0E\0\5\334\375\241 \271"..., 1544) = 1514 > write(2, "04 100 ->", 904 100 ->) = 9 > write(2, " 00", 3 00) = 3 > write(2, " 60", 3 60) = 3 > write(2, " 8c", 3 8c) = 3 > write(2, " ea", 3 ea) = 3 > write(2, " 85", 3 85) = 3 > write(2, " 6b", 3 6b) = 3 > write(2, " 00", 3 00) = 3 > write(2, " 50", 3 50) = 3 > write(2, " fc", 3 fc) = 3 > write(2, " 21", 3 21) = 3 > write(2, " 79", 3 79) = 3 > write(2, " 99", 3 99) = 3 > write(2, " 08", 3 08) = 3 > write(2, " 00", 3 00) = 3 > write(2, " 45", 3 45) = 3 > write(2, " 00", 3 00) = 3 > write(2, " ->", 3 ->) = 3 > write(2, " 05", 3 05) = 3 > write(5, "\0\0\0\1\0\0\5\352\0`\214\352\205k\0P\374!y\231\10\0E\0"..., 1522) = -1 EPIPE (Broken pipe) > --- SIGPIPE (Broken pipe) --- > +++ killed by SIGPIPE +++ > > ...and the involved UML process enters a loop saying "failed to > forward 14 to process <pid>, errno = 9", which I can only stop with > Ctrl-C, which inteerupts the UML kernel itself - hence fsck on reboot. > > If I try pings from one real host to a virtual one or vice versa, > "ping" does not get answers. However, tcpdump on the 10.0.0.1 host > reports some ICMP "echo request" coming from the UML, but mostly > arp messages like: > > 02:23:22.372252 arp who-has 10.0.0.1 tell 10.0.0.10 > > When I run "ping 10.0.0.10" from the host: > > 02:47:25.345946 10.0.0.10 > 10.0.0.1: icmp: echo request (DF) > > And from the remote real host to the UML: > > 02:24:32.314019 arp who-has 10.0.0.10 tell 10.0.0.2 (The above really look like the standard types of arp problems one would see before implementing proxyarp or bridging.) --------------------------------------------------------------------------- I'm not tense, just terribly, terribly alert. (Courtesy of "Michael J. Dark" <dar...@ze...>) -------------------------------------------------------------------------- William Stearns (wst...@po...). Mason, Buildkernel, named2hosts, and ipfwadm2ipchains are at: http://www.pobox.com/~wstearns LinuxMonth; articles for Linux Enthusiasts! http://www.linuxmonth.com -------------------------------------------------------------------------- |
From: Yann D. <yd...@al...> - 2000-11-15 22:56:54
|
Hi Bill, On Mon, Nov 13, 2000 at 09:18:55PM -0500, William Stearns wrote: > I'd be interested to know why you want to bridge packets between > the real and the virtual ethernet lans - is there a reason why setting up > a second IP network would be less preferable? Yes. I want in the end a UML virtual host to act as a firewall between the local LAN (part which could be done by routing) and the internet comming on another ether, which obviously I do not want to connect to anything else. For now the config I described is just used for testing. As for routing, I must say I had problems using the tap device from 2.2.18pre21. Here's what I get: # net-tools/um_eth_net_util tap0 100 /dev/tap0: No such device PHY: tap0 phy close The module isn't autoloaded, and an explicit load attempt gives: # modprobe ethertap /lib/modules/2.2.18pre21vm7/net/ethertap.o: init_module: Device or resource busy Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters /lib/modules/2.2.18pre21vm7/net/ethertap.o: insmod /lib/modules/2.2.18pre21vm7/net/ethertap.o failed /lib/modules/2.2.18pre21vm7/net/ethertap.o: insmod ethertap failed ... which I kinda find strange - which damn resource does it try to get ?! > the case and you want to have the uml host act as a bridge. You have two > choices. > The first is to do real bridging in the host kernel. From > Configure.help: Hm... I thought net_util would do that itself - though I had doubts after my attempts. Anyway, these should be documented on the networking page, where only the net_util command-line is given. > The second choice is to perform proxyarp. The host will need to > stand in for all machines on both sides, acting as a standin for all arp > requests. You'll have to do the arp commands by hand. > I've attached a writeup I did about proxyarp. I hope it'll > explain the process enough that you can give it a try yourself. Thanks much for this, it is indeed an interesting text. However I don't think it can be applied to my case. I'll have a look at the kernel bridging stuff, then. Best regards, and thanks for the info -- Yann Dirson <yd...@al...> | Why make M$-Bill richer & richer ? debian-email: <di...@de...> | Support Debian GNU/Linux: | Cheaper, more Powerful, more Stable ! http://ydirson.free.fr/ | Check <http://www.debian.org/> |
From: Yann D. <yd...@al...> - 2000-11-15 23:28:19
|
On Thu, Nov 16, 2000 at 12:07:30AM +0100, Yann Dirson wrote: > The module isn't autoloaded, and an explicit load attempt gives: Hm, I was wrong. Module "tap0" is autoloaded. Thanks to diald.deb which added to my modules.conf: alias tap0 ethertap options tap0 -o tap0 unit=0 alias tap1 ethertap options tap1 -o tap1 unit=1 Looks like these lines are correct... > # modprobe ethertap > /lib/modules/2.2.18pre21vm7/net/ethertap.o: init_module: Device or resource busy > Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters > /lib/modules/2.2.18pre21vm7/net/ethertap.o: insmod /lib/modules/2.2.18pre21vm7/net/ethertap.o failed > /lib/modules/2.2.18pre21vm7/net/ethertap.o: insmod ethertap failed Removing the tap0 module allows ethertap to be loaded. However they do not have the same size: tap1 2288 0 (unused) ethertap 2304 0 (unused) Looks like I still have to learn about tap devices... and that once again the networking docs for UML lack some key details :( Regards, -- Yann Dirson <yd...@al...> | Why make M$-Bill richer & richer ? debian-email: <di...@de...> | Support Debian GNU/Linux: | Cheaper, more Powerful, more Stable ! http://ydirson.free.fr/ | Check <http://www.debian.org/> |
From: William S. <wst...@po...> - 2000-11-17 20:26:22
|
Good morning, Yann, On Thu, 16 Nov 2000, Yann Dirson wrote: > As for routing, I must say I had problems using the tap device from > 2.2.18pre21. Here's what I get: > > # net-tools/um_eth_net_util tap0 100 > /dev/tap0: No such device > PHY: tap0 > phy close > > The module isn't autoloaded, and an explicit load attempt gives: > > # modprobe ethertap > /lib/modules/2.2.18pre21vm7/net/ethertap.o: init_module: Device or resource busy > Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters > /lib/modules/2.2.18pre21vm7/net/ethertap.o: insmod /lib/modules/2.2.18pre21vm7/net/ethertap.o failed > /lib/modules/2.2.18pre21vm7/net/ethertap.o: insmod ethertap failed > > ... which I kinda find strange - which damn resource does it try to get ?! Looking at the code in /usr/src/linux-2.2.18/drivers/net/ethertap.c, there's only one thing that can cause an -EBUSY to be returned on insertion: int init_module(void) { dev_ethertap.base_addr=unit+NETLINK_TAPBASE; sprintf(devicename,"tap%d",unit); if (dev_get(devicename)) { printk(KERN_INFO "%s already loaded.\n", devicename); return -EBUSY; } if (register_netdev(&dev_ethertap) != 0) return -EIO; return 0; } It seems the module is already loaded. Is it? Is it possibly compiled straight into the kernel? > > the case and you want to have the uml host act as a bridge. You have two > > choices. > > The first is to do real bridging in the host kernel. From > > Configure.help: > > Hm... I thought net_util would do that itself - though I had doubts > after my attempts. net_util has the sole job of getting packets back and forth between the uml kernel and the host kernel. It has no responsibilities for routing, packet forwarding, packet filtering, or proxarp that may also be needed depending on your requirements. Think of um_eth_net_util as the virtual ethernet card on the host kernel side of the internal virtual ethernet network. > Anyway, these should be documented on the networking page, where only > the net_util command-line is given. If you look back in he archives of this list, I posted a recipe for Ethernet networking a few weeks back. > > The second choice is to perform proxyarp. The host will need to > > stand in for all machines on both sides, acting as a standin for all arp > > requests. You'll have to do the arp commands by hand. > > I've attached a writeup I did about proxyarp. I hope it'll > > explain the process enough that you can give it a try yourself. > > Thanks much for this, it is indeed an interesting text. However I > don't think it can be applied to my case. > > I'll have a look at the kernel bridging stuff, then. Best of luck - I hope you find what you need. Cheers, - Bill --------------------------------------------------------------------------- Q: Will the tcp/ethernet SMP scaling changes be back-ported to 2.2.x? Mingo: yes, all SMP changes in 2.3 will be backported to 2.2 in the next few months, but to not confuse it with 2.2 it will be named '2.4' ;) -- Ingo Molnar <mi...@ch...> -------------------------------------------------------------------------- William Stearns (wst...@po...). Mason, Buildkernel, named2hosts, and ipfwadm2ipchains are at: http://www.pobox.com/~wstearns LinuxMonth; articles for Linux Enthusiasts! http://www.linuxmonth.com -------------------------------------------------------------------------- |
From: Yann D. <yd...@al...> - 2000-11-21 18:52:47
|
On Fri, Nov 17, 2000 at 11:02:00AM -0500, William Stearns wrote: > It seems the module is already loaded. Is it? Is it possibly > compiled straight into the kernel? Yes it was - I thought I had explained my mistake already: the module was already (auto)loaded, but with name "tap0". > net_util has the sole job of getting packets back and forth > between the uml kernel and the host kernel. It has no responsibilities > for routing, packet forwarding, packet filtering, or proxarp that may also > be needed depending on your requirements. > Think of um_eth_net_util as the virtual ethernet card on the host > kernel side of the internal virtual ethernet network. I can understand this for "um_eth_net_util tap0", but them what means the (largely unexplained) "um_eth_net_util eth0" ? I can understand that using kernel-level bridging would be needed to bridge tap0 to the real ethernet, but the only explanation I found to this line was that it was going to do the bridging itself without even consuming an ethertap slot. Obviously it doesn't work that way, so I'm a bit lost. > > Anyway, these should be documented on the networking page, where only > > the net_util command-line is given. > > If you look back in he archives of this list, I posted a recipe > for Ethernet networking a few weeks back. I'll look at it. I may also have a try at putting the material from the web site and the archives in a standalone document - no promise, though. > > I'll have a look at the kernel bridging stuff, then. Not yet done :( Best regards, -- Yann Dirson <yd...@al...> | Why make M$-Bill richer & richer ? debian-email: <di...@de...> | Support Debian GNU/Linux: | Cheaper, more Powerful, more Stable ! http://ydirson.free.fr/ | Check <http://www.debian.org/> |