[Lxc-users] Re Re: [Network] ioctl on socket fails in container

stephane.riviere at regis-dgac.net stephane.riviere at regis-dgac.net
Thu Apr 15 08:44:29 UTC 2010 

Hi,

I've compiled a new kernel with a patched af_packet.c (just removed the 2 
lines) and everything now works flawlessly in the containers :-)

I think someone should propose this patch to the kernel developpers.

Thanks for your help !


Stéphane.







Daniel Lezcano <daniel.lezcano at free.fr> 
14/04/2010 13:13

A
stephane.riviere at regis-dgac.net
cc
lxc-users at lists.sourceforge.net
Objet
Re: [Lxc-users] [Network] ioctl on socket fails in container






stephane.riviere at regis-dgac.net wrote:
> Hi,
>
> I'm using LXC to run Perl scripts that generate network traffic, using 
the 
> Net::RawIP package.
> The scripts work perfectly well on a "real" host, but fail inside an LXC 

> container.
>
> After a few hours of testing/debuging, the origin of the problem is that 

> some basic ioctl calls on socket fails.
>
> Net::RawIP relies on SIOCGIFADDR et SIOCGIFHWADDR to get the IP and MAC 
> addresses of the network interface.
>
> My container has 2 interfaces : 1 macvlan (normally used to generate 
> traffic) and 1 bridged (to dialogue with the host and the other 
> containers).
>
> In the container, these ioctl calls fail with an "Invalid argument" on 
> every interface, including the loopback.
>
>
> I've extracted the failing code from Net::RawIP to have a simple test 
> program (code at the end of the message).
> It just creates a socket and do the 2 ioctl calls on it.
>
> My LXC configuration is based on the article of Stéphane Graber 
> (http://www.stgraber.org/category/lxc):
>
> - host : Ubuntu 9.10 Desktop (2.6.31 kernel)
> - containers : Ubuntu 8.04 
>
>
> I really don't know what's wrong, because ifconfig relies on the same 
> basic call to get interface information...
>
> If anyone has any idea, I would greatly appreciate it :-)
> 

Good report, thanks ! I was able to reproduce it.

The problem is coming from the kernel, the following lines are still 
there in the file net/packet/af_packet.c,

[ ... ]
               if (!net_eq(sock_net(sk), &init_net))
                        return -ENOIOCTLCMD;

[ ... ]

in the packet_ioctl function. It shouldn't. These lines mean the 
af_packet is not namespace aware, but I think this is no longer the case 
still a long time now ... I assume just removing these two lines will 
fix the problem.

Thanks
  -- Daniel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20100415/cff155da/attachment.html>

More information about the lxc-users mailing list