[00:10] fleshcrawler (~fleshcraw@port-212-202-14-168.reverse.qsc.de) joined #vserver. [00:12] hmm, my girlfriend just listened to 'Battle In Heaven' and she said, it reminds her a little of Halloween, Nuclear Assault and King Diamond ... she likes the guitarr, but you have to work on your voice .... [00:12] hey cool. but I don't really understand halloween in that kontext ;-) [00:13] we get compared to destroyer 666 and immortal [00:13] anyway... that song is sooo old and it's the worst on the demo. [00:13] well I had to start somewhere ... right? [00:13] check out The Battle of the Triumphant or Prepare to die by eternal Darkness... [00:14] sure. anyway... I'm glad that patch vs1.0 is working now. vserver rulez! [00:20] mhepp (~mhepp@r72s22p13.home.nbox.cz) left irc: Ping timeout: 493 seconds [00:39] fleshcrawler (~fleshcraw@port-212-202-14-168.reverse.qsc.de) left irc: Ping timeout: 493 seconds [00:41] fleshcrawler (~fleshcraw@port-212-202-14-168.reverse.qsc.de) joined #vserver. [00:54] fleshcrawler (~fleshcraw@port-212-202-14-168.reverse.qsc.de) left irc: Ping timeout: 493 seconds [01:01] Nick change: Bertl -> Bertl_oO [01:09] fleshcrawler (~fleshcraw@port-212-202-14-168.reverse.qsc.de) joined #vserver. [01:17] fleshcrawler (~fleshcraw@port-212-202-14-168.reverse.qsc.de) left irc: Ping timeout: 493 seconds [01:18] netrose (~john877@CC3-24.171.21.47.charter-stl.com) joined #vserver. [01:26] Topic changed on #vserver by ChanServ!services@services.oftc.net: http://www.linux-vserver.org/ || vserver-1.0 released! [01:26] #vserver: mode change '-o riel' by ChanServ!services@services.oftc.net [01:26] #vserver: mode change '-o Bertl_oO' by ChanServ!services@services.oftc.net [02:00] Topic changed on #vserver by ChanServ!services@services.oftc.net: http://www.linux-vserver.org/ || vserver-1.0 released! [02:09] morning [02:21] unriel (~riel@riel.netop.oftc.net) left irc: Ping timeout: 493 seconds [02:32] Nick change: Bertl_oO -> Bertl [02:32] hi! [03:21] netrose (~john877@CC3-24.171.21.47.charter-stl.com) left irc: Ping timeout: 493 seconds [05:12] netrose (~john877@CC3-24.171.21.47.charter-stl.com) joined #vserver. [06:04] Nick change: Bertl -> Bertl_zZ [06:22] netrose (~john877@CC3-24.171.21.47.charter-stl.com) left irc: [06:43] serving (~serving@213.186.189.198) left irc: Ping timeout: 493 seconds [08:35] serving (~serving@213.186.189.198) joined #vserver. [10:54] moin [11:52] hi [11:57] loger0 joined #vserver. [11:58] loger (~loger@213.159.118.2) left irc: Ping timeout: 492 seconds [11:58] Nick change: loger0 -> loger [12:18] zachary (~zachary@203.125.7.187) joined #vserver. [12:22] Nick change: zachary -> zyong [12:33] zyong (~zachary@203.125.7.187) left #vserver. [13:42] zyong (~z@203.125.7.187) joined #vserver. [13:58] serving (~serving@213.186.189.198) left irc: Ping timeout: 492 seconds [14:18] Nick change: Bertl_zZ -> Bertl [14:18] hi all! [14:19] zyong (~z@203.125.7.187) left irc: [14:19] zyong (zyong@bb-203-125-7-187.singnet.com.sg) joined #vserver. [14:20] Topic changed on #vserver by Bertl!~herbert@MAIL.13thfloor.at: http://www.linux-vserver.org/ || stable 1.00, devel 1.1.2 [14:20] hi zyong! [14:20] hey Bertl [14:21] what do you wish for vserver in near future? ;) [14:22] hmmmm, better documentation [14:22] i'm quite confused over the patching of kernels [14:22] good point, so a basic how to patch the kernel explanation? [14:22] hmmm, yea [14:23] like that one? http://www.uni-paderborn.de/Linux/mdw/HOWTO/Kernel-HOWTO-5.html [14:23] lol [14:24] i'm at http://www.miredespa.com/wmaton/linux/kernel-patch-HOWTO-6.html [14:24] yeah, maybe we should make a page which is vserver specific in how/what to patch ... [14:26] you are patching yourself the first time? [14:26] Bertl, how different is the virtualization layer of vserver from sw-soft's virtuzzo? [14:26] yea i am [14:26] well I must admit, I don't know virtuozzo ... so I can't compare ... [14:27] maybe you could name some advantages/disadvantages and I can comment on them regarding vserver ... [14:27] i've read something from sladen's mailing list archives that discusses the similarities [14:28] hmmm. [14:32] probably one of the differences is the virtual network not yet present in vserver (only in alexs tree) ... [14:32] virtual network? [14:33] virtuozzo seems to support a virtual network device (venet), at least that is what I read on their page ... [14:33] doesn't vserver do that? [14:34] no, we just use restricted aliases for existing interface (yet) [14:35] hmmm [14:36] kestrel_ (~athomas@192.65.90.92) left irc: Ping timeout: 492 seconds [14:36] how does it differ from support for a venet than that of an alias? [14:37] hmm well I guess you can change the interface configuration from inside the vserver, with a virtual device, and you can add your own iptable rules ... [14:38] ahhhh [14:38] now i get it [15:50] serving (~serving@213.186.191.55) joined #vserver. [15:50] hi serving! [16:01] fleshcrawler (~fleshcraw@212.202.14.33) joined #vserver. [16:02] hi fleshcrawler! [16:02] hi there [16:02] matta (matta@69.56.241.195) left irc: Read error: Connection reset by peer [16:08] I'm starting now doing the nasty stuff on my vserver... [16:08] hmm, which means? [16:09] I tryed to install a honeyd but there is a problem with listening on the interfaces and ips. [16:09] all interfaces are visible inside the vserver. [16:10] well yes, the link is visible the address only for those specified ... [16:10] yep. but how can i refer to the vserver interface? it's called eth0:high for highcommand [16:10] (which is the hostname) [16:11] no it is actually called eth0:highcommand but you only see the first 4 with ifconfig ... try ip addr/link show instead [16:11] ah! okay. that answers my questions... [16:12] be careful, as there is a limit how long such interface names can be, and if they are too long (means the vserver name is too long) you'll get weird effects if you use more than one ip or similar named vservers ... [16:12] is there a location for a detailed manual on vserver? as I know there a lots of options (capabilities) which can be enabled. [16:13] jack has a lot of useful information in his howto/overview ... [16:13] yes, i read about that. [16:13] where is the url? [16:13] http://dns.solucorp.qc.ca/miscprj/s_context.hc [16:13] it's linked on the linux-vserver.org page ... [16:16] Thanks! Found it! [16:16] I think I saw this before... [16:20] by the way, a brief overview is included in the tools help, so chcontext --help will list them ... [16:22] ah yes! that's what I was looking for! [16:27] loger joined #vserver. [17:04] riel_ (~riel@66.187.230.200) joined #vserver. [17:04] hi rik! [17:05] morning [17:15] hi [17:20] fleshcrawler (~fleshcraw@212.202.14.33) left irc: [18:56] ensc (~ircensc@134.109.116.202) left irc: Ping timeout: 492 seconds [19:08] say_ (~say@212.86.243.154) joined #vserver. [19:08] say (~say@212.86.243.154) left irc: Read error: Connection reset by peer [20:42] ensc (~ircensc@134.109.116.202) joined #vserver. [20:53] Hi Bertl [20:53] hi say! [20:53] maybe you can help me with some kernel network stuff? [20:55] I'll try but can't promise :) [20:55] I would like to change the destination device of a packet (skb) in such way, that it travels to a specific interface ... [20:56] hmm maybe I should elaborate ... [20:56] consider an interface eth0 and a second one called eth1 ... okay? [20:57] ok [20:57] now if I configure eth0 to 10.0.0.1/24 and eth1 to 10.1.0.1/24 and both are connected to separate networks when I ping the 10.1.0.1 from the 10.0.0.0 network, the ping is answered ... right? [20:58] (assuming the routing is set up in such a way that this works) [20:59] yes if there was enabled packet forwarding in host [21:00] okay, so if I attach a tcpdump on eth0 and eth1, only the tcpdump for eth0 will see the packets ... [21:01] now I would like to change this for lets say a special packet, the echo request for example, it should show up as if it is coming from eth1, how would I do that? [21:03] hmm. this question is not easy :) [21:03] or maybe the other way around, I guess I have to change the skb->dst to deliver a packet to eth1 instead to eth0 .. but I can't figure out how to 'create' such a new 'dst_entry' ... [21:04] as i understand if your packet coming to eth1 it couldn't come back to your host [21:05] well, it should be 'received' from eth1 instead of eth0 .. [21:05] maybe my logic is flawed as I do not understand the network stack yet ... [21:06] so, how this packet is treat by eth1 - as in or out? [21:06] currently it is targeted at the eth1-ip, received as in on eth0 and that's it ... [21:07] if your packet will treating as in, probably the filter rules will not pass it. [21:08] you see, all packets devide to in/out for all interfaces [21:08] okay, the echo request to 10.1.0.1 is an 'in' packet then, the reply an 'out' right? [21:09] if you change dst of packet that is "in" for eth0 to dst "eth1", this packet must treat as "out" because [21:09] it go to eth1 from host but not from network [21:10] yes. [21:10] well I would like to receive it on eth0 (the frame) but pass it to userspace via eth1 ... [21:11] i think this act will do some trouble for routing procedure. [21:12] packet from network that routes thru eth0 pass to userspace from eth1 [21:13] hm. i think you'll get routing routing problem in this situation [21:13] hmm, well, I don't understand why the packet actually is reported on eth0, if it is targeted at the eth1 ip ... as I don't understand how an application could bind to an address this way, or is this something completely different? [21:16] no, it's targeted to ip1, not to eth1. [21:17] okay, thought so, but in this case, it wouldn't matter from which interface it is, right? [21:17] when packet coming to host from eth0 treats by routing rpocedures as local packet so [21:18] there is start searching socket with ip1/protocol/port that specified in packet [21:19] okay, I think I understood that ... let's try something else ... [21:19] hmm. for userspace app i think not, but not for network stack [21:20] what if I generate a packet within the kernel, and would like to 'make it look like' this packet was received from eth0 ? [21:21] it should exactly do what every packet received on eth0 does ... [21:24] i don't know where the kernel insert itself generated packets :( [21:25] so if it inserts packets directly to socket [21:26] this don't break common network technology [21:27] well I figured that ip_route_input() would take a 'new' packet and deliver it as expected ... ip_local_deliver() should do for local delivery ... [21:29] but my problem is still, that I don't know how to use a 'specific' interface for this ... [21:29] a minute please [21:37] let's go to start. i see 2 your wishes: [21:39] 1) you want to specify dst interface of packet. you can't do that except from routing procedures [21:40] 2) you want to specify src interface of packet that go to userland. you can do that simply by [21:40] change skb->dev [21:41] what of this cases are more close to your wish? [21:42] hmm, I guess 2 ... but I'm not sure ;) [21:45] ok. your packet coming to host system from eth0 but for ip1 that assign to eth1. [21:46] AFAIK there is 1 place that points to interface where from coming packet: skb->dev [21:46] so you can change this field to your more likely interface [21:47] Warning: kfree_skb passed an skb still on a list (from 902150cd). [21:47] hmm, what did I wrong? [21:48] wait, i'll see to src [21:50] in what procedure did you change skb->dev? [21:50] in my own ... [21:50] do I have to put/get the device? assume so ... [21:52] i'm back! [21:53] hm. ok :) from what common func of kernel your own func is called? [21:53] it's a netfilter hook ... [21:54] but I guess what is interesting to you is where the packet comes from ... [21:54] I do a skb_copy() of an existing packet and just change the dev ... [21:56] then I feed it into netif_rx_ni(skb); [21:56] which is probably the wrong thing to do ;) [21:58] huh. ok. send me code of your procedure than i'll try to help you. [21:59] i think you copy skb it point when the packet is not correctly prepared to put to netif. or when you try [22:00] to delete packet after feed it you do something wrong. i can't say what before i'll saw your sources. [22:00] hey guys, i tried patching my kernel with herbert's patches and i got like, 8 .rej files, what can i do about it? [22:01] @say .. give me a minute, and you can access the sources ... [22:01] @zyong hmm which kernel, what patches? ;) [22:02] redhat 7.3, 2.4.20-20.7. patch-2.4.20-vs1.00.diff [22:03] get a vanilla kernel from kernel.org and try again ;) [22:04] i got the kernel-source-2.4.20-20.7 rpm package, cped them to a new directory (/usr/src/linux.2.4.20-20.7patch), dled the patch, patch -p1 < patch-2.4.20-vs1.00.diff [22:04] @say ... http://vserver.13thfloor.at/Stuff/vnet.c [22:04] ok. [22:04] how does the rpm source package differ from that of the vanilla kernel? will it break anything? [22:05] @zyong redhat uses a heavily patched kernel, you will need alex branch or a vanilla kernel ... [22:05] this is my *1st* attempt at patching a kernel =\ [22:05] well you will succeed, just get the vanilla kernel from kernel org ftp://ftp.kernel.org/pub/linux/kernel/v2.4 IIRC [22:06] i know, but will using a vanilla kernel on a redhat system screw anything up? [22:06] ahh ok i'll try [22:06] it should not, as the 2.4 kernel API is fixed and should be honored by RH too ... maybe you'll miss a specific driver/etc ... [22:06] I would suggest to go for a 2.4.22 or 2.4.23-rc1 kernel though ... [22:07] i was just downloading the 23rc1 kernel as you typed this ;) [22:08] do you want to use the stable or devel tree of vserver? [22:08] stable [22:08] i just realised [22:08] well, it's not a big problem ... [22:08] the latest stable version on herbert's page is for .22 [22:09] so i'll have to get a .22 kernel? [22:09] you can get one for 2.4.23-rc1 too ... [22:09] hmmm ok [22:11] ah. btw, Herbert. I try to create a mirror of linux-vserver.org, but without ftp-access to this site it close to impossible [22:11] hmm, even with it will be almost-impossible ... [22:12] but if you are interested, we can talk about a mirror concept for that one ... [22:12] there is no ways to change technology from php or to mirror dadtabase directly? [22:13] a copy of the database would be possible, but how to cope with changes done on 'your' wiki ;) [22:13] I have planed mirror your site to www.vserver.org.ua [22:14] it'll can be one-way mirror [22:14] jak (~jack@67.127.53.31) joined #vserver. [22:15] @say well you could do a one way with 'wget -np -m -k' or so ... [22:15] hmmm Bertl, you're herbert? [22:15] yup! [22:16] lol. the latest stable version on herbert's page is for .22 [22:23] http://vserver.13thfloor.at/Experimental/patch-2.4.23-rc1-vs1.00.diff [22:23] especially for you ;) [22:24] ohh thank you sir :D [22:29] hi jak?! [22:34] @zyong and it actually compiles ;) [22:35] the file is LARGE [22:35] 65% more to go [22:35] hmm, you can bzip it ;) [22:35] yup i got the bzip version [22:36] ahh, you are talking about the kernel ;) [22:36] oh ya, the patch's ok [22:37] i don't see the source for 23rc1, so i get .22, patch it with 23rc1, then patch it again with your patch? [22:38] yes, correct ... [22:38] ahhh [22:38] hi bertl [22:47] jak (~jack@67.127.53.31) left #vserver (Expect unexpected, but never expect more than what you deserve and a bugfree code). [22:48] okay .. will be back in 1-2 hours ... [22:49] cya again herbert ;) [22:49] Nick change: Bertl -> Bertl_oO [23:17] Ok. Good bye to all. @Bertl: I'll see your src tomorrow. [23:17] cya say_ [23:23] Nick change: Bertl_oO -> Bertl [23:24] well, I'm back early ... [23:26] i'm being confused over make config now. i do not know what many of the variables are asking about [23:27] is it possible if i use the MakeFile from rh's kernel-source package and base it from there? [23:28] like, mv /MakeFile /MakeFile, make config [23:31] what does make oldconfig base itself on, the current loaded kernel? [23:31] the entire kernel config is held in a file called .config ... [23:31] so if you want the 'default' RH uses, you could copy that and invoke make oldconfig ... [23:33] cp /.config /.config, make oldconfig? [23:34] well, yes, maybe you need to do rpm -bp to get that config file into the source ... [23:35] after that I would advise that you do a 'make menuconfig' and disable all the stuff, you know you don't have/will never need ... [23:37] oh, make menuconfig will base itself on the current MakeFile generated by make oldconfig, and i am able to further tweak settings from there? [23:39] okay, there goes the confusing part for me [23:40] WSU (~WSU@205.244.47.254) joined #vserver. [23:40] herbert, does oldconfig *need* the .config file for the kernel source? is it able to get the configurations for the current booted kernel and generate the Makefile accordingly? [23:41] nope, it isn't I provide a patch which stores the kernel config in /proc/config.bz2 maybe redhat uses something similar ... [23:41] hi WSU! [00:00] --- Sat Nov 15 2003