Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign uplast Qubes R3 stable upgrade broke all networking #1848
Comments
adrelanos
referenced this issue
Mar 17, 2016
Open
Documentation: network issues debug information #1849
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
adrelanos
Mar 17, 2016
Member
Which Qubes version are you using? (R3, R3.1 etc.)
- R3
Which Qubes suite are you using? (stable, testing, experimental)
- stable
On which TemplateVMs are the following of your VMs based on?
- sys-net - Fedora21
- sys-firewall - Fedora21
- an AppVM connected to sys-firewall - Debian8
sys-net
[user@sys-net ~]$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=59 time=22.0 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=59 time=22.7 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=59 time=23.3 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 22.058/22.713/23.335/0.536 ms
[user@sys-net ~]$ sudo systemctl list-units --failed
0 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
[user@sys-net ~]$ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.0.1
[user@sys-net ~]$ sudo time iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
0.08user 0.01system 0:00.09elapsed 97%CPU (0avgtext+0avgdata 2220maxresident)k
1496inputs+0outputs (0major+202minor)pagefaults 0swaps
[user@sys-net ~]$ sudo time iptables --list -t -nat
iptables v1.4.21: can't initialize iptables table `-nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
0.00user 0.00system 0:00.02elapsed 17%CPU (0avgtext+0avgdata 2028maxresident)k
0inputs+0outputs (0major+98minor)pagefaults 0swaps
user@sys-net ~]$ sudo ifconfig
enp0s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 80:fa:5b:19:e9:3e txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 80 memory 0xf7e00000-f7e20000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vif16.0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.137.1.1 netmask 255.255.255.255 broadcast 0.0.0.0
inet6 fe80::fcff:ffff:feff:ffff prefixlen 64 scopeid 0x20<link>
ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet)
RX packets 67 bytes 4008 (3.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 21 bytes 1736 (1.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp0s1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.4 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::e6f8:9cff:fe0a:5631 prefixlen 64 scopeid 0x20<link>
ether e4:f8:9c:0a:56:31 txqueuelen 1000 (Ethernet)
RX packets 188 bytes 73770 (72.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 107 bytes 13418 (13.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
sys-firewall
[user@sys-firewall ~]$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms
[user@sys-firewall ~]$
[user@sys-firewall ~]$ sudo time iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:bootpc
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere
ACCEPT udp -- 10.137.2.34 10.137.1.1 udp dpt:domain
ACCEPT udp -- 10.137.2.34 10.137.1.254 udp dpt:domain
ACCEPT tcp -- 10.137.2.34 10.137.1.1 tcp dpt:domain
ACCEPT tcp -- 10.137.2.34 10.137.1.254 tcp dpt:domain
ACCEPT icmp -- 10.137.2.34 anywhere
DROP tcp -- 10.137.2.34 10.137.255.254 tcp dpt:us-cli
ACCEPT all -- 10.137.2.34 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
0.01user 0.01system 2:00.15elapsed 0%CPU (0avgtext+0avgdata 3340maxresident)k
1736inputs+0outputs (2major+246minor)pagefaults 0swaps
[user@sys-firewall ~]$ sudo iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:bootpc
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere
ACCEPT udp -- 10.137.2.34 10.137.1.1 udp dpt:domain
ACCEPT udp -- 10.137.2.34 10.137.1.254 udp dpt:domain
ACCEPT tcp -- 10.137.2.34 10.137.1.1 tcp dpt:domain
ACCEPT tcp -- 10.137.2.34 10.137.1.254 tcp dpt:domain
ACCEPT icmp -- 10.137.2.34 anywhere
DROP tcp -- 10.137.2.34 10.137.255.254 tcp dpt:us-cli
ACCEPT all -- 10.137.2.34 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[user@sys-firewall ~]$
user@sys-net ~]$ sudo ifconfig
enp0s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 80:fa:5b:19:e9:3e txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 80 memory 0xf7e00000-f7e20000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vif16.0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.137.1.1 netmask 255.255.255.255 broadcast 0.0.0.0
inet6 fe80::fcff:ffff:feff:ffff prefixlen 64 scopeid 0x20<link>
ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet)
RX packets 67 bytes 4008 (3.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 21 bytes 1736 (1.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp0s1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.4 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::e6f8:9cff:fe0a:5631 prefixlen 64 scopeid 0x20<link>
ether e4:f8:9c:0a:56:31 txqueuelen 1000 (Ethernet)
RX packets 188 bytes 73770 (72.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 107 bytes 13418 (13.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[user@sys-firewall ~]$ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.4 0.3 38400 5280 ? Ss 17:15 0:01 /sbin/init
root 2 0.0 0.0 0 0 ? S 17:15 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 17:15 0:00 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S 17:15 0:00 [kworker/0:0]
root 5 0.0 0.0 0 0 ? S< 17:15 0:00 [kworker/0:0H]
root 6 0.0 0.0 0 0 ? S 17:15 0:00 [kworker/u16:0]
root 7 0.0 0.0 0 0 ? S 17:15 0:00 [rcu_sched]
root 8 0.0 0.0 0 0 ? S 17:15 0:00 [rcu_bh]
root 9 0.0 0.0 0 0 ? S 17:15 0:00 [rcuos/0]
root 10 0.0 0.0 0 0 ? S 17:15 0:00 [rcuob/0]
root 11 0.0 0.0 0 0 ? S 17:15 0:00 [migration/0]
root 12 0.0 0.0 0 0 ? S 17:15 0:00 [watchdog/0]
root 13 0.0 0.0 0 0 ? S 17:15 0:00 [watchdog/1]
root 14 0.0 0.0 0 0 ? S 17:15 0:00 [migration/1]
root 15 0.0 0.0 0 0 ? S 17:15 0:00 [ksoftirqd/1]
root 17 0.0 0.0 0 0 ? S< 17:15 0:00 [kworker/1:0H]
root 18 0.0 0.0 0 0 ? S 17:15 0:00 [rcuos/1]
root 19 0.0 0.0 0 0 ? S 17:15 0:00 [rcuob/1]
root 20 0.0 0.0 0 0 ? S 17:15 0:00 [watchdog/2]
root 21 0.0 0.0 0 0 ? S 17:15 0:00 [migration/2]
root 22 0.0 0.0 0 0 ? S 17:15 0:00 [ksoftirqd/2]
root 24 0.0 0.0 0 0 ? S< 17:15 0:00 [kworker/2:0H]
root 25 0.0 0.0 0 0 ? S 17:15 0:00 [rcuos/2]
root 26 0.0 0.0 0 0 ? S 17:15 0:00 [rcuob/2]
root 27 0.0 0.0 0 0 ? S 17:15 0:00 [watchdog/3]
root 28 0.0 0.0 0 0 ? S 17:15 0:00 [migration/3]
root 29 0.0 0.0 0 0 ? S 17:15 0:00 [ksoftirqd/3]
root 31 0.0 0.0 0 0 ? S< 17:15 0:00 [kworker/3:0H]
root 32 0.0 0.0 0 0 ? S 17:15 0:00 [rcuos/3]
root 33 0.0 0.0 0 0 ? S 17:15 0:00 [rcuob/3]
root 34 0.0 0.0 0 0 ? S 17:15 0:00 [watchdog/4]
root 35 0.0 0.0 0 0 ? S 17:15 0:00 [migration/4]
root 36 0.0 0.0 0 0 ? S 17:15 0:00 [ksoftirqd/4]
root 38 0.0 0.0 0 0 ? S< 17:15 0:00 [kworker/4:0H]
root 39 0.0 0.0 0 0 ? S 17:15 0:00 [rcuos/4]
root 40 0.0 0.0 0 0 ? S 17:15 0:00 [rcuob/4]
root 41 0.0 0.0 0 0 ? S 17:15 0:00 [watchdog/5]
root 42 0.0 0.0 0 0 ? S 17:15 0:00 [migration/5]
root 43 0.0 0.0 0 0 ? S 17:15 0:00 [ksoftirqd/5]
root 45 0.0 0.0 0 0 ? S< 17:15 0:00 [kworker/5:0H]
root 46 0.0 0.0 0 0 ? S 17:15 0:00 [rcuos/5]
root 47 0.0 0.0 0 0 ? S 17:15 0:00 [rcuob/5]
root 48 0.0 0.0 0 0 ? S 17:15 0:00 [watchdog/6]
root 49 0.0 0.0 0 0 ? S 17:15 0:00 [migration/6]
root 50 0.0 0.0 0 0 ? S 17:15 0:00 [ksoftirqd/6]
root 52 0.0 0.0 0 0 ? S< 17:15 0:00 [kworker/6:0H]
root 53 0.0 0.0 0 0 ? S 17:15 0:00 [rcuos/6]
root 54 0.0 0.0 0 0 ? S 17:15 0:00 [rcuob/6]
root 55 0.0 0.0 0 0 ? S 17:15 0:00 [watchdog/7]
root 56 0.0 0.0 0 0 ? S 17:15 0:00 [migration/7]
root 57 0.0 0.0 0 0 ? S 17:15 0:00 [ksoftirqd/7]
root 58 0.0 0.0 0 0 ? S 17:15 0:00 [kworker/7:0]
root 59 0.0 0.0 0 0 ? S< 17:15 0:00 [kworker/7:0H]
root 60 0.0 0.0 0 0 ? S 17:15 0:00 [rcuos/7]
root 61 0.0 0.0 0 0 ? S 17:15 0:00 [rcuob/7]
root 62 0.0 0.0 0 0 ? S< 17:15 0:00 [khelper]
root 63 0.0 0.0 0 0 ? S 17:15 0:00 [kdevtmpfs]
root 64 0.0 0.0 0 0 ? S< 17:15 0:00 [netns]
root 65 0.0 0.0 0 0 ? S< 17:15 0:00 [perf]
root 66 0.0 0.0 0 0 ? S 17:15 0:00 [xenwatch]
root 67 0.0 0.0 0 0 ? S 17:15 0:00 [xenbus]
root 68 0.0 0.0 0 0 ? S< 17:15 0:00 [writeback]
root 69 0.0 0.0 0 0 ? SN 17:15 0:00 [ksmd]
root 70 0.0 0.0 0 0 ? S< 17:15 0:00 [crypto]
root 71 0.0 0.0 0 0 ? S< 17:15 0:00 [kintegrityd]
root 72 0.0 0.0 0 0 ? S< 17:15 0:00 [bioset]
root 73 0.0 0.0 0 0 ? S< 17:15 0:00 [kblockd]
root 74 0.0 0.0 0 0 ? S 17:15 0:00 [kworker/4:1]
root 75 0.0 0.0 0 0 ? S< 17:15 0:00 [ata_sff]
root 76 0.0 0.0 0 0 ? S< 17:15 0:00 [md]
root 77 0.0 0.0 0 0 ? S< 17:15 0:00 [devfreq_wq]
root 78 0.0 0.0 0 0 ? S 17:15 0:00 [kworker/2:1]
root 85 0.0 0.0 0 0 ? S 17:15 0:00 [kworker/u16:1]
root 102 0.0 0.0 0 0 ? S 17:15 0:00 [kswapd0]
root 103 0.0 0.0 0 0 ? S 17:15 0:00 [fsnotify_mark]
root 113 0.0 0.0 0 0 ? S< 17:15 0:00 [kthrotld]
root 115 0.0 0.0 0 0 ? S 17:15 0:00 [khvcd]
root 116 0.0 0.0 0 0 ? S 17:15 0:00 [kworker/3:1]
root 117 0.0 0.0 0 0 ? S< 17:15 0:00 [dm_bufio_cache]
root 118 0.0 0.0 0 0 ? S< 17:15 0:00 [ipv6_addrconf]
root 119 0.0 0.0 0 0 ? S 17:15 0:00 [kworker/5:1]
root 120 0.0 0.0 0 0 ? S< 17:15 0:00 [deferwq]
root 122 0.0 0.0 0 0 ? S 17:15 0:00 [kworker/6:1]
root 127 0.0 0.0 0 0 ? S 17:15 0:00 [kworker/1:1]
root 134 0.0 0.0 0 0 ? S< 17:15 0:00 [kworker/0:1H]
root 139 0.0 0.0 0 0 ? S< 17:15 0:00 [kdmflush]
root 140 0.0 0.0 0 0 ? S< 17:15 0:00 [kcopyd]
root 141 0.0 0.0 0 0 ? S< 17:15 0:00 [bioset]
root 142 0.0 0.0 0 0 ? S< 17:15 0:00 [bioset]
root 147 0.0 0.0 0 0 ? S 17:15 0:00 [jbd2/dm-0-8]
root 148 0.0 0.0 0 0 ? S< 17:15 0:00 [ext4-rsv-conver]
root 152 0.0 0.0 0 0 ? S 17:15 0:00 [jbd2/xvdd-8]
root 153 0.0 0.0 0 0 ? S< 17:15 0:00 [ext4-rsv-conver]
root 168 0.0 0.0 0 0 ? S 17:15 0:00 [kworker/7:1]
root 176 0.0 0.0 0 0 ? S 17:15 0:00 [kworker/3:2]
root 179 0.0 0.0 0 0 ? S 17:15 0:00 [kworker/4:2]
root 181 0.0 0.0 0 0 ? S 17:15 0:00 [kworker/2:2]
root 185 0.0 0.0 0 0 ? S 17:15 0:00 [kworker/1:2]
root 198 0.0 0.0 0 0 ? S 17:15 0:00 [kworker/5:2]
root 199 0.0 0.0 0 0 ? S< 17:15 0:00 [kworker/7:1H]
root 203 0.0 0.0 0 0 ? S 17:15 0:00 [kauditd]
root 214 0.0 0.6 45484 10436 ? Ss 17:15 0:00 /usr/lib/systemd/systemd-journald
root 230 0.0 0.2 43868 3596 ? Ss 17:15 0:00 /usr/lib/systemd/systemd-udevd
root 246 0.0 0.0 0 0 ? S< 17:15 0:00 [kworker/3:1H]
root 287 0.0 0.0 0 0 ? S< 17:15 0:00 [kworker/1:1H]
root 298 0.0 0.1 105076 1880 ? SLs 17:15 0:00 /usr/sbin/qubesdb-daemon 0
root 300 0.0 0.0 0 0 ? S< 17:15 0:00 [kworker/2:1H]
root 303 0.0 0.0 0 0 ? S 17:15 0:00 [kworker/7:2]
root 395 0.0 0.1 16768 2072 ? SNs 17:15 0:00 /usr/sbin/alsactl -s -n 19 -c -E ALSA_CONFIG_PATH=/etc/alsa/alsactl.conf --in
root 401 0.0 0.5 207252 7940 ? Ss 17:15 0:00 /usr/sbin/abrtd -d -s
root 402 0.0 0.5 311812 7844 ? Ss 17:15 0:00 /usr/bin/abrt-dump-journal-oops -fxtD
root 408 0.0 0.3 12128 4760 ? Ss 17:15 0:00 /usr/sbin/haveged -w 1024 -v 1 --Foreground
root 409 0.1 0.0 10684 120 ? S 17:15 0:00 /usr/sbin/meminfo-writer 30000 100000 /var/run/meminfo-writer.pid
dbus 415 0.0 0.2 45164 4040 ? Ss 17:15 0:00 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-a
root 422 0.0 0.0 0 0 ? S< 17:15 0:00 [kworker/5:1H]
root 425 0.0 0.0 0 0 ? S< 17:15 0:00 [kworker/6:1H]
root 432 0.0 0.1 24252 2740 ? Ss 17:15 0:00 /usr/lib/systemd/systemd-logind
root 437 0.0 0.1 21180 2028 ? SLs 17:15 0:00 /usr/lib/qubes/qrexec-agent
root 440 0.0 0.0 0 0 ? S 17:15 0:00 [kworker/0:3]
root 447 0.0 0.0 0 0 ? S 17:15 0:00 [jbd2/xvdb-8]
root 448 0.0 0.0 0 0 ? S< 17:15 0:00 [ext4-rsv-conver]
root 449 0.0 0.2 115644 3216 ? Ss 17:15 0:00 /bin/sh /usr/sbin/qubes-firewall
root 452 0.0 0.2 115644 3120 ? Ss 17:15 0:00 /bin/sh /usr/sbin/qubes-netwatcher
root 459 0.0 0.1 23780 2044 ? Ss 17:15 0:00 /usr/sbin/atd -f
root 468 0.0 0.0 76240 852 ? Sl 17:15 0:00 xenstore-watch -n 2 qubes-netvm-domid
root 488 0.0 0.2 37088 3408 ? SLs 17:15 0:00 /usr/bin/qubes-gui
root 494 0.0 0.0 0 0 ? S 17:15 0:00 [kworker/6:2]
root 499 0.0 0.1 110308 2152 hvc0 Ss+ 17:15 0:00 /sbin/agetty --keep-baud 115200 38400 9600 hvc0 vt102
root 503 0.0 0.2 181264 4180 ? S 17:15 0:00 su -l user -c /usr/bin/xinit /etc/X11/xinit/xinitrc -- /usr/bin/X :0 -noliste
user 523 0.0 0.2 38192 4188 ? Ss 17:15 0:00 /usr/lib/systemd/systemd --user
user 526 0.0 0.1 66756 1988 ? S 17:15 0:00 (sd-pam)
user 535 0.0 0.2 115644 3152 ? Ss 17:15 0:00 -bash -c /usr/bin/xinit /etc/X11/xinit/xinitrc -- /usr/bin/X :0 -nolisten tcp
user 577 0.0 0.0 13956 944 ? S 17:15 0:00 /usr/bin/xinit /etc/X11/xinit/xinitrc -- /usr/bin/X :0 -nolisten tcp vt07 -wr
user 578 0.2 2.5 331984 38116 ? SLl 17:15 0:00 /usr/libexec/Xorg.bin :0 -nolisten tcp vt07 -wr -config xorg-qubes.conf
user 588 0.0 0.1 113540 2884 ? Ss 17:15 0:00 /bin/bash /usr/bin/qubes-session
user 597 0.0 0.0 13960 144 ? S 17:15 0:00 dbus-launch --sh-syntax --exit-with-session
user 598 0.0 0.1 44888 2244 ? Ss 17:15 0:00 /bin/dbus-daemon --fork --print-pid 4 --print-address 6 --session
user 623 0.0 0.0 53360 584 ? Ss 17:15 0:00 /usr/bin/ssh-agent /etc/X11/xinit/Xclients
user 637 0.0 0.4 386436 6268 ? Sl 17:15 0:00 /usr/bin/gnome-keyring-daemon --start
user 722 0.0 1.1 419128 17516 ? Sl 17:15 0:00 abrt-applet
user 750 0.0 1.8 643580 27980 ? Sl 17:15 0:00 nm-applet
user 756 0.0 0.5 467956 8020 ? S<l 17:15 0:00 pulseaudio --start -n --file=/etc/pulse/qubes-default.pa --exit-idle-time=-1
rtkit 761 0.0 0.1 164624 2316 ? SNsl 17:15 0:00 /usr/libexec/rtkit-daemon
user 762 0.0 0.3 335824 5504 ? Sl 17:15 0:00 /usr/libexec/at-spi-bus-launcher
polkitd 772 0.0 0.9 525388 13664 ? Ssl 17:15 0:00 /usr/lib/polkit-1/polkitd --no-debug
user 775 0.0 0.2 44764 3748 ? S 17:15 0:00 /bin/dbus-daemon --config-file=/etc/at-spi2/accessibility.conf --nofork --pri
user 783 0.0 0.2 178520 4460 ? Sl 17:15 0:00 /usr/libexec/dconf-service
user 795 0.0 0.4 125528 6052 ? Sl 17:15 0:00 /usr/libexec/at-spi2-registryd --use-gnome-session
user 805 0.0 0.4 319108 6672 ? Sl 17:15 0:00 /usr/libexec/gvfsd
user 810 0.0 0.4 301140 6664 ? Sl 17:15 0:00 /usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
user 817 0.0 0.0 21156 168 ? S 17:15 0:00 /usr/bin/qrexec-fork-server
user 821 0.0 0.0 108188 700 ? S 17:15 0:00 sleep 365d
root 888 0.0 0.0 6356 688 ? S 17:15 0:00 /usr/bin/qubesdb-watch /qubes-iptables
root 891 0.0 0.0 0 0 ? S 17:15 0:00 [vif17.0-q0-gues]
root 892 0.0 0.0 0 0 ? S 17:15 0:00 [vif17.0-q0-deal]
root 893 0.0 0.0 0 0 ? S 17:15 0:00 [vif17.0-q1-gues]
root 894 0.0 0.0 0 0 ? S 17:15 0:00 [vif17.0-q1-deal]
root 895 0.0 0.0 0 0 ? S 17:15 0:00 [vif17.0-q2-gues]
root 896 0.0 0.0 0 0 ? S 17:15 0:00 [vif17.0-q2-deal]
root 897 0.0 0.0 0 0 ? S 17:15 0:00 [vif17.0-q3-gues]
root 898 0.0 0.0 0 0 ? S 17:15 0:00 [vif17.0-q3-deal]
root 899 0.0 0.0 0 0 ? S 17:15 0:00 [vif17.0-q4-gues]
root 900 0.0 0.0 0 0 ? S 17:15 0:00 [vif17.0-q4-deal]
root 901 0.0 0.0 0 0 ? S 17:15 0:00 [vif17.0-q5-gues]
root 902 0.0 0.0 0 0 ? S 17:15 0:00 [vif17.0-q5-deal]
root 903 0.0 0.0 0 0 ? S 17:15 0:00 [vif17.0-q6-gues]
root 904 0.0 0.0 0 0 ? S 17:15 0:00 [vif17.0-q6-deal]
root 905 0.0 0.0 0 0 ? S 17:15 0:00 [vif17.0-q7-gues]
root 906 0.0 0.0 0 0 ? S 17:15 0:00 [vif17.0-q7-deal]
user 911 0.4 3.7 904244 56516 ? Rl 17:16 0:01 konsole
user 913 0.0 0.3 145904 4672 ? S 17:16 0:00 /usr/libexec/gconfd-2
user 918 0.0 0.3 117884 5812 pts/0 Ss 17:16 0:00 /bin/bash
root 988 0.0 0.0 0 0 ? S 17:18 0:00 [kworker/7:3]
root 997 0.0 0.3 204860 5512 pts/0 S+ 17:20 0:00 sudo time iptables --list
root 998 0.0 0.0 4160 724 pts/0 S+ 17:20 0:00 time iptables --list
root 999 0.0 0.2 52268 3124 pts/0 S+ 17:20 0:00 iptables --list
root 1000 0.0 0.0 21292 972 ? SLs 17:20 0:00 /usr/lib/qubes/qrexec-client-vm dom0 qubes.NotifyUpdates /bin/sh -c if [ -e /
root 1001 0.0 0.2 115640 3172 ? S 17:20 0:00 sh -c if [ -e /etc/system-release ]; then yum -q check-update >/dev/null; [ $
root 1002 0.3 2.1 426396 32140 ? Sl 17:20 0:00 /usr/bin/python /usr/bin/yum -q check-update
user 1006 4.0 0.3 117752 5580 pts/1 Ss 17:21 0:00 /bin/bash
user 1036 0.0 0.2 139904 3376 pts/1 R+ 17:21 0:00 ps aux
[user@sys-firewall ~]$
[user@sys-firewall ~]$ sudo systemctl list-units --failed
0 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
cat /etc/resolv.conf
nameserver 10.137.1.1
nameserver 10.137.1.254
an AppVM connected to sys-firewall
Skipped for now as the issue is likely in sys-firewall, right? Can be provided on request.
Additional observations and comments:
- sys-firewall can ping sys-net.
iptables --listinside sys-firewall takes extremely long (on a fast system with low load). Longer than a minute.ping 8.8.8.8is failing in sys-firewall. So it's not the DNS issue.
Any idea what's the cause?
|
Which Qubes version are you using? (R3, R3.1 etc.)
Which Qubes suite are you using? (stable, testing, experimental)
On which TemplateVMs are the following of your VMs based on?
sys-net
sys-firewall
an AppVM connected to sys-firewall Skipped for now as the issue is likely in sys-firewall, right? Can be provided on request. Additional observations and comments:
Any idea what's the cause? |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Mar 17, 2016
Member
On Thu, Mar 17, 2016 at 09:35:01AM -0700, Patrick Schleizer wrote:
[user@sys-net ~]$ sudo time iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli
(...)
Chain FORWARD (policy ACCEPT)
target prot opt source destinationChain OUTPUT (policy ACCEPT)
target prot opt source destination
0.08user 0.01system 0:00.09elapsed 97%CPU (0avgtext+0avgdata 2220maxresident)k
1496inputs+0outputs (0major+202minor)pagefaults 0swaps
This looks wrong. What is status of iptables.service?
[user@sys-net ~]$ sudo time iptables --list -t -nat
iptables v1.4.21: can't initialize iptables table `-nat': Table does not exist (do you need to insmod?)
A typo here: "-t nat".
Perhaps iptables or your kernel needs to be upgraded.
0.00user 0.00system 0:00.02elapsed 17%CPU (0avgtext+0avgdata 2028maxresident)k
0inputs+0outputs (0major+98minor)pagefaults 0swaps[user@sys-firewall ~]$ sudo time iptables --list
(...)0.01user 0.01system 2:00.15elapsed 0%CPU (0avgtext+0avgdata 3340maxresident)k
1736inputs+0outputs (2major+246minor)pagefaults 0swaps
This is because timeout on DNS resolution (which is also broken here).
Pass -n to skip it.
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
|
On Thu, Mar 17, 2016 at 09:35:01AM -0700, Patrick Schleizer wrote:
(...)
This looks wrong. What is status of iptables.service?
A typo here: "-t nat".
This is because timeout on DNS resolution (which is also broken here). Best Regards, |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
adrelanos
Mar 17, 2016
Member
[user@sys-firewall ~]$ sudo iptables --list -n
Chain INPUT (policy DROP)
target prot opt source destination
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[user@sys-firewall ~]$
[user@sys-firewall ~]$ sudo iptables --list -t nat -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
[user@sys-firewall ~]$ sudo systemctl status qubes-iptables
● qubes-iptables.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
Mar 17 22:51:37 sys-firewall systemd[1]: Cannot add dependency job for unit qubes-iptables.service, ignoring: Unit qubes-iptables.service failed t...irectory.
Mar 17 22:51:37 sys-firewall systemd[1]: Cannot add dependency job for unit qubes-iptables.service, ignoring: Unit qubes-iptables.service failed t...irectory.
Mar 17 22:51:37 sys-firewall systemd[1]: Cannot add dependency job for unit qubes-iptables.service, ignoring: Unit qubes-iptables.service failed t...irectory.
Mar 17 22:51:37 sys-firewall systemd[1]: Cannot add dependency job for unit qubes-iptables.service, ignoring: Unit qubes-iptables.service failed t...irectory.
Mar 17 22:52:34 sys-firewall systemd[1]: Cannot add dependency job for unit qubes-iptables.service, ignoring: Unit qubes-iptables.service failed t...irectory.
Mar 17 22:52:34 sys-firewall systemd[1]: Cannot add dependency job for unit qubes-iptables.service, ignoring: Unit qubes-iptables.service failed t...irectory.
Hint: Some lines were ellipsized, use -l to show in full.
[user@sys-firewall ~]$
[user@sys-firewall ~]$ sudo journalctl -u qubes-iptables | cat
-- Logs begin at Mon 2015-09-07 17:45:07 CEST, end at Thu 2016-03-17 22:54:31 CET. --
Feb 24 09:19:09 fedora-21 systemd[1]: Starting Qubes base firewall settings...
Feb 24 09:19:09 fedora-21 qubes-iptables[385]: iptables: Applying firewall rules: OK
Feb 24 09:19:09 fedora-21 qubes-iptables[385]: ip6tables: Applying firewall rules: OK
Feb 24 09:19:09 fedora-21 systemd[1]: Started Qubes base firewall settings.
-- Reboot --
Mar 07 23:20:31 fedora-21 systemd[1]: Starting Qubes base firewall settings...
Mar 07 23:20:31 fedora-21 qubes-iptables[380]: iptables: Applying firewall rules: OK
Mar 07 23:20:31 fedora-21 qubes-iptables[380]: ip6tables: Applying firewall rules: OK
Mar 07 23:20:32 fedora-21 systemd[1]: Started Qubes base firewall settings.
Mar 07 23:21:32 fedora-21 systemd[1]: Stopping Qubes base firewall settings...
Mar 07 23:21:32 fedora-21 systemd[1]: Stopped Qubes base firewall settings.
-- Reboot --
Mar 16 14:14:33 fedora-21 systemd[1]: Starting Qubes base firewall settings...
Mar 16 14:14:33 fedora-21 qubes-iptables[381]: iptables: Applying firewall rules: OK
Mar 16 14:14:33 fedora-21 qubes-iptables[381]: ip6tables: Applying firewall rules: OK
Mar 16 14:14:33 fedora-21 systemd[1]: Started Qubes base firewall settings.
-- Reboot --
Mar 17 22:51:37 sys-firewall systemd[1]: Cannot add dependency job for unit qubes-iptables.service, ignoring: Unit qubes-iptables.service failed to load: No such file or directory.
Mar 17 22:51:37 sys-firewall systemd[1]: Cannot add dependency job for unit qubes-iptables.service, ignoring: Unit qubes-iptables.service failed to load: No such file or directory.
Mar 17 22:51:37 sys-firewall systemd[1]: Cannot add dependency job for unit qubes-iptables.service, ignoring: Unit qubes-iptables.service failed to load: No such file or directory.
Mar 17 22:51:37 sys-firewall systemd[1]: Cannot add dependency job for unit qubes-iptables.service, ignoring: Unit qubes-iptables.service failed to load: No such file or directory.
Mar 17 22:52:34 sys-firewall systemd[1]: Cannot add dependency job for unit qubes-iptables.service, ignoring: Unit qubes-iptables.service failed to load: No such file or directory.
Mar 17 22:52:34 sys-firewall systemd[1]: Cannot add dependency job for unit qubes-iptables.service, ignoring: Unit qubes-iptables.service failed to load: No such file or directory.
Mar 17 22:54:05 sys-firewall systemd[1]: Cannot add dependency job for unit qubes-iptables.service, ignoring: Unit qubes-iptables.service failed to load: No such file or directory.
[user@sys-firewall ~]$
[user@sys-firewall ~]$ dmesg --
[ 0.000000] PAT configuration [0-7]: WB WT UC- UC WC WP UC UC
[ 0.000000] Initializing cgroup subsys cpuset
[ 0.000000] Initializing cgroup subsys cpu
[ 0.000000] Initializing cgroup subsys cpuacct
[ 0.000000] Linux version 4.1.13-9.pvops.qubes.x86_64 (user@release) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-7) (GCC) ) #1 SMP Thu Feb 11 15:46:02 UTC 2016
[ 0.000000] Command line: root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH 3 nopat
[ 0.000000] ACPI in unprivileged domain disabled
[ 0.000000] Released 0 page(s)
[ 0.000000] e820: BIOS-provided physical RAM map:
[ 0.000000] Xen: [mem 0x0000000000000000-0x000000000009ffff] usable
[ 0.000000] Xen: [mem 0x00000000000a0000-0x00000000000fffff] reserved
[ 0.000000] Xen: [mem 0x0000000000100000-0x00000000bb7fffff] usable
[ 0.000000] PAT support disabled.
[ 0.000000] NX (Execute Disable) protection: active
[ 0.000000] DMI not present or invalid.
[ 0.000000] Hypervisor detected: Xen
[ 0.000000] e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
[ 0.000000] e820: remove [mem 0x000a0000-0x000fffff] usable
[ 0.000000] e820: last_pfn = 0xbb800 max_arch_pfn = 0x400000000
[ 0.000000] Base memory trampoline at [ffff88000009a000] 9a000 size 24576
[ 0.000000] init_memory_mapping: [mem 0x00000000-0x000fffff]
[ 0.000000] [mem 0x00000000-0x000fffff] page 4k
[ 0.000000] init_memory_mapping: [mem 0x12a00000-0x12bfffff]
[ 0.000000] [mem 0x12a00000-0x12bfffff] page 4k
[ 0.000000] BRK [0x0201f000, 0x0201ffff] PGTABLE
[ 0.000000] init_memory_mapping: [mem 0x00100000-0x129fffff]
[ 0.000000] [mem 0x00100000-0x129fffff] page 4k
[ 0.000000] init_memory_mapping: [mem 0x12c00000-0xbb7fffff]
[ 0.000000] [mem 0x12c00000-0xbb7fffff] page 4k
[ 0.000000] BRK [0x02020000, 0x02020fff] PGTABLE
[ 0.000000] BRK [0x02021000, 0x02021fff] PGTABLE
[ 0.000000] BRK [0x02022000, 0x02022fff] PGTABLE
[ 0.000000] BRK [0x02023000, 0x02023fff] PGTABLE
[ 0.000000] BRK [0x02024000, 0x02024fff] PGTABLE
[ 0.000000] RAMDISK: [mem 0x02046000-0x027dcfff]
[ 0.000000] NUMA turned off
[ 0.000000] Faking a node at [mem 0x0000000000000000-0x00000000bb7fffff]
[ 0.000000] NODE_DATA(0) allocated [mem 0x1262a000-0x1263dfff]
[ 0.000000] Zone ranges:
[ 0.000000] DMA [mem 0x0000000000001000-0x0000000000ffffff]
[ 0.000000] DMA32 [mem 0x0000000001000000-0x00000000bb7fffff]
[ 0.000000] Normal empty
[ 0.000000] Movable zone start for each node
[ 0.000000] Early memory node ranges
[ 0.000000] node 0: [mem 0x0000000000001000-0x000000000009ffff]
[ 0.000000] node 0: [mem 0x0000000000100000-0x00000000bb7fffff]
[ 0.000000] Initmem setup node 0 [mem 0x0000000000001000-0x00000000bb7fffff]
[ 0.000000] On node 0 totalpages: 767903
[ 0.000000] DMA zone: 64 pages used for memmap
[ 0.000000] DMA zone: 21 pages reserved
[ 0.000000] DMA zone: 3999 pages, LIFO batch:0
[ 0.000000] DMA32 zone: 11936 pages used for memmap
[ 0.000000] DMA32 zone: 763904 pages, LIFO batch:31
[ 0.000000] p2m virtual area at ffffc90000000000, size is 600000
[ 0.000000] Remapped 0 page(s)
[ 0.000000] SFI: Simple Firmware Interface v0.81 http://simplefirmware.org
[ 0.000000] smpboot: Allowing 8 CPUs, 0 hotplug CPUs
[ 0.000000] e820: [mem 0xbb800000-0xffffffff] available for PCI devices
[ 0.000000] Booting paravirtualized kernel on Xen
[ 0.000000] Xen version: 4.6.0 (preserve-AD)
[ 0.000000] clocksource refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1910969940391419 ns
[ 0.000000] setup_percpu: NR_CPUS:64 nr_cpumask_bits:64 nr_cpu_ids:8 nr_node_ids:1
[ 0.000000] PERCPU: Embedded 34 pages/cpu @ffff88000ec00000 s101080 r8192 d29992 u262144
[ 0.000000] pcpu-alloc: s101080 r8192 d29992 u262144 alloc=1*2097152
[ 0.000000] pcpu-alloc: [0] 0 1 2 3 4 5 6 7
[ 0.000000] xen: PV spinlocks enabled
[ 0.000000] Built 1 zonelists in Node order, mobility grouping on. Total pages: 755882
[ 0.000000] Policy zone: DMA32
[ 0.000000] Kernel command line: root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH 3 nopat
[ 0.000000] PID hash table entries: 4096 (order: 3, 32768 bytes)
[ 0.000000] xsave: enabled xstate_bv 0x7, cntxt size 0x340 using standard form
[ 0.000000] Memory: 219700K/3071612K available (7578K kernel code, 1219K rwdata, 3272K rodata, 1504K init, 1464K bss, 2851912K reserved, 0K cma-reserved)
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=8, Nodes=1
[ 0.000000] Hierarchical RCU implementation.
[ 0.000000] RCU dyntick-idle grace-period acceleration is enabled.
[ 0.000000] RCU restricting CPUs from NR_CPUS=64 to nr_cpu_ids=8.
[ 0.000000] RCU: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=8
[ 0.000000] NR_IRQS:4352 nr_irqs:144 16
[ 0.000000] xen:events: Using FIFO-based ABI
[ 0.000000] Offload RCU callbacks from all CPUs
[ 0.000000] Offload RCU callbacks from CPUs: 0-7.
[ 0.000000] Console: colour dummy device 80x25
[ 0.000000] console [tty0] enabled
[ 0.000000] console [hvc0] enabled
[ 0.000000] clocksource xen: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
[ 0.000000] Xen: using vcpuop timer interface
[ 0.000000] installing Xen timer for CPU 0
[ 0.000000] tsc: Detected 2194.986 MHz processor
[ 0.001000] Calibrating delay loop (skipped), value calculated using timer frequency.. 4389.97 BogoMIPS (lpj=2194986)
[ 0.001000] pid_max: default: 32768 minimum: 301
[ 0.001000] Security Framework initialized
[ 0.001000] AppArmor: AppArmor disabled by boot time parameter
[ 0.001000] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes)
[ 0.001449] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes)
[ 0.001698] Mount-cache hash table entries: 8192 (order: 4, 65536 bytes)
[ 0.001721] Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes)
[ 0.001903] Initializing cgroup subsys blkio
[ 0.001908] Initializing cgroup subsys memory
[ 0.001927] Initializing cgroup subsys devices
[ 0.001931] Initializing cgroup subsys freezer
[ 0.001934] Initializing cgroup subsys net_cls
[ 0.001939] Initializing cgroup subsys perf_event
[ 0.001943] Initializing cgroup subsys net_prio
[ 0.001947] Initializing cgroup subsys hugetlb
[ 0.002007] ENERGY_PERF_BIAS: Set to 'normal', was 'performance'
[ 0.002011] ENERGY_PERF_BIAS: View and update with x86_energy_perf_policy(8)
[ 0.002025] CPU: Physical Processor ID: 0
[ 0.002027] CPU: Processor Core ID: 1
[ 0.002824] Last level iTLB entries: 4KB 1024, 2MB 1024, 4MB 1024
[ 0.002827] Last level dTLB entries: 4KB 1024, 2MB 1024, 4MB 1024, 1GB 4
[ 0.026666] ftrace: allocating 27794 entries in 109 pages
[ 0.031069] cpu 0 spinlock event irq 17
[ 0.038004] Performance Events: unsupported p6 CPU model 70 no PMU driver, software events only.
[ 0.038494] NMI watchdog: disabled (cpu0): hardware events not enabled
[ 0.038499] NMI watchdog: Shutting down hard lockup detector on all cpus
[ 0.038569] SMP alternatives: switching to SMP code
[ 0.058353] installing Xen timer for CPU 1
[ 0.058375] cpu 1 spinlock event irq 24
[ 0.059356] installing Xen timer for CPU 2
[ 0.059375] cpu 2 spinlock event irq 31
[ 0.060347] installing Xen timer for CPU 3
[ 0.060364] cpu 3 spinlock event irq 38
[ 0.061369] installing Xen timer for CPU 4
[ 0.061388] cpu 4 spinlock event irq 45
[ 0.062305] installing Xen timer for CPU 5
[ 0.062312] cpu 5 spinlock event irq 52
[ 0.063289] installing Xen timer for CPU 6
[ 0.063296] cpu 6 spinlock event irq 59
[ 0.064233] installing Xen timer for CPU 7
[ 0.064241] cpu 7 spinlock event irq 66
[ 0.065155] x86: Booted up 1 node, 8 CPUs
[ 0.065208] devtmpfs: initialized
[ 0.067122] clocksource jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1911260446275000 ns
[ 0.067169] atomic64_test: passed for x86-64 platform with CX8 and with SSE
[ 0.067169] pinctrl core: initialized pinctrl subsystem
[ 0.087311] RTC time: 165:165:165, date: 165/165/65
[ 0.087414] NET: Registered protocol family 16
[ 0.087427] xen:grant_table: Grant tables using version 1 layout
[ 0.087435] Grant table initialized
[ 0.087495] PCI: setting up Xen PCI frontend stub
[ 0.087495] PCI: pci_cache_line_size set to 64 bytes
[ 0.092060] ACPI: Interpreter disabled.
[ 0.092060] xen:balloon: Initialising balloon driver
[ 0.098012] xen_balloon: Initialising balloon driver
[ 0.098037] vgaarb: loaded
[ 0.098058] SCSI subsystem initialized
[ 0.098082] libata version 3.00 loaded.
[ 0.098082] usbcore: registered new interface driver usbfs
[ 0.098082] usbcore: registered new interface driver hub
[ 0.098082] usbcore: registered new device driver usb
[ 0.099035] PCI: System does not support PCI
[ 0.099035] PCI: System does not support PCI
[ 0.099091] NetLabel: Initializing
[ 0.099095] NetLabel: domain hash size = 128
[ 0.099097] NetLabel: protocols = UNLABELED CIPSOv4
[ 0.099108] NetLabel: unlabeled traffic allowed by default
[ 0.099173] Switched to clocksource xen
[ 0.103043] pnp: PnP ACPI: disabled
[ 0.104470] NET: Registered protocol family 2
[ 0.104659] TCP established hash table entries: 32768 (order: 6, 262144 bytes)
[ 0.104745] TCP bind hash table entries: 32768 (order: 7, 524288 bytes)
[ 0.104791] TCP: Hash tables configured (established 32768 bind 32768)
[ 0.104810] UDP hash table entries: 2048 (order: 4, 65536 bytes)
[ 0.104827] UDP-Lite hash table entries: 2048 (order: 4, 65536 bytes)
[ 0.104866] NET: Registered protocol family 1
[ 0.104878] PCI: CLS 0 bytes, default 64
[ 0.104920] Unpacking initramfs...
[ 0.110372] Freeing initrd memory: 7772K (ffff880002046000 - ffff8800027dd000)
[ 0.110422] platform rtc_cmos: registered platform RTC device (no PNP device found)
[ 0.111178] AVX2 version of gcm_enc/dec engaged.
[ 0.111183] AES CTR mode by8 optimization enabled
[ 0.112652] alg: No test for __gcm-aes-aesni (__driver-gcm-aes-aesni)
[ 0.112992] futex hash table entries: 2048 (order: 5, 131072 bytes)
[ 0.113023] Initialise system trusted keyring
[ 0.113041] audit: initializing netlink subsys (disabled)
[ 0.113051] audit: type=2000 audit(1458251492.012:1): initialized
[ 0.113254] HugeTLB registered 2 MB page size, pre-allocated 0 pages
[ 0.114209] zpool: loaded
[ 0.114213] zbud: loaded
[ 0.114339] VFS: Disk quotas dquot_6.6.0
[ 0.114364] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[ 0.114658] Key type big_key registered
[ 0.115143] alg: No test for stdrng (krng)
[ 0.115156] NET: Registered protocol family 38
[ 0.115165] Key type asymmetric registered
[ 0.115169] Asymmetric key parser 'x509' registered
[ 0.115197] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 252)
[ 0.115258] io scheduler noop registered
[ 0.115274] io scheduler deadline registered
[ 0.115298] io scheduler cfq registered (default)
[ 0.115353] pci_hotplug: PCI Hot Plug PCI Core version: 0.5
[ 0.115366] pciehp: PCI Express Hot Plug Controller Driver version: 0.4
[ 0.115387] intel_idle: does not run on family 6 model 70
[ 0.115537] xen:xen_evtchn: Event-channel device installed
[ 0.115807] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[ 0.116089] Non-volatile memory driver v1.3
[ 0.116117] Linux agpgart interface v0.103
[ 0.116680] libphy: Fixed MDIO Bus: probed
[ 0.116734] usbcore: registered new interface driver usbserial
[ 0.116741] usbcore: registered new interface driver usbserial_generic
[ 0.116748] usbserial: USB Serial support registered for generic
[ 0.116766] i8042: PNP: No PS/2 controller found. Probing ports directly.
[ 1.128042] i8042: No controller found
[ 1.128070] clocksource tsc: mask: 0xffffffffffffffff max_cycles: 0x1fa3b286eb9, max_idle_ns: 440795315376 ns
[ 1.128302] mousedev: PS/2 mouse device common for all mice
[ 1.148504] rtc_cmos rtc_cmos: rtc core: registered rtc_cmos as rtc0
[ 1.148593] rtc_cmos: probe of rtc_cmos failed with error -38
[ 1.148661] device-mapper: uevent: version 1.0.3
[ 1.148767] device-mapper: ioctl: 4.31.0-ioctl (2015-3-12) initialised: dm-devel@redhat.com
[ 1.148977] hidraw: raw HID events driver (C) Jiri Kosina
[ 1.149034] usbcore: registered new interface driver usbhid
[ 1.149039] usbhid: USB HID core driver
[ 1.149085] drop_monitor: Initializing network drop monitor service
[ 1.149148] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 1.149517] Initializing XFRM netlink socket
[ 1.149609] NET: Registered protocol family 10
[ 1.149805] mip6: Mobile IPv6
[ 1.149812] NET: Registered protocol family 17
[ 1.149823] mce: Unable to init device /dev/mcelog (rc: -5)
[ 1.150016] Loading compiled-in X.509 certificates
[ 1.150037] registered taskstats version 1
[ 1.150101] xenbus_probe_frontend: Device with no driver: device/vbd/51712
[ 1.150106] xenbus_probe_frontend: Device with no driver: device/vbd/51728
[ 1.150111] xenbus_probe_frontend: Device with no driver: device/vbd/51744
[ 1.150115] xenbus_probe_frontend: Device with no driver: device/vbd/51760
[ 1.150120] xenbus_probe_frontend: Device with no driver: device/vif/0
[ 1.150181] Magic number: 1:252:3141
[ 1.150212] hctosys: unable to open rtc device (rtc0)
[ 1.150736] Freeing unused kernel memory: 1504K (ffffffff81d32000 - ffffffff81eaa000)
[ 1.150744] Write protecting the kernel read-only data: 12288k
[ 1.153371] Freeing unused kernel memory: 604K (ffff880001769000 - ffff880001800000)
[ 1.153687] Freeing unused kernel memory: 824K (ffff880001b32000 - ffff880001c00000)
[ 1.156159] random: modprobe urandom read with 34 bits of entropy available
[ 1.176188] blkfront: xvda: flush diskcache: enabled; persistent grants: enabled; indirect descriptors: enabled;
[ 1.188605] blkfront: xvdb: flush diskcache: enabled; persistent grants: enabled; indirect descriptors: enabled;
[ 1.193593] blkfront: xvdc: flush diskcache: enabled; persistent grants: enabled; indirect descriptors: enabled;
[ 1.195505] Setting capacity to 4194304
[ 1.195512] xvdb: detected capacity change from 0 to 2147483648
[ 1.196270] blkfront: xvdd: flush diskcache: enabled; persistent grants: enabled; indirect descriptors: enabled;
[ 1.196929] Setting capacity to 24117248
[ 1.196933] xvdc: detected capacity change from 0 to 12348030976
[ 1.197044] Setting capacity to 819200
[ 1.197048] xvdd: detected capacity change from 0 to 419430400
[ 1.298169] xvdc: xvdc1 xvdc2
[ 1.348392] EXT4-fs (dm-0): couldn't mount as ext3 due to feature incompatibilities
[ 1.348765] EXT4-fs (dm-0): couldn't mount as ext2 due to feature incompatibilities
[ 1.351071] EXT4-fs (dm-0): mounted filesystem with ordered data mode. Opts: (null)
[ 1.360730] EXT4-fs (xvdd): mounting ext3 file system using the ext4 subsystem
[ 1.362330] EXT4-fs (xvdd): mounted filesystem with ordered data mode. Opts: (null)
[ 1.409867] random: nonblocking pool is initialized
[ 1.438850] systemd[1]: systemd 216 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
[ 1.438890] systemd[1]: Detected virtualization 'xen'.
[ 1.438896] systemd[1]: Detected architecture 'x86-64'.
[ 1.439091] systemd[1]: No hostname configured.
[ 1.439099] systemd[1]: Set hostname to <localhost>.
[ 1.447437] systemd-sysv-generator[167]: Could not find init script for xendriverdomain.service
[ 1.447541] systemd-sysv-generator[167]: Could not find init script for xendriverdomain.service
[ 1.447630] systemd-sysv-generator[167]: Could not find init script for xendriverdomain.service
[ 1.447727] systemd-sysv-generator[167]: Could not find init script for xendriverdomain.service
[ 1.447831] systemd-sysv-generator[167]: Could not find init script for xendriverdomain.service
[ 1.447904] systemd-sysv-generator[167]: Could not find init script for xendriverdomain.service
[ 1.447973] systemd-sysv-generator[167]: Could not find init script for xendriverdomain.service
[ 1.461768] systemd[1]: Configuration file /usr/lib/systemd/system/auditd.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
[ 1.469680] systemd[1]: Cannot add dependency job for unit qubes-iptables.service, ignoring: Unit qubes-iptables.service failed to load: No such file or directory.
[ 1.469726] systemd[1]: Cannot add dependency job for unit qubes-mount-dirs.service, ignoring: Unit qubes-mount-dirs.service failed to load: No such file or directory.
[ 1.470053] systemd[1]: Expecting device dev-hvc0.device...
[ 1.470150] systemd[1]: Starting Forward Password Requests to Wall Directory Watch.
[ 1.470190] systemd[1]: Started Forward Password Requests to Wall Directory Watch.
[ 1.470201] systemd[1]: Starting Remote File Systems.
[ 1.470247] systemd[1]: Reached target Remote File Systems.
[ 1.470270] systemd[1]: Starting Arbitrary Executable File Formats File System Automount Point.
[ 1.470373] systemd[1]: Set up automount Arbitrary Executable File Formats File System Automount Point.
[ 1.470388] systemd[1]: Starting Encrypted Volumes.
[ 1.470432] systemd[1]: Reached target Encrypted Volumes.
[ 1.470442] systemd[1]: Expecting device dev-xvdc1.device...
[ 1.527823] systemd[1]: Starting Root Slice.
[ 1.536043] systemd[1]: Created slice Root Slice.
[ 1.536057] systemd[1]: Starting /dev/initctl Compatibility Named Pipe.
[ 1.536158] systemd[1]: Listening on /dev/initctl Compatibility Named Pipe.
[ 1.536170] systemd[1]: Starting Delayed Shutdown Socket.
[ 1.536254] systemd[1]: Listening on Delayed Shutdown Socket.
[ 1.536270] systemd[1]: Starting udev Kernel Socket.
[ 1.536348] systemd[1]: Listening on udev Kernel Socket.
[ 1.536363] systemd[1]: Starting udev Control Socket.
[ 1.536430] systemd[1]: Listening on udev Control Socket.
[ 1.536441] systemd[1]: Starting User and Session Slice.
[ 1.536644] systemd[1]: Created slice User and Session Slice.
[ 1.536661] systemd[1]: Starting Journal Socket.
[ 1.536737] systemd[1]: Listening on Journal Socket.
[ 1.536762] systemd[1]: Starting System Slice.
[ 1.536947] systemd[1]: Created slice System Slice.
[ 1.536971] systemd[1]: Mounting Temporary Directory...
[ 1.537143] systemd[1]: tmp.mount: Directory /tmp to mount over is not empty, mounting anyway.
[ 1.538062] systemd[1]: Starting Journal Socket (/dev/log).
[ 1.539194] systemd[1]: Mounting POSIX Message Queue File System...
[ 1.540963] systemd[1]: Starting Create list of required static device nodes for the current kernel...
[ 1.542776] systemd[1]: Mounting Debug File System...
[ 1.544318] systemd[1]: Mounting Huge Pages File System...
[ 1.545723] systemd[1]: Starting udev Coldplug all Devices...
[ 1.547095] systemd[1]: Starting system-serial\x2dgetty.slice.
[ 1.547370] systemd[1]: Created slice system-serial\x2dgetty.slice.
[ 1.547401] systemd[1]: Started Collect Read-Ahead Data.
[ 1.547421] systemd[1]: Started Replay Read-Ahead Data.
[ 1.547441] systemd[1]: Starting File System Check on Root Device...
[ 1.549420] systemd[1]: Starting Load Kernel Modules...
[ 1.550891] systemd[1]: Started Set Up Additional Binary Formats.
[ 1.550936] systemd[1]: Starting Setup Virtual Console...
[ 1.552697] systemd[1]: Starting Load legacy module configuration...
[ 1.729479] systemd[1]: Starting Slices.
[ 1.729524] systemd[1]: Reached target Slices.
[ 1.730446] systemd[1]: Mounted Huge Pages File System.
[ 1.730520] systemd[1]: Mounted Debug File System.
[ 1.730603] systemd[1]: Mounted POSIX Message Queue File System.
[ 1.730655] systemd[1]: Mounted Temporary Directory.
[ 1.730988] systemd[1]: Listening on Journal Socket (/dev/log).
[ 1.731402] systemd[1]: Started Create list of required static device nodes for the current kernel.
[ 1.733142] systemd[1]: Started Setup Virtual Console.
[ 1.737843] dummy_hcd dummy_hcd.0: USB Host+Gadget Emulator, driver 02 May 2005
[ 1.737855] dummy_hcd dummy_hcd.0: Dummy host controller
[ 1.737948] dummy_hcd dummy_hcd.0: new USB bus registered, assigned bus number 1
[ 1.738001] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002
[ 1.738007] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[ 1.738014] usb usb1: Product: Dummy host controller
[ 1.738019] usb usb1: Manufacturer: Linux 4.1.13-9.pvops.qubes.x86_64 dummy_hcd
[ 1.738026] usb usb1: SerialNumber: dummy_hcd.0
[ 1.738189] hub 1-0:1.0: USB hub found
[ 1.738201] hub 1-0:1.0: 1 port detected
[ 1.739635] systemd[1]: Started Load Kernel Modules.
[ 1.740120] systemd[1]: Started Load legacy module configuration.
[ 1.741287] systemd[1]: Started udev Coldplug all Devices.
[ 1.746794] systemd[1]: Mounting Configuration File System...
[ 1.747848] systemd[1]: Mounted FUSE Control File System.
[ 1.747908] systemd[1]: Starting Apply Kernel Variables...
[ 1.749180] systemd[1]: Starting Show Plymouth Boot Screen...
[ 1.750408] systemd[1]: Starting Journal Service...
[ 1.753155] systemd[1]: Mounted Configuration File System.
[ 1.753560] systemd[1]: Started Apply Kernel Variables.
[ 1.755519] systemd[1]: Started File System Check on Root Device.
[ 1.758977] systemd[1]: Starting Remount Root and Kernel File Systems...
[ 1.763525] EXT4-fs (dm-0): re-mounted. Opts: (null)
[ 1.765129] systemd[1]: Started Journal Service.
[ 1.774597] systemd-journald[211]: Received request to flush runtime journal from PID 1
[ 1.818728] input: PC Speaker as /devices/platform/pcspkr/input/input0
[ 1.829947] xen_netfront: Initialising Xen virtual ethernet driver
[ 1.934448] alg: No test for crc32 (crc32-pclmul)
[ 1.979240] nf_conntrack version 0.5.0 (1800 buckets, 7200 max)
[ 5.035406] Adding 1048572k swap on /dev/xvdc1. Priority:-1 extents:1 across:1048572k SSFS
[ 5.094406] EXT4-fs (xvdb): mounted filesystem with ordered data mode. Opts: discard
[ 5.724468] fuse init (API version 7.23)
[ 435.981653] systemd-sysv-generator[1111]: Could not find init script for xendriverdomain.service
[ 435.981681] systemd-sysv-generator[1111]: Could not find init script for xendriverdomain.service
[ 435.981706] systemd-sysv-generator[1111]: Could not find init script for xendriverdomain.service
[ 435.981732] systemd-sysv-generator[1111]: Could not find init script for xendriverdomain.service
[ 435.981760] systemd-sysv-generator[1111]: Could not find init script for xendriverdomain.service
[ 435.981787] systemd-sysv-generator[1111]: Could not find init script for xendriverdomain.service
[ 435.981813] systemd-sysv-generator[1111]: Could not find init script for xendriverdomain.service
[user@sys-firewall ~]$
sudo find . /etc/systemd/ | grep iptables
/etc/systemd/system/basic.target.wants/iptables.service
/etc/systemd/system/basic.target.wants/qubes-iptables.service
[user@sys-firewall ~]$ ls -la /etc/systemd/system/basic.target.wants/qubes-iptables.service
lrwxrwxrwx 1 root root 46 Feb 17 00:18 /etc/systemd/system/basic.target.wants/qubes-iptables.service -> /usr/lib/systemd/system/qubes-iptables.service
[user@sys-firewall ~]$ ls -la /usr/lib/systemd/system/qubes-iptables.service
ls: cannot access /usr/lib/systemd/system/qubes-iptables.service: No such file or directory
[user@sys-firewall ~]$ ls -la /etc/systemd/system/multi-user.target.wants/qubes-mount-dirs.service
lrwxrwxrwx 1 root root 48 Feb 17 00:18 /etc/systemd/system/multi-user.target.wants/qubes-mount-dirs.service -> /usr/lib/systemd/system/qubes-mount-dirs.service
[user@sys-firewall ~]$ ls -la /usr/lib/systemd/system/qubes-mount-dirs.service
ls: cannot access /usr/lib/systemd/system/qubes-mount-dirs.service: No such file or directory
|
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
adrelanos
Mar 17, 2016
Member
Maybe mostly notable...
[ 435.981813] systemd-sysv-generator[1111]: Could not find init script for xendriverdomain.service
[ 1.461768] systemd[1]: Configuration file /usr/lib/systemd/system/auditd.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
[ 1.469680] systemd[1]: Cannot add dependency job for unit qubes-iptables.service, ignoring: Unit qubes-iptables.service failed to load: No such file or directory.
[ 1.469726] systemd[1]: Cannot add dependency job for unit qubes-mount-dirs.service, ignoring: Unit qubes-mount-dirs.service failed to load: No such file or directory.
|
Maybe mostly notable...
|
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Mar 17, 2016
Member
I've asked for iptables.service (not qubes-iptables.service, which doesn't exists in R3.0) in sys-net (not sys-firewall).
Ah, I think I know what happened. Some time ago there was a test package in unstable repository you've tested as possible fix for #1067 (comment) . This update introduced qubes-iptables.service, which in the end wasn't included in stable R3.0 (only in R3.1). So on your system you've got qubes-iptables.service enabled (and iptables.service disabled), then uninstalled qubes-iptables.service with stable update.
|
I've asked for Ah, I think I know what happened. Some time ago there was a test package in unstable repository you've tested as possible fix for #1067 (comment) . This update introduced |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
adrelanos
Mar 18, 2016
Member
Yes. That's what happened. After disabling qubes-iptables.service and after enabling iptables.service, everything is back to normal.
|
Yes. That's what happened. After disabling qubes-iptables.service and after enabling iptables.service, everything is back to normal. |
adrelanos commentedMar 17, 2016
I'll be providing debug output soon.