kern/156268: jails don't use routing table

[crapsh at monkeybrains.net]

>Number:         156268
>Category:       kern
>Synopsis:       jails don't use routing table
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 08 06:10:11 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Rudy
>Release:        FreeBSD 8.2-RELEASE amd64
>Organization:
MonkeyBrains.net
>Environment:
System: FreeBSD crepe4.monkeybrains.net 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Wed Apr 6 01:45:24 PDT 2011 root at crepe4:/usr/obj/usr/src/sys/CREPE4 amd64
Jail environment
>Description:
Jails can support multiple IPs.  When picking which IP as a 'source IP' the jail does not 
take into consideration the routing table as the host system does.
>How-To-Repeat:
Setup:
  Set 2 IPs on your system: 1.1.1.100/24 and 2.2.2.200/24
  set your jail to use both IPs
  export jail_example_monkeybrains_net_ip="1.1.1.1,2.2.2.2"
  Set default route to 1.1.1.1
  Set a static route to 3.3.3.3 to route through 2.2.2.1
Test:
  run "tcpdump -n icmp" in one window
  run "ping 3.3.3.3" in 'host' -- source packet is 2.2.2.200
  run "ping 3.3.3.3" in 'jailed host' -- source packet is 1.1.1.100

I even added /dev/mem and /dev/kmem to the jailed environment so I could run
'netstat -rn' in the jail.  The route for 3.3.3.3 is in the routing table, 
but the kernel picks the wrong source IP.

>Fix:
Run you stuff outside of jails.  :(
>Release-Note:
>Audit-Trail:
>Unformatted: