Jail source address selection broken, patch for ping

[Bjoern A. Zeeb]

On 9. Apr 2012, at 16:20 , Mark Felder wrote:

Hi Mark,

thanks a lot for posting the summary.

> By pure chance I was able to contact bz@ and he provided me with a patch for ping based on his recent work on a similar issue with traceroute. This solved my problem with the system ping utility, but my tests with fping and the ping utility included with our monitoring software still exhibited the same issue.
> 
> bz informed me that he believes he knows where the bug is in the kernel -- I believe he pointed me to the area of sys/netinet/ip_raw.c around line 461. Jails are getting the first IP as a source no matter what.

And maybe to confirm - yes I have told a lot of people in the past to try telnet or similar thing as "ping" was special, as it's raw sockets etc.  In case you have a PR open about this issue please email me the PR number directly (not Cc:ing the list) or ask some FreeBSD committer to assign it to me.

As I had originally left the comment there when committed the multi-IP jail source code (or follow-up) and the grief this seems to regularly cause, I will try to get it fixed soon:  http://svnweb.freebsd.org/base/head/sys/netinet/raw_ip.c?annotate=229265#l461

> Anyway, attached is the patch he asked me to post to the mailing list for those that need a workaround for ping. I'm sure fixing this in the kernel will probably require further discussion among those with actual programming skills :-)

It's also available here but it's considered a work-around and prove of concept that this really was the issue:
http://people.freebsd.org/~bz/20120407-01-ping-source-addr.diff

/bz

-- 
Bjoern A. Zeeb                                 You have to have visions!
   It does not matter how good you are. It matters what good you do!