snmpwalk from jail -> snmp server ...

Gregory Neil Shapiro gshapiro at freebsd.org
Wed Jun 16 03:00:56 GMT 2004


> Have a jail setup that I want to be able to do a snmpwalk from to another 
> server ... but, for some reason, I get a 'sendto' error:
> 
> thoughts?

It is a bug in jails that affects DNS as well.  The code below is an
short piece of example code which reproduces the problem in case
someone with knowledge of jails and the sockets layer wants to look at it.

There is also a bug report with a potential patch (kern/26506) but I do not
know enough about that part of the code to know if the patch maintains
jail security properly.


#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <sys/un.h>
#include <sys/errno.h>

#define memzero(b, l)       memset(b, 0, l)

#define DNS_PORT	53
#define DBS	1024

typedef struct sockaddr_in  sockaddr_in_T;

char dnstsk_rd[DBS];
char dnstsk_wr[DBS];

sockaddr_in_T	 dnstsk_sin;		/* socket description */
int dnstsk_fd;
uint32_t ipv4;

int
dns_send()
{
	ssize_t r;

	r = sendto(dnstsk_fd,
		dnstsk_wr,
		strlen(dnstsk_wr),
		0, (const struct sockaddr *) &dnstsk_sin,
		sizeof(sockaddr_in_T));
	fprintf(stderr, "sendto: r=%d, errno=%d\n", r, errno);
	memzero(&dnstsk_sin, sizeof(dnstsk_sin));
	dnstsk_sin.sin_family = AF_INET;
	dnstsk_sin.sin_port = htons(DNS_PORT);
	memcpy(&dnstsk_sin.sin_addr.s_addr, &ipv4, sizeof(ipv4));
	if (r == -1)
		return errno;
	return 0;
}

int
dns_send2()
{
	memzero(&dnstsk_sin, sizeof(dnstsk_sin));
	dnstsk_sin.sin_family = AF_INET;
	dnstsk_sin.sin_port = htons(DNS_PORT);
	memcpy(&dnstsk_sin.sin_addr.s_addr, &ipv4, sizeof(ipv4));
	dnstsk_fd = socket(dnstsk_sin.sin_family, SOCK_DGRAM, 0);
	if (dnstsk_fd < 0)
		goto error;
	strlcpy(dnstsk_wr, "example.com", sizeof(dnstsk_wr));
	strlcat(dnstsk_wr, "\001", sizeof(dnstsk_wr));
	if (dns_send() != 0)
		goto error;
	strlcpy(dnstsk_wr, "host.example.com", sizeof(dnstsk_wr));
	strlcat(dnstsk_wr, "\001", sizeof(dnstsk_wr));
	if (dns_send() != 0)
		goto error;
	return 0;
  error:
	return -1;
}

int
main(int argc, char *argv[])
{
	if (argc > 1)
		ipv4 = inet_addr(argv[1]);
	else
		ipv4 = inet_addr("127.0.0.1");
	return dns_send2();
}


More information about the freebsd-stable mailing list