Jails can't get routing info
Jason Hellenthal
jhellenthal at dataix.net
Wed May 2 05:11:34 UTC 2012
On Tue, May 01, 2012 at 09:01:33PM +0000, Bjoern A. Zeeb wrote:
> On 1. May 2012, at 19:41 , David Thiel wrote:
>
> > Hello,
> >
> > So, I've been trying to debug an issue running nmap scans within jails,
> > partially documented here:
> >
> > http://seclists.org/nmap-dev/2012/q2/220
> >
> > On further debugging, it's seeming like jails can't read routing
> > information directly at all:
> >
> > # route get 69.163.203.254
> > route: writing to routing socket: No such process
> >
> > Now, this is normally done via reading the routing table via something like
> > socket(PF_ROUTE, SOCK_RAW, AF_INET), so one would suspect that this is a
> > problem with raw sockets; but raw sockets are enabled within the jail.
> > netstat is able to read routing information just fine, but I don't think
> > it's doing it via the socket() call.
>
> hmm, sure you don't have /dev/mem in the jail? netstat -rn I think is still
> using libkvm *sigh* and not the sysctl API.
>
Good lord I hope this makes it down to stable/8
>
> > Anyone know why this behavior might be happening?
>
> Without thinking too much (as in if I got the right case) I think you are
> hitting this one:
>
> http://svnweb.freebsd.org/base/head/sys/net/rtsock.c?annotate=234572#l792
>
> /bz
>
> --
> Bjoern A. Zeeb You have to have visions!
> It does not matter how good you are. It matters what good you do!
>
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
--
- (2^(N-1))
More information about the freebsd-stable
mailing list