[Bug 278232] Jail IPv4 source address selection inside a jail not working
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 09 Apr 2024 17:49:37 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278232
--- Comment #4 from Dirk Meyer <dinoex@FreeBSD.org> ---
Same failure on FreeBSD-13.3
# freebsd-version -kru
13.3-RELEASE-p1
13.3-RELEASE-p1
13.3-RELEASE-p1
I would like to know what the expected behavior of ip4.saddrsel in this case
is.
1)
The selection behaves different from the host,
changing the netmask to /24 did had no effect either.
# man jail
ip4.addr
A list of IPv4 addresses assigned to the jail. If this is set,
the jail is restricted to using only these addresses. Any
attempts to use other addresses fail, and attempts to use
wildcard addresses silently use the jailed address instead. For
IPv4 the first address given will be used as the source address
when source address selection on unbound sockets cannot find a
better match. It is only possible to start multiple jails with
the same IP address if none of the jails has more than this
single overlapping IP address assigned to itself.
ip4.saddrsel
A boolean option to change the formerly mentioned behaviour and
disable IPv4 source address selection for the jail in favour of
the primary IPv4 address of the jail. Source address selection
is enabled by default for all jails and the ip4.nosaddrsel
setting of a parent jail is not inherited for any child jails.
2)
There is also a sysctl, but I am unable to change it outside,
nor does it reflect the status inside the jail:
host# sysctl -d security.jail.param.ip4.saddrsel
security.jail.param.ip4.saddrsel: Do (not) use IPv4 source address selection
rather than the primary jail IPv4 address.
host# sysctl security.jail.param.ip4.saddrsel=1
security.jail.param.ip4.saddrsel: 0 -> 0
jail# sysctl security.jail.param.ip4.saddrsel
security.jail.param.ip4.saddrsel: 0
Is this the expected behavior ?
--
You are receiving this mail because:
You are the assignee for the bug.