kern/156268: jails don't use routing table
Rudy
crapsh at monkeybrains.net
Sat Apr 9 00:00:25 UTC 2011
The following reply was made to PR kern/156268; it has been noted by GNATS.
From: Rudy <crapsh at monkeybrains.net>
To: bug-followup at FreeBSD.org, crapsh at monkeybrains.net
Cc:
Subject: Re: kern/156268: jails don't use routing table
Date: Fri, 08 Apr 2011 16:04:42 -0700
Looks like just ICMP has issues...
TCP OK
16:00:26.303086 IP 2.2.2.200.51884 > 3.3.3.3.80: Flags [F.], seq
1176726875, ack 3364247674, win 8326, options [nop,nop,
TS val 188728165 ecr 659781298], length 0
16:00:26.325530 IP 3.3.3.3.80 > 2.2.2.200.51884: Flags [F.], seq 1, ack
1, win 2896, options [nop,nop,TS val 659796605 e
cr 188728165], length 0
ICMP NOT OK
16:00:32.824971 IP 1.1.1.1 > 3.3.3.3: ICMP echo request, id 47701, seq
0, length 64
16:00:33.825828 IP 1.1.1.1 > 3.3.3.3: ICMP echo request, id 47701, seq
1, length 64
UDP OK (there is not dns on target... just a bogus UDP packet to see if
src IP was OK)
16:00:41.826238 IP 2.2.2.200.43454 > 3.3.3.3.53: 63527+ PTR?
5.5.5.10.in-addr.arpa. (39)
16:00:41.838730 IP 3.3.3.3 > 2.2.2.200: ICMP 3.3.3.3 udp port 53
unreachable, length 75
Of course, I have
security.jail.allow_raw_sockets: 1
or else I wouldn't be able to do ICMP at all. Looks like the raw
sockets ignores routing table.
More information about the freebsd-bugs
mailing list