Jail source address selection broken, patch for ping

Juan F. Díaz y Díaz jfd at mrecic.gov.ar
Mon Apr 9 16:48:42 UTC 2012

Mark, did you tried using the setfib utility?


----- Original Message -----
From: "Mark Felder" <feld at feld.me>
To: freebsd-jail at freebsd.org
Sent: Monday, April 9, 2012 1:20:59 PM
Subject: Jail source address selection broken, patch for ping


This weekend I was deploying our monitoring server into a 32bit FreeBSD
jail on a 64bit install. This was necessary because we needed the newer
hardware but couldn't migrate the RRDs to 64bit format without breaking
other machines that rely on the RRD files and are still 32bit. Our
monitoring server is fairly extensive and talks to many different VLANs
and subnets. As a result, IPs on these different VLAN interfaces were
passed through to the jail. I noticed pretty quickly that for some
reason PINGs were not able to reach many subnets even though I am
allowing raw
sockets. After doing some traffic sniffing I was able to determine that
the source IP address was incorrect.

By pure chance I was able to contact bz@ and he provided me with a patch
for ping based on his recent work on a similar issue with traceroute.
This solved my problem with the system ping utility, but my tests with
fping and the ping utility included with our monitoring software still
exhibited the same issue.

bz informed me that he believes he knows where the bug is in the kernel
-- I believe he pointed me to the area of sys/netinet/ip_raw.c around
line 461. Jails are getting the first IP as a source no matter what.

Anyway, attached is the patch he asked me to post to the mailing list
for those that need a workaround for ping. I'm sure fixing this in the
kernel will probably require further discussion among those with actual
programming skills :-)



_______________________________________________ freebsd-jail at freebsd.org
mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe,
send any mail to "freebsd-jail-unsubscribe at freebsd.org"

Juan F. Diaz

More information about the freebsd-jail mailing list