[Bug 208001] After turning off the jail does not remove network routes

James Gritton jamie at freebsd.org
Sun May 29 14:51:50 UTC 2016 

On 2016-05-28 19:56, Allan Jude wrote:
> On 2016-05-28 20:30, bugzilla-noreply at freebsd.org wrote:
>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208001
>> 
>> --- Comment #5 from Jamie Gritton <jamie at FreeBSD.org> ---
>> Yes, of course there are cases where something besides a /32 is 
>> appropriate -
>> that is why jail(8) allows that.  However, as I mentioned it did 
>> appear that
>> you had violated the specification that an alias should be on a 
>> non-conflicting
>> netmask.
>> 
>> The fact remains that I am unable to reproduce your problem.  Perhaps 
>> I could
>> if I had your entire configuration - all jails, all other network 
>> setup.
>> 
>> jail(8) simply calls ifconfig(8) with "alias" to add IP addresses, and 
>> with
>> "-alias" to remove them - see the output of "jail -vc" and "jail -vr". 
>>  The
>> jail will not be removed if the "ifconfig ... -alias" command fails, 
>> which
>> implies that the command is succeeding.  Unless of course there 
>> actually is a
>> bug in the way jail(8) is running this program.  My guess is the 
>> command is
>> succeeding, but isn't removing some arp entry because the alias when
>> incorrectly specified when it was created.
>> 
>> If it's clear (from "jail -v") that the correct ifconfig commands are 
>> being
>> run, then this might be considered an ifconfig bug.  If the correct 
>> commands
>> aren't being run, then it could be a jail bug.
>> 
> 
> 
> I think that is actually the problem
> 
> ifconfig -alias
> only accepts the IP address, not with the CIDR.
> 
> #ifconfig lo0 alias 10.0.0.1/24
> #ifconfig lo0 -alias 10.0.0.1/24
> ifconfig: 10.0.0.1/24: bad value
> 
> you want to do just:
> #ifconfig lo0 -alias 10.0.0.1
> 
> So jail(8) needs to strip the /24 off when passing it to ifconfig 
> -alias

Actually is doesn't.  While your "-alias" command doesn't work, the one 
that jail uses does:

#ifconfig lo0 inet 10.0.0.1/24 -alias

At first I thought it was the "inet" that did it.  But further 
exploration suggests there's something magic about moving the "-alias" 
to the end.  It doesn't make sense, and if I had first tried it with the 
"[-]alias" tag earlier on the command line I probably would have ended 
up working out the netmask myself.  Serendipity.

- Jamie

More information about the freebsd-jail mailing list