Jails can't get routing info
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Wed May 2 09:03:42 UTC 2012
On 2. May 2012, at 05:11 , Jason Hellenthal wrote:
> On Tue, May 01, 2012 at 09:01:33PM +0000, Bjoern A. Zeeb wrote:
>> On 1. May 2012, at 19:41 , David Thiel wrote:
>>
>>> Hello,
>>>
>>> So, I've been trying to debug an issue running nmap scans within jails,
>>> partially documented here:
>>>
>>> http://seclists.org/nmap-dev/2012/q2/220
>>>
>>> On further debugging, it's seeming like jails can't read routing
>>> information directly at all:
>>>
>>> # route get 69.163.203.254
>>> route: writing to routing socket: No such process
>>>
>>> Now, this is normally done via reading the routing table via something like
>>> socket(PF_ROUTE, SOCK_RAW, AF_INET), so one would suspect that this is a
>>> problem with raw sockets; but raw sockets are enabled within the jail.
>>> netstat is able to read routing information just fine, but I don't think
>>> it's doing it via the socket() call.
>>
>> hmm, sure you don't have /dev/mem in the jail? netstat -rn I think is still
>> using libkvm *sigh* and not the sysctl API.
>>
>
> Good lord I hope this makes it down to stable/8
Pardon, what do you mean?
>
>>
>>> Anyone know why this behavior might be happening?
>>
>> Without thinking too much (as in if I got the right case) I think you are
>> hitting this one:
>>
>> http://svnweb.freebsd.org/base/head/sys/net/rtsock.c?annotate=234572#l792
--
Bjoern A. Zeeb You have to have visions!
It does not matter how good you are. It matters what good you do!
More information about the freebsd-stable
mailing list