Date: Thu, 7 Apr 2011 22:41:41 -0700 (PDT) From: crapsh@monkeybrains.net To: FreeBSD-gnats-submit@FreeBSD.org Cc: crapsh@monkeybrains.net Subject: kern/156268: jails don't use routing table Message-ID: <201104080541.p385ff4h017383@crepe4.monkeybrains.net> Resent-Message-ID: <201104080610.p386ABMT087980@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 156268 >Category: kern >Synopsis: jails don't use routing table >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Apr 08 06:10:11 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Rudy >Release: FreeBSD 8.2-RELEASE amd64 >Organization: MonkeyBrains.net >Environment: System: FreeBSD crepe4.monkeybrains.net 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Wed Apr 6 01:45:24 PDT 2011 root@crepe4:/usr/obj/usr/src/sys/CREPE4 amd64 Jail environment >Description: Jails can support multiple IPs. When picking which IP as a 'source IP' the jail does not take into consideration the routing table as the host system does. >How-To-Repeat: Setup: Set 2 IPs on your system: 1.1.1.100/24 and 2.2.2.200/24 set your jail to use both IPs export jail_example_monkeybrains_net_ip="1.1.1.1,2.2.2.2" Set default route to 1.1.1.1 Set a static route to 3.3.3.3 to route through 2.2.2.1 Test: run "tcpdump -n icmp" in one window run "ping 3.3.3.3" in 'host' -- source packet is 2.2.2.200 run "ping 3.3.3.3" in 'jailed host' -- source packet is 1.1.1.100 I even added /dev/mem and /dev/kmem to the jailed environment so I could run 'netstat -rn' in the jail. The route for 3.3.3.3 is in the routing table, but the kernel picks the wrong source IP. >Fix: Run you stuff outside of jails. :( >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201104080541.p385ff4h017383>