From owner-freebsd-bugs@FreeBSD.ORG Fri Apr 8 06:10:12 2011 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4BB621065673 for ; Fri, 8 Apr 2011 06:10:12 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 0F8838FC15 for ; Fri, 8 Apr 2011 06:10:12 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p386ABsi087981 for ; Fri, 8 Apr 2011 06:10:11 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p386ABMT087980; Fri, 8 Apr 2011 06:10:11 GMT (envelope-from gnats) Resent-Date: Fri, 8 Apr 2011 06:10:11 GMT Resent-Message-Id: <201104080610.p386ABMT087980@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, crapsh@monkeybrains.net Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6618F106564A for ; Fri, 8 Apr 2011 06:07:07 +0000 (UTC) (envelope-from root@crepe4.monkeybrains.net) Received: from crepe4.monkeybrains.net (crepe4.monkeybrains.net [208.69.40.123]) by mx1.freebsd.org (Postfix) with ESMTP id 3C05F8FC08 for ; Fri, 8 Apr 2011 06:07:07 +0000 (UTC) Received: from crepe4.monkeybrains.net (localhost [127.0.0.1]) by crepe4.monkeybrains.net (8.14.4/8.14.4) with ESMTP id p385ffgE017384; Thu, 7 Apr 2011 22:41:42 -0700 (PDT) (envelope-from root@crepe4.monkeybrains.net) Received: (from root@localhost) by crepe4.monkeybrains.net (8.14.4/8.14.4/Submit) id p385ff4h017383; Thu, 7 Apr 2011 22:41:41 -0700 (PDT) (envelope-from root) Message-Id: <201104080541.p385ff4h017383@crepe4.monkeybrains.net> Date: Thu, 7 Apr 2011 22:41:41 -0700 (PDT) From: crapsh@monkeybrains.net To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: crapsh@monkeybrains.net Subject: kern/156268: jails don't use routing table X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: crapsh@monkeybrains.net List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Apr 2011 06:10:12 -0000 >Number: 156268 >Category: kern >Synopsis: jails don't use routing table >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Apr 08 06:10:11 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Rudy >Release: FreeBSD 8.2-RELEASE amd64 >Organization: MonkeyBrains.net >Environment: System: FreeBSD crepe4.monkeybrains.net 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Wed Apr 6 01:45:24 PDT 2011 root@crepe4:/usr/obj/usr/src/sys/CREPE4 amd64 Jail environment >Description: Jails can support multiple IPs. When picking which IP as a 'source IP' the jail does not take into consideration the routing table as the host system does. >How-To-Repeat: Setup: Set 2 IPs on your system: 1.1.1.100/24 and 2.2.2.200/24 set your jail to use both IPs export jail_example_monkeybrains_net_ip="1.1.1.1,2.2.2.2" Set default route to 1.1.1.1 Set a static route to 3.3.3.3 to route through 2.2.2.1 Test: run "tcpdump -n icmp" in one window run "ping 3.3.3.3" in 'host' -- source packet is 2.2.2.200 run "ping 3.3.3.3" in 'jailed host' -- source packet is 1.1.1.100 I even added /dev/mem and /dev/kmem to the jailed environment so I could run 'netstat -rn' in the jail. The route for 3.3.3.3 is in the routing table, but the kernel picks the wrong source IP. >Fix: Run you stuff outside of jails. :( >Release-Note: >Audit-Trail: >Unformatted: