From owner-freebsd-current@FreeBSD.ORG Sat Mar 21 16:36:34 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B06751065672 for ; Sat, 21 Mar 2009 16:36:34 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outO.internet-mail-service.net (outo.internet-mail-service.net [216.240.47.238]) by mx1.freebsd.org (Postfix) with ESMTP id 938D18FC1C for ; Sat, 21 Mar 2009 16:36:34 +0000 (UTC) (envelope-from julian@elischer.org) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 43412C72F; Sat, 21 Mar 2009 09:36:34 -0700 (PDT) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id 1D7612D6010; Sat, 21 Mar 2009 09:36:32 -0700 (PDT) Message-ID: <49C5179E.5010201@elischer.org> Date: Sat, 21 Mar 2009 09:36:46 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302) MIME-Version: 1.0 To: Harald Schmalzbauer References: <49BFEBAE.7090703@omnilan.de> <49BFF4CC.5050505@elischer.org> <49C002F3.5010406@OmniLAN.de> In-Reply-To: <49C002F3.5010406@OmniLAN.de> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-current@freebsd.org Subject: Re: FIB (routing table) question with jailed service X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Mar 2009 16:36:34 -0000 Harald Schmalzbauer wrote: > Julian Elischer wrote: >> Harald Schmalzbauer wrote: >>> Hello, >>> >>> I set up a second routingtable and told rc.d/jail to use the FIB1. >>> Now I wonder why the SSHd in the jail isn't responding. I set the >>> default router to a local address and the second default router in FIB1 >>> to the ISP router, reachable via a second NIC. >>> Does the FIb only work for outgoing, intiating connections? >> >> no, it is supposed to work for listen sockets too. >> >> What version of FreeBSD? I assume current because of the mailing list. >> >> I say "supposed to" because I have not tested it in -current for a >> while, and there have been quite a few changes in that area. >> I'll try check it myself later and get back to you. >> (It does work correctly in Ironport's 6.x based systems where it >> came from) > > Hello, sorry for posting stable- question to current, but I got no > answer on stable@ so I reposted to current@ > I'm running RELENG_7 as of last weekend. > > Thanks, > > -Harry I made fixes in the 7.x branch on November 25 --------------------- Revision 185311 - (view) (annotate) - [select for diffs] Modified Tue Nov 25 19:26:36 2008 UTC (3 months, 3 weeks ago) by julian File length: 87039 byte(s) Diff to previous 183898 MFC @ 185101 Fix a scope problem in the multiple routing table code that stopped the SO_SETFIB socket option from working correctly. Approved by: re (kensmith, kostik) Obtained from: Ironport -------------------- this should be in your sources.. a quick chek would be to see if this part of the diff is in your sources... Index: kern/uipc_socket.c =================================================================== --- kern/uipc_socket.c (revision 185075) +++ kern/uipc_socket.c (working copy) @@ -2218,6 +2218,9 @@ if ((so->so_proto->pr_domain->dom_family == PF_INET) || (so->so_proto->pr_domain->dom_family == PF_ROUTE)) { so->so_fibnum = optval; + /* Note: ignore error */ + if (so->so_proto && so->so_proto->pr_ctloutput) + (*so->so_proto->pr_ctloutput)(so, sopt); } else { so->so_fibnum = 0; } If you see this then we can assume you have it all. in this case is SHOULD be that the FIB of the process is also inherrited by a listenning socket. I'll look a bit more at it, but it is supposed to be working.