Date: Sat, 21 Mar 2009 09:36:46 -0700 From: Julian Elischer <julian@elischer.org> To: Harald Schmalzbauer <h.schmalzbauer@OmniLAN.de> Cc: freebsd-current@freebsd.org Subject: Re: FIB (routing table) question with jailed service Message-ID: <49C5179E.5010201@elischer.org> In-Reply-To: <49C002F3.5010406@OmniLAN.de> References: <49BFEBAE.7090703@omnilan.de> <49BFF4CC.5050505@elischer.org> <49C002F3.5010406@OmniLAN.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Harald Schmalzbauer wrote:
> Julian Elischer wrote:
>> Harald Schmalzbauer wrote:
>>> Hello,
>>>
>>> I set up a second routingtable and told rc.d/jail to use the FIB1.
>>> Now I wonder why the SSHd in the jail isn't responding. I set the
>>> default router to a local address and the second default router in FIB1
>>> to the ISP router, reachable via a second NIC.
>>> Does the FIb only work for outgoing, intiating connections?
>>
>> no, it is supposed to work for listen sockets too.
>>
>> What version of FreeBSD? I assume current because of the mailing list.
>>
>> I say "supposed to" because I have not tested it in -current for a
>> while, and there have been quite a few changes in that area.
>> I'll try check it myself later and get back to you.
>> (It does work correctly in Ironport's 6.x based systems where it
>> came from)
>
> Hello, sorry for posting stable- question to current, but I got no
> answer on stable@ so I reposted to current@
> I'm running RELENG_7 as of last weekend.
>
> Thanks,
>
> -Harry
I made fixes in the 7.x branch on November 25
---------------------
Revision 185311 - (view) (annotate) - [select for diffs]
Modified Tue Nov 25 19:26:36 2008 UTC (3 months, 3 weeks ago) by julian
File length: 87039 byte(s)
Diff to previous 183898
MFC @ 185101
Fix a scope problem in the multiple routing table code that
stopped the SO_SETFIB socket option from working correctly.
Approved by: re (kensmith, kostik)
Obtained from: Ironport
--------------------
this should be in your sources..
a quick chek would be to see if this part of the diff is in your
sources...
Index: kern/uipc_socket.c
===================================================================
--- kern/uipc_socket.c (revision 185075)
+++ kern/uipc_socket.c (working copy)
@@ -2218,6 +2218,9 @@
if ((so->so_proto->pr_domain->dom_family ==
PF_INET) ||
(so->so_proto->pr_domain->dom_family ==
PF_ROUTE)) {
so->so_fibnum = optval;
+ /* Note: ignore error */
+ if (so->so_proto &&
so->so_proto->pr_ctloutput)
+
(*so->so_proto->pr_ctloutput)(so, sopt);
} else {
so->so_fibnum = 0;
}
If you see this then we can assume you have it all.
in this case is SHOULD be that the FIB of the process is also
inherrited by a listenning socket.
I'll look a bit more at it, but it is supposed to be working.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49C5179E.5010201>