Date: Mon, 9 Apr 2012 13:50:35 -0300 (ART) From: =?utf-8?Q?Juan_F=2E_D=C3=ADaz_y_D=C3=ADaz?= <jfd@mrecic.gov.ar> To: Mark Felder <feld@feld.me> Cc: freebsd-jail@freebsd.org Subject: Re: Jail source address selection broken, patch for ping Message-ID: <1074043264.46101.1333990235616.JavaMail.root@mrelmx09.mrec.ar> In-Reply-To: <1455938359.46095.1333990210970.JavaMail.root@mrelmx09.mrec.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark, did you tried using the setfib utility? Regards, ----- Original Message ----- From: "Mark Felder" <feld@feld.me> To: freebsd-jail@freebsd.org Sent: Monday, April 9, 2012 1:20:59 PM Subject: Jail source address selection broken, patch for ping Hello, This weekend I was deploying our monitoring server into a 32bit FreeBSD jail on a 64bit install. This was necessary because we needed the newer hardware but couldn't migrate the RRDs to 64bit format without breaking other machines that rely on the RRD files and are still 32bit. Our monitoring server is fairly extensive and talks to many different VLANs and subnets. As a result, IPs on these different VLAN interfaces were passed through to the jail. I noticed pretty quickly that for some reason PINGs were not able to reach many subnets even though I am allowing raw sockets. After doing some traffic sniffing I was able to determine that the source IP address was incorrect. By pure chance I was able to contact bz@ and he provided me with a patch for ping based on his recent work on a similar issue with traceroute. This solved my problem with the system ping utility, but my tests with fping and the ping utility included with our monitoring software still exhibited the same issue. bz informed me that he believes he knows where the bug is in the kernel -- I believe he pointed me to the area of sys/netinet/ip_raw.c around line 461. Jails are getting the first IP as a source no matter what. Anyway, attached is the patch he asked me to post to the mailing list for those that need a workaround for ping. I'm sure fixing this in the kernel will probably require further discussion among those with actual programming skills :-) Cheers, Mark _______________________________________________ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" -- Juan F. Diaz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1074043264.46101.1333990235616.JavaMail.root>