From owner-freebsd-stable@FreeBSD.ORG Wed Jun 16 03:00:56 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E28C16A4CE for ; Wed, 16 Jun 2004 03:00:56 +0000 (GMT) Received: from horsey.gshapiro.net (horsey.gshapiro.net [64.105.95.154]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22A4E43D2D for ; Wed, 16 Jun 2004 03:00:56 +0000 (GMT) (envelope-from gshapiro@gshapiro.net) Received: from horsey.gshapiro.net (localhost [127.0.0.1]) i5G30bCc063803 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 15 Jun 2004 20:00:37 -0700 (PDT) Received: (from gshapiro@localhost)i5G30as8063802; Tue, 15 Jun 2004 20:00:36 -0700 (PDT) Date: Tue, 15 Jun 2004 20:00:36 -0700 From: Gregory Neil Shapiro To: "Marc G. Fournier" Message-ID: <20040616030036.GG52582@horsey.gshapiro.net> References: <20040615165300.M1028@ganymede.hub.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040615165300.M1028@ganymede.hub.org> User-Agent: Mutt/1.5.6i cc: freebsd-stable@freebsd.org Subject: Re: snmpwalk from jail -> snmp server ... X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jun 2004 03:00:56 -0000 > Have a jail setup that I want to be able to do a snmpwalk from to another > server ... but, for some reason, I get a 'sendto' error: > > thoughts? It is a bug in jails that affects DNS as well. The code below is an short piece of example code which reproduces the problem in case someone with knowledge of jails and the sockets layer wants to look at it. There is also a bug report with a potential patch (kern/26506) but I do not know enough about that part of the code to know if the patch maintains jail security properly. #include #include #include #include #include #include #include #include #define memzero(b, l) memset(b, 0, l) #define DNS_PORT 53 #define DBS 1024 typedef struct sockaddr_in sockaddr_in_T; char dnstsk_rd[DBS]; char dnstsk_wr[DBS]; sockaddr_in_T dnstsk_sin; /* socket description */ int dnstsk_fd; uint32_t ipv4; int dns_send() { ssize_t r; r = sendto(dnstsk_fd, dnstsk_wr, strlen(dnstsk_wr), 0, (const struct sockaddr *) &dnstsk_sin, sizeof(sockaddr_in_T)); fprintf(stderr, "sendto: r=%d, errno=%d\n", r, errno); memzero(&dnstsk_sin, sizeof(dnstsk_sin)); dnstsk_sin.sin_family = AF_INET; dnstsk_sin.sin_port = htons(DNS_PORT); memcpy(&dnstsk_sin.sin_addr.s_addr, &ipv4, sizeof(ipv4)); if (r == -1) return errno; return 0; } int dns_send2() { memzero(&dnstsk_sin, sizeof(dnstsk_sin)); dnstsk_sin.sin_family = AF_INET; dnstsk_sin.sin_port = htons(DNS_PORT); memcpy(&dnstsk_sin.sin_addr.s_addr, &ipv4, sizeof(ipv4)); dnstsk_fd = socket(dnstsk_sin.sin_family, SOCK_DGRAM, 0); if (dnstsk_fd < 0) goto error; strlcpy(dnstsk_wr, "example.com", sizeof(dnstsk_wr)); strlcat(dnstsk_wr, "\001", sizeof(dnstsk_wr)); if (dns_send() != 0) goto error; strlcpy(dnstsk_wr, "host.example.com", sizeof(dnstsk_wr)); strlcat(dnstsk_wr, "\001", sizeof(dnstsk_wr)); if (dns_send() != 0) goto error; return 0; error: return -1; } int main(int argc, char *argv[]) { if (argc > 1) ipv4 = inet_addr(argv[1]); else ipv4 = inet_addr("127.0.0.1"); return dns_send2(); }