From owner-freebsd-stable@FreeBSD.ORG Tue May 1 21:01:39 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0000D1065672 for ; Tue, 1 May 2012 21:01:38 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (bird.sbone.de [46.4.1.90]) by mx1.freebsd.org (Postfix) with ESMTP id A15AC8FC12 for ; Tue, 1 May 2012 21:01:38 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 6AFA425D389C; Tue, 1 May 2012 21:01:37 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 9B14CBE609C; Tue, 1 May 2012 21:01:36 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id bkFr7wxKW9uq; Tue, 1 May 2012 21:01:35 +0000 (UTC) Received: from orange-en1.sbone.de (orange-en1.sbone.de [IPv6:fde9:577b:c1a9:31:cabc:c8ff:fecf:e8e3]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 76C8DBE609A; Tue, 1 May 2012 21:01:34 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: "Bjoern A. Zeeb" In-Reply-To: <20120501194101.GD66263@redundancy.redundancy.org> Date: Tue, 1 May 2012 21:01:33 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <597C92B2-02AA-4093-B6A3-B871CCDB70F8@lists.zabbadoz.net> References: <20120501194101.GD66263@redundancy.redundancy.org> To: David Thiel X-Mailer: Apple Mail (2.1084) Cc: freebsd-stable@freebsd.org Subject: Re: Jails can't get routing info X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 May 2012 21:01:39 -0000 On 1. May 2012, at 19:41 , David Thiel wrote: > Hello, >=20 > So, I've been trying to debug an issue running nmap scans within = jails,=20 > partially documented here: >=20 > http://seclists.org/nmap-dev/2012/q2/220 >=20 > On further debugging, it's seeming like jails can't read routing=20 > information directly at all: >=20 > # route get 69.163.203.254 > route: writing to routing socket: No such process >=20 > Now, this is normally done via reading the routing table via something = like=20 > socket(PF_ROUTE, SOCK_RAW, AF_INET), so one would suspect that this is = a=20 > problem with raw sockets; but raw sockets are enabled within the jail.=20= > netstat is able to read routing information just fine, but I don't = think=20 > it's doing it via the socket() call. hmm, sure you don't have /dev/mem in the jail? netstat -rn I think is = still using libkvm *sigh* and not the sysctl API. > Anyone know why this behavior might be happening? Without thinking too much (as in if I got the right case) I think you = are hitting this one: = http://svnweb.freebsd.org/base/head/sys/net/rtsock.c?annotate=3D234572#l79= 2 /bz --=20 Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do!