From owner-freebsd-stable@FreeBSD.ORG Wed May 2 09:03:42 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 25FEC106566C for ; Wed, 2 May 2012 09:03:42 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) by mx1.freebsd.org (Postfix) with ESMTP id A33E88FC08 for ; Wed, 2 May 2012 09:03:41 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 3C84525D3887; Wed, 2 May 2012 09:03:40 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 5BA04BE612D; Wed, 2 May 2012 09:03:39 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id onjsWff0DQMl; Wed, 2 May 2012 09:03:38 +0000 (UTC) Received: from orange-en1.sbone.de (orange-en1.sbone.de [IPv6:fde9:577b:c1a9:31:cabc:c8ff:fecf:e8e3]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id DC8EFBE612C; Wed, 2 May 2012 09:03:37 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: "Bjoern A. Zeeb" In-Reply-To: <20120502051127.GA73032@DataIX.net> Date: Wed, 2 May 2012 09:03:36 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: References: <20120501194101.GD66263@redundancy.redundancy.org> <597C92B2-02AA-4093-B6A3-B871CCDB70F8@lists.zabbadoz.net> <20120502051127.GA73032@DataIX.net> To: Jason Hellenthal X-Mailer: Apple Mail (2.1084) Cc: David Thiel , freebsd-stable@freebsd.org Subject: Re: Jails can't get routing info X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 May 2012 09:03:42 -0000 On 2. May 2012, at 05:11 , Jason Hellenthal wrote: > On Tue, May 01, 2012 at 09:01:33PM +0000, Bjoern A. Zeeb wrote: >> On 1. May 2012, at 19:41 , David Thiel wrote: >>=20 >>> Hello, >>>=20 >>> So, I've been trying to debug an issue running nmap scans within = jails,=20 >>> partially documented here: >>>=20 >>> http://seclists.org/nmap-dev/2012/q2/220 >>>=20 >>> On further debugging, it's seeming like jails can't read routing=20 >>> information directly at all: >>>=20 >>> # route get 69.163.203.254 >>> route: writing to routing socket: No such process >>>=20 >>> Now, this is normally done via reading the routing table via = something like=20 >>> socket(PF_ROUTE, SOCK_RAW, AF_INET), so one would suspect that this = is a=20 >>> problem with raw sockets; but raw sockets are enabled within the = jail.=20 >>> netstat is able to read routing information just fine, but I don't = think=20 >>> it's doing it via the socket() call. >>=20 >> hmm, sure you don't have /dev/mem in the jail? netstat -rn I think is = still >> using libkvm *sigh* and not the sysctl API. >>=20 >=20 > Good lord I hope this makes it down to stable/8 Pardon, what do you mean? >=20 >>=20 >>> Anyone know why this behavior might be happening? >>=20 >> Without thinking too much (as in if I got the right case) I think you = are >> hitting this one: >>=20 >> = http://svnweb.freebsd.org/base/head/sys/net/rtsock.c?annotate=3D234572#l79= 2 --=20 Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do!