From owner-freebsd-jail@FreeBSD.ORG Mon Apr 9 20:27:37 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A2B15106564A for ; Mon, 9 Apr 2012 20:27:37 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) by mx1.freebsd.org (Postfix) with ESMTP id 2DD9B8FC16 for ; Mon, 9 Apr 2012 20:27:37 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 178E325D3A85; Mon, 9 Apr 2012 20:27:35 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id F0D6FBE47E2; Mon, 9 Apr 2012 20:27:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id pOONWeihxanc; Mon, 9 Apr 2012 20:27:33 +0000 (UTC) Received: from orange-en1.sbone.de (orange-en1.sbone.de [IPv6:fde9:577b:c1a9:31:cabc:c8ff:fecf:e8e3]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id B6951BE47E1; Mon, 9 Apr 2012 20:27:33 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: "Bjoern A. Zeeb" In-Reply-To: Date: Mon, 9 Apr 2012 20:27:33 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: References: To: Mark Felder X-Mailer: Apple Mail (2.1084) Cc: freebsd-jail@freebsd.org Subject: Re: Jail source address selection broken, patch for ping X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Apr 2012 20:27:37 -0000 On 9. Apr 2012, at 16:20 , Mark Felder wrote: Hi Mark, thanks a lot for posting the summary. > By pure chance I was able to contact bz@ and he provided me with a = patch for ping based on his recent work on a similar issue with = traceroute. This solved my problem with the system ping utility, but my = tests with fping and the ping utility included with our monitoring = software still exhibited the same issue. >=20 > bz informed me that he believes he knows where the bug is in the = kernel -- I believe he pointed me to the area of sys/netinet/ip_raw.c = around line 461. Jails are getting the first IP as a source no matter = what. And maybe to confirm - yes I have told a lot of people in the past to = try telnet or similar thing as "ping" was special, as it's raw sockets = etc. In case you have a PR open about this issue please email me the PR = number directly (not Cc:ing the list) or ask some FreeBSD committer to = assign it to me. As I had originally left the comment there when committed the multi-IP = jail source code (or follow-up) and the grief this seems to regularly = cause, I will try to get it fixed soon: = http://svnweb.freebsd.org/base/head/sys/netinet/raw_ip.c?annotate=3D229265= #l461 > Anyway, attached is the patch he asked me to post to the mailing list = for those that need a workaround for ping. I'm sure fixing this in the = kernel will probably require further discussion among those with actual = programming skills :-) It's also available here but it's considered a work-around and prove of = concept that this really was the issue: http://people.freebsd.org/~bz/20120407-01-ping-source-addr.diff /bz --=20 Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do!