From owner-freebsd-net@FreeBSD.ORG  Mon Feb  7 08:15:49 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A759E106564A
	for <freebsd-net@FreeBSD.org>; Mon,  7 Feb 2011 08:15:49 +0000 (UTC)
	(envelope-from tarkhil@webmail.sub.ru)
Received: from mail.sub.ru (mail.sub.ru [88.212.205.2])
	by mx1.freebsd.org (Postfix) with SMTP id CD6E88FC12
	for <freebsd-net@FreeBSD.org>; Mon,  7 Feb 2011 08:15:48 +0000 (UTC)
Received: (qmail 14274 invoked from network); 7 Feb 2011 10:49:19 +0300
Received: from 83-69-208-138.in-addr.mastertelecom.ru
	(83-69-208-138.in-addr.mastertelecom.ru [83.69.208.138])
	by mail.sub.ru ([88.212.205.2])
	with ESMTP via TCP; 07 Feb 2011 07:49:19 -0000
Message-ID: <4D4FA3DA.7010004@webmail.sub.ru>
Date: Mon, 07 Feb 2011 10:48:42 +0300
From: Alex Povolotsky <tarkhil@webmail.sub.ru>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
	rv:1.9.2.12) Gecko/20101103 Thunderbird/3.1.6
MIME-Version: 1.0
To: freebsd-net@FreeBSD.org
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 7bit
Cc: 
Subject: jail source address selection doesn't work?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Feb 2011 08:15:49 -0000

Hello!

On a multihomed FreeBSD 8.1-RELEASE, in a multihomed jail, source IP 
selection suddenly refused to work.

ifconfig on a box:

bce0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 
0 mtu 1500
     
options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
     ether 00:1a:64:c5:d0:c8
     inet 192.168.80.40 netmask 0xffffff00 broadcast 192.168.80.255
     media: Ethernet autoselect (100baseTX <full-duplex>)
     status: active
bce1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 
0 mtu 1500
     
options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
     ether 00:1a:64:c5:d0:ca
     media: Ethernet autoselect (100baseTX <full-duplex>)
     status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
     options=3<RXCSUM,TXCSUM>
     inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
     inet6 ::1 prefixlen 128
     inet 127.0.0.1 netmask 0xff000000
     inet 127.0.0.2 netmask 0xff000000
     nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
vlan75: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> 
metric 0 mtu 1500
     options=103<RXCSUM,TXCSUM,TSO4>
     ether 00:1a:64:c5:d0:ca
     inet 192.168.75.4 netmask 0xffffff00 broadcast 192.168.75.255
     media: Ethernet autoselect (100baseTX <full-duplex>)
     status: active
     vlan: 75 parent interface: bce1
vlan82: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> 
metric 0 mtu 1500
     options=103<RXCSUM,TXCSUM,TSO4>
     ether 00:1a:64:c5:d0:ca
     inet 192.168.82.2 netmask 0xffffff00 broadcast 192.168.82.255
     media: Ethernet autoselect (100baseTX <full-duplex>)
     status: active
     vlan: 82 parent interface: bce1
vlan83: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> 
metric 0 mtu 1500
     options=103<RXCSUM,TXCSUM,TSO4>
     ether 00:1a:64:c5:d0:ca
     inet 83.69.203.3 netmask 0xfffffff0 broadcast 83.69.203.15
     media: Ethernet autoselect (100baseTX <full-duplex>)
     status: active
     vlan: 83 parent interface: bce1
vlan63: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> 
metric 0 mtu 1500
     options=103<RXCSUM,TXCSUM,TSO4>
     ether 00:1a:64:c5:d0:ca
     inet 10.19.63.100 netmask 0xffffff00 broadcast 10.19.63.255
     media: Ethernet autoselect (100baseTX <full-duplex>)
     status: active
     vlan: 63 parent interface: bce1
carp0: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
     inet 192.168.80.42 netmask 0xffffff00
     carp: MASTER vhid 145 advbase 1 advskew 0
carp1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
     inet 192.168.75.3 netmask 0xffffff00
     carp: MASTER vhid 146 advbase 1 advskew 0
carp2: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
     inet 192.168.82.4 netmask 0xffffff00
     carp: MASTER vhid 147 advbase 1 advskew 0
carp3: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
     inet 83.69.203.1 netmask 0xfffffff0
     carp: MASTER vhid 148 advbase 1 advskew 0
carp4: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
     inet 10.19.63.67 netmask 0xffffff00
     carp: MASTER vhid 149 advbase 1 advskew 0

ifconfig in a jail

bce0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 
0 mtu 1500
     
options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
     ether 00:1a:64:c5:d0:c8
     media: Ethernet autoselect (100baseTX <full-duplex>)
     status: active
bce1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 
0 mtu 1500
     
options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE>
     ether 00:1a:64:c5:d0:ca
     media: Ethernet autoselect (100baseTX <full-duplex>)
     status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
     options=3<RXCSUM,TXCSUM>
vlan75: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> 
metric 0 mtu 1500
     options=103<RXCSUM,TXCSUM,TSO4>
     ether 00:1a:64:c5:d0:ca
     inet 192.168.75.4 netmask 0xffffff00 broadcast 192.168.75.255
     media: Ethernet autoselect (100baseTX <full-duplex>)
     status: active
     vlan: 75 parent interface: bce1
vlan82: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> 
metric 0 mtu 1500
     options=103<RXCSUM,TXCSUM,TSO4>
     ether 00:1a:64:c5:d0:ca
     media: Ethernet autoselect (100baseTX <full-duplex>)
     status: active
     vlan: 82 parent interface: bce1
vlan83: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> 
metric 0 mtu 1500
     options=103<RXCSUM,TXCSUM,TSO4>
     ether 00:1a:64:c5:d0:ca
     media: Ethernet autoselect (100baseTX <full-duplex>)
     status: active
     vlan: 83 parent interface: bce1
vlan63: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> 
metric 0 mtu 1500
     options=103<RXCSUM,TXCSUM,TSO4>
     ether 00:1a:64:c5:d0:ca
     media: Ethernet autoselect (100baseTX <full-duplex>)
     status: active
     vlan: 63 parent interface: bce1
carp0: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
     inet 192.168.80.42 netmask 0xffffff00
     carp: MASTER vhid 145 advbase 1 advskew 0
carp1: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
     carp: MASTER vhid 146 advbase 1 advskew 0
carp2: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
     carp: MASTER vhid 147 advbase 1 advskew 0
carp3: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
     inet 83.69.203.1 netmask 0xfffffff0
     carp: MASTER vhid 148 advbase 1 advskew 0
carp4: flags=49<UP,LOOPBACK,RUNNING> metric 0 mtu 1500
     inet 10.19.63.67 netmask 0xffffff00
     carp: MASTER vhid 149 advbase 1 advskew 0


routing table:

Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            83.69.203.14       UGS       232  1221991 vlan83
10.0.0.0/8         10.19.63.126       UGS         0     8768 vlan63
10.19.63.0/24      link#7             U         185   613762 vlan63
10.19.63.67        link#12            UH          0        0  carp4
10.19.63.100       link#7             UHS         0      244    lo0
83.69.203.0/28     link#6             U           4    38198 vlan83
83.69.203.1        link#11            UH          0  1876305  carp3
83.69.203.3        link#6             UHS         0      154    lo0
127.0.0.1          link#3             UH          0  1078596    lo0
127.0.0.2          link#3             UH          0       18    lo0
172.16.0.0/12      10.19.63.126       UGS         0        0 vlan63
192.168.0.0/16     10.19.63.126       UGS         8   205694 vlan63
192.168.75.0/24    link#4             U          49  1222391 vlan75
192.168.75.3       link#9             UH          0        0  carp1
192.168.75.4       link#4             UHS         0        2    lo0
192.168.80.0/24    link#1             U           6   618586   bce0
192.168.80.40      link#1             UHS         0   130620    lo0
192.168.80.42      link#8             UH          0    95987  carp0
192.168.82.0/24    link#5             U           2     2361 vlan82
192.168.82.2       link#5             UHS         0        0    lo0
192.168.82.4       link#10            UH          0        0  carp2

Seems reasonable, yes?

Pinging from the box

  # ping 192.168.75.59
PING 192.168.75.59 (192.168.75.59): 56 data bytes
64 bytes from 192.168.75.59: icmp_seq=0 ttl=64 time=0.993 ms
64 bytes from 192.168.75.59: icmp_seq=1 ttl=64 time=0.986 ms
64 bytes from 192.168.75.59: icmp_seq=2 ttl=64 time=0.988 ms
^C
--- 192.168.75.59 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.986/0.989/0.993/0.003 ms

10:45:31.425232 IP 192.168.75.4 > 192.168.75.59: ICMP echo request, id 
12430, seq 0, length 64
10:45:31.426283 IP 192.168.75.59 > 192.168.75.4: ICMP echo reply, id 
12430, seq 0, length 64
10:45:32.425415 IP 192.168.75.4 > 192.168.75.59: ICMP echo request, id 
12430, seq 1, length 64
10:45:32.426404 IP 192.168.75.59 > 192.168.75.4: ICMP echo reply, id 
12430, seq 1, length 64

Okay, yes?

 From jail:

# ping 192.168.75.59
PING 192.168.75.59 (192.168.75.59): 56 data bytes
^C
--- 192.168.75.59 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss

10:45:52.146600 IP 83.69.203.1 > 192.168.75.59: ICMP echo request, id 
14222, seq 0, length 64
10:45:53.146702 IP 83.69.203.1 > 192.168.75.59: ICMP echo request, id 
14222, seq 1, length 64

Setting ip.saddrsel to 1 or 0 did not change anything. Kernel is 
GENERIC+ALTQ

What could I miss?...

Alex.