From nobody@FreeBSD.org  Fri Oct  9 18:24:22 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A188C106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  9 Oct 2009 18:24:22 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 782558FC13
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  9 Oct 2009 18:24:22 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n99IOLqp019977
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 9 Oct 2009 18:24:21 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n99IOLkr019966;
	Fri, 9 Oct 2009 18:24:21 GMT
	(envelope-from nobody)
Message-Id: <200910091824.n99IOLkr019966@www.freebsd.org>
Date: Fri, 9 Oct 2009 18:24:21 GMT
From: Frank Steinborn <steinex@nognu.de>
To: freebsd-gnats-submit@FreeBSD.org
Subject: traceroute does not work inside jail
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         139454
>Category:       kern
>Synopsis:       [jail] traceroute does not work inside jail
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bz
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Oct 09 18:30:07 UTC 2009
>Closed-Date:    Sun Jan 17 15:31:48 UTC 2010
>Last-Modified:  Sun Jan 17 15:31:48 UTC 2010
>Originator:     Frank Steinborn
>Release:        7.2-RELEASE-p4
>Organization:
>Environment:
FreeBSD beastie.local 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #0: Sun Oct  4 18:45:55 CEST 2009     steinex@haydn.nognu.de:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
Recently, using traceroute(8) stopped to work inside jails, even in TCP mode:

% traceroute 127.0.0.1
traceroute: findsaddr: write: No such process


>How-To-Repeat:
traceroute some host.
>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-jail 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Fri Oct 9 19:44:09 UTC 2009 
Responsible-Changed-Why:  
reassign. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=139454 

From: Frank Steinborn <steinex@nognu.de>
To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org
Cc:  
Subject: Re: misc/139454: traceroute does not work inside jail
Date: Fri, 9 Oct 2009 22:28:09 +0200

 BTW, it works when enumerating the source address with -s. A friend
 told me that he's seeing the same issue on 7.1 - 6.4 will be tested
 later tonight and i will follow up with the results (I'm pretty sure
 it worked there, though). 

From: Frank Steinborn <steinex@nognu.de>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: misc/139454: traceroute does not work inside jail
Date: Fri, 9 Oct 2009 22:34:53 +0200

 BTW, it works when enumerating the source address with -s. A friend
 told me that he's seeing the same issue on 7.1 - 6.4 will be tested
 later tonight and i will follow up with the results (I'm pretty sure
 it worked there, though). 

From: Miroslav Lachman <000.fbsd@quip.cz>
To: bug-followup@FreeBSD.org,  steinex@nognu.de
Cc:  
Subject: Re: kern/139454: [jail] traceroute does not work inside jail
Date: Sat, 10 Oct 2009 00:20:36 +0200

 I can confirm that traceroute inside jail on 6.3 works, on 7.2 works 
 only with traceroute -s <jails_addr>
 
 Both machines have security.jail.allow_raw_sockets: 1
Responsible-Changed-From-To: freebsd-jail->bz 
Responsible-Changed-By: bz 
Responsible-Changed-When: Mon Oct 12 07:08:21 UTC 2009 
Responsible-Changed-Why:  
This could be multi-IP jails fallout though it's more likely 
that traceroute is doing something silly. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=139454 
State-Changed-From-To: open->analyzed 
State-Changed-By: bz 
State-Changed-When: Mon Oct 12 08:25:14 UTC 2009 
State-Changed-Why:  
Problem most likely identifed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=139454 

From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
To: bug-followup@FreeBSD.org, steinex@nognu.de
Cc:  
Subject: Re: kern/139454: [jail] traceroute does not work inside jail
Date: Mon, 12 Oct 2009 08:24:37 +0000 (UTC)

 Hi,
 
 after a quick look, I'd assume the ESRCH comes from:
 
 http://fxr.watson.org/fxr/source/net/rtsock.c?v=FREEBSD72#L567
 
 introduced with this change:
 http://svn.freebsd.org/viewvc/base?view=revision&revision=188284
 
 -- 
 Bjoern A. Zeeb         It will not break if you know what you are doing.

From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
To: bug-followup@FreeBSD.org, steinex@nognu.de, 
    Miroslav Lachman <000.fbsd@quip.cz>
Cc:  
Subject: Re: kern/139454: [jail] traceroute does not work inside jail
Date: Tue, 5 Jan 2010 11:30:23 +0000 (UTC)

 Hi,
 
 fixing the kernel is not really desirable as we would start leaking
 information to jails again.
 
 On the other hand starting with the multi-IP jails (or slightly
 before) the kernel grew proper source address selection so we should
 make use of that.  I have the following patch out for review at the
 moment - you might want to try it and report back:
 
 http://people.freebsd.org/~bz/20100105-01-traceroute-saddrsel.diff
 
 /bz
 
 -- 
 Bjoern A. Zeeb         It will not break if you know what you are doing.

From: Frank Steinborn <steinex@nognu.de>
To: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Cc: bug-followup@FreeBSD.org, Miroslav Lachman <000.fbsd@quip.cz>
Subject: Re: kern/139454: [jail] traceroute does not work inside jail
Date: Tue, 5 Jan 2010 22:05:22 +0100

 Tested with almost all possible switches on 7.2/i386 and 7.2/amd64
 and it worked fine.
 
 Thank you for tracking this down :)
 
 Frank

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/139454: commit references a PR
Date: Fri,  8 Jan 2010 16:59:43 +0000 (UTC)

 Author: bz
 Date: Fri Jan  8 16:59:28 2010
 New Revision: 201806
 URL: http://svn.freebsd.org/changeset/base/201806
 
 Log:
   Switch traceroute over to make use of proper in-kernel source
   address selection.
   
   Reviewed by:	rwatson, fenner
   MFC after:	1 week
   X-MFCable to:	stable/8, stable/7 (after r183571).
   PR:		kern/139454
   Tested by:	Frank Steinborn (steinex nognu.de)
 
 Added:
   head/usr.sbin/traceroute/findsaddr-udp.c   (contents, props changed)
 Modified:
   head/usr.sbin/traceroute/Makefile
 
 Modified: head/usr.sbin/traceroute/Makefile
 ==============================================================================
 --- head/usr.sbin/traceroute/Makefile	Fri Jan  8 16:58:37 2010	(r201805)
 +++ head/usr.sbin/traceroute/Makefile	Fri Jan  8 16:59:28 2010	(r201806)
 @@ -5,7 +5,7 @@ TRACEROUTE_DISTDIR?= ${.CURDIR}/../../co
  
  PROG=	traceroute
  MAN=	traceroute.8
 -SRCS=	as.c version.c traceroute.c ifaddrlist.c findsaddr-socket.c
 +SRCS=	as.c version.c traceroute.c ifaddrlist.c findsaddr-udp.c
  BINOWN=	root
  BINMODE=4555
  CLEANFILES=	version.c
 @@ -29,7 +29,7 @@ DPADD=	${LIBIPSEC}
  LDADD=	-lipsec
  .endif
  
 -CFLAGS+= -I${TRACEROUTE_DISTDIR}/lbl
 +CFLAGS+= -I${TRACEROUTE_DISTDIR}/lbl -I${TRACEROUTE_DISTDIR}
  
  WARNS?=	0
  
 
 Added: head/usr.sbin/traceroute/findsaddr-udp.c
 ==============================================================================
 --- /dev/null	00:00:00 1970	(empty, because file is newly added)
 +++ head/usr.sbin/traceroute/findsaddr-udp.c	Fri Jan  8 16:59:28 2010	(r201806)
 @@ -0,0 +1,94 @@
 +/*-
 + * Copyright (c) 2010 Bjoern A. Zeeb <bz@FreeBSD.org>
 + * All rights reserved.
 + *
 + * Redistribution and use in source and binary forms, with or without
 + * modification, are permitted provided that the following conditions
 + * are met:
 + * 1. Redistributions of source code must retain the above copyright
 + * notice, this list of conditions and the following disclaimer.
 + * 2. Redistributions in binary form must reproduce the above copyright
 + * notice, this list of conditions and the following disclaimer in the
 + * documentation and/or other materials provided with the distribution.
 + *
 + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 + * SUCH DAMAGE.
 + *
 + * $FreeBSD$
 + */
 +
 +#include <string.h>
 +#include <unistd.h>
 +
 +#include <sys/types.h>
 +#include <sys/socket.h>
 +
 +#include <netinet/in.h>
 +
 +#include "findsaddr.h"
 +#include "traceroute.h"
 +
 +/*
 + * Return the source address for the given destination address.
 + *
 + * This makes use of proper source address seclection in the FreeBSD kernel
 + * even taking jails into account (sys/netinet/in_pcb.c:in_pcbladdr()).
 + * We open a UDP socket, and connect to the destination, letting the kernel
 + * do the bind and then read the source IPv4 address using getsockname(2).
 + * This has multiple advantages: no need to do PF_ROUTE operations possibly
 + * needing special privileges, jails properly taken into account and most
 + * important - getting the result the kernel would give us rather than
 + * best-guessing ourselves.
 + */
 +const char *
 +findsaddr(register const struct sockaddr_in *to,
 +    register struct sockaddr_in *from)
 +{
 +	const char *errstr;
 +	struct sockaddr_in cto, cfrom;
 +	int s;
 +	socklen_t len;
 +
 +	s = socket(AF_INET, SOCK_DGRAM, 0);
 +	if (s == -1)
 +		return ("failed to open DGRAM socket for src addr selection.");
 +
 +	errstr = NULL;
 +	len = sizeof(struct sockaddr_in);
 +	memcpy(&cto, to, len);
 +	cto.sin_port = htons(65535);	/* Dummy port for connect(2). */
 +	if (connect(s, (struct sockaddr *)&cto, len) == -1) {
 +		errstr = "failed to connect to peer for src addr selection.";
 +		goto err;
 +	}
 +
 +	if (getsockname(s, (struct sockaddr *)&cfrom, &len) == -1) {
 +		errstr = "failed to get socket name for src addr selection.";
 +		goto err;
 +	}
 +
 +	if (len != sizeof(struct sockaddr_in) || cfrom.sin_family != AF_INET) {
 +		errstr = "unexpected address family in src addr selection.";
 +		goto err;
 +	}
 +
 +	/* Update source address for traceroute. */
 +	setsin(from, cfrom.sin_addr.s_addr);
 +
 +err:
 +	(void) close(s);
 +
 +	/* No error (string) to return. */
 +	return (errstr);
 +}
 +
 +/* end */
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: analyzed->patched 
State-Changed-By: bz 
State-Changed-When: Fri Jan 8 17:06:37 UTC 2010 
State-Changed-Why:  
Change was comitted to HEAD and will be MFCed in a couple of days. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=139454 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/139454: commit references a PR
Date: Sun, 17 Jan 2010 15:20:46 +0000 (UTC)

 Author: bz
 Date: Sun Jan 17 15:20:34 2010
 New Revision: 202485
 URL: http://svn.freebsd.org/changeset/base/202485
 
 Log:
   MFC r201806:
     Switch traceroute over to make use of proper in-kernel source
     address selection.
   
     Reviewed by:  rwatson, fenner
     PR:           kern/139454
     Tested by:    Frank Steinborn (steinex nognu.de)
   
   MFC r201897:
     Correct spelling.
   
     Submitted by: (pluknet gmail.com)
 
 Added:
   stable/8/usr.sbin/traceroute/findsaddr-udp.c
      - copied, changed from r201806, head/usr.sbin/traceroute/findsaddr-udp.c
 Modified:
   stable/8/usr.sbin/traceroute/Makefile
 Directory Properties:
   stable/8/usr.sbin/traceroute/   (props changed)
 
 Modified: stable/8/usr.sbin/traceroute/Makefile
 ==============================================================================
 --- stable/8/usr.sbin/traceroute/Makefile	Sun Jan 17 14:11:42 2010	(r202484)
 +++ stable/8/usr.sbin/traceroute/Makefile	Sun Jan 17 15:20:34 2010	(r202485)
 @@ -5,7 +5,7 @@ TRACEROUTE_DISTDIR?= ${.CURDIR}/../../co
  
  PROG=	traceroute
  MAN=	traceroute.8
 -SRCS=	as.c version.c traceroute.c ifaddrlist.c findsaddr-socket.c
 +SRCS=	as.c version.c traceroute.c ifaddrlist.c findsaddr-udp.c
  BINOWN=	root
  BINMODE=4555
  CLEANFILES=	version.c
 @@ -29,7 +29,7 @@ DPADD=	${LIBIPSEC}
  LDADD=	-lipsec
  .endif
  
 -CFLAGS+= -I${TRACEROUTE_DISTDIR}/lbl
 +CFLAGS+= -I${TRACEROUTE_DISTDIR}/lbl -I${TRACEROUTE_DISTDIR}
  
  version.c: ${TRACEROUTE_DISTDIR}/VERSION
  	@rm -f ${.TARGET}
 
 Copied and modified: stable/8/usr.sbin/traceroute/findsaddr-udp.c (from r201806, head/usr.sbin/traceroute/findsaddr-udp.c)
 ==============================================================================
 --- head/usr.sbin/traceroute/findsaddr-udp.c	Fri Jan  8 16:59:28 2010	(r201806, copy source)
 +++ stable/8/usr.sbin/traceroute/findsaddr-udp.c	Sun Jan 17 15:20:34 2010	(r202485)
 @@ -40,7 +40,7 @@
  /*
   * Return the source address for the given destination address.
   *
 - * This makes use of proper source address seclection in the FreeBSD kernel
 + * This makes use of proper source address selection in the FreeBSD kernel
   * even taking jails into account (sys/netinet/in_pcb.c:in_pcbladdr()).
   * We open a UDP socket, and connect to the destination, letting the kernel
   * do the bind and then read the source IPv4 address using getsockname(2).
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/139454: commit references a PR
Date: Sun, 17 Jan 2010 15:21:43 +0000 (UTC)

 Author: bz
 Date: Sun Jan 17 15:21:24 2010
 New Revision: 202486
 URL: http://svn.freebsd.org/changeset/base/202486
 
 Log:
   MFC r201806:
     Switch traceroute over to make use of proper in-kernel source
     address selection.
   
     Reviewed by:  rwatson, fenner
     PR:           kern/139454
     Tested by:    Frank Steinborn (steinex nognu.de)
   
   MFC r201897:
     Correct spelling.
   
     Submitted by: (pluknet gmail.com)
 
 Added:
   stable/7/usr.sbin/traceroute/findsaddr-udp.c
      - copied, changed from r201806, head/usr.sbin/traceroute/findsaddr-udp.c
 Modified:
   stable/7/usr.sbin/traceroute/Makefile
 Directory Properties:
   stable/7/usr.sbin/traceroute/   (props changed)
 
 Modified: stable/7/usr.sbin/traceroute/Makefile
 ==============================================================================
 --- stable/7/usr.sbin/traceroute/Makefile	Sun Jan 17 15:20:34 2010	(r202485)
 +++ stable/7/usr.sbin/traceroute/Makefile	Sun Jan 17 15:21:24 2010	(r202486)
 @@ -5,7 +5,7 @@ TRACEROUTE_DISTDIR?= ${.CURDIR}/../../co
  
  PROG=	traceroute
  MAN=	traceroute.8
 -SRCS=	as.c version.c traceroute.c ifaddrlist.c findsaddr-socket.c
 +SRCS=	as.c version.c traceroute.c ifaddrlist.c findsaddr-udp.c
  BINOWN=	root
  BINMODE=4555
  CLEANFILES=	version.c
 @@ -29,7 +29,7 @@ DPADD=	${LIBIPSEC}
  LDADD=	-lipsec
  .endif
  
 -CFLAGS+= -I${TRACEROUTE_DISTDIR}/lbl
 +CFLAGS+= -I${TRACEROUTE_DISTDIR}/lbl -I${TRACEROUTE_DISTDIR}
  
  version.c: ${TRACEROUTE_DISTDIR}/VERSION
  	@rm -f ${.TARGET}
 
 Copied and modified: stable/7/usr.sbin/traceroute/findsaddr-udp.c (from r201806, head/usr.sbin/traceroute/findsaddr-udp.c)
 ==============================================================================
 --- head/usr.sbin/traceroute/findsaddr-udp.c	Fri Jan  8 16:59:28 2010	(r201806, copy source)
 +++ stable/7/usr.sbin/traceroute/findsaddr-udp.c	Sun Jan 17 15:21:24 2010	(r202486)
 @@ -40,7 +40,7 @@
  /*
   * Return the source address for the given destination address.
   *
 - * This makes use of proper source address seclection in the FreeBSD kernel
 + * This makes use of proper source address selection in the FreeBSD kernel
   * even taking jails into account (sys/netinet/in_pcb.c:in_pcbladdr()).
   * We open a UDP socket, and connect to the destination, letting the kernel
   * do the bind and then read the source IPv4 address using getsockname(2).
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: bz 
State-Changed-When: Sun Jan 17 15:31:03 UTC 2010 
State-Changed-Why:  
Things should be fixed in RELENG_[78] and HEAD. 

Thanks for reporting and testing. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=139454 
>Unformatted:
