From nobody@FreeBSD.org  Mon Jun  4 18:49:50 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 7EA60106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  4 Jun 2012 18:49:50 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 6AEEA8FC1E
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  4 Jun 2012 18:49:50 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q54InoCG001751
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 4 Jun 2012 18:49:50 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q54InoB7001750;
	Mon, 4 Jun 2012 18:49:50 GMT
	(envelope-from nobody)
Message-Id: <201206041849.q54InoB7001750@red.freebsd.org>
Date: Mon, 4 Jun 2012 18:49:50 GMT
From: Mark Felder <feld@feld.me>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Jails incorrectly choose source address
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         168678
>Category:       kern
>Synopsis:       [jail] raw sockets incorrectly choose source address when jail has multiple subnets
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    gnn
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jun 04 18:50:17 UTC 2012
>Closed-Date:    
>Last-Modified:  Sun May 18 04:59:11 UTC 2014
>Originator:     Mark Felder
>Release:        8, 9
>Organization:
>Environment:
8,9
>Description:
bz@ is aware of this bug but I figured it's best if I make a proper PR before I forget about the issue.

Scenario: 

FreeBSD server with multiple subnets/VLANs across multiple interfaces. You want to map several of these into a single jail. This works correctly; the jail starts fine. Outgoing TCP/UDP traffic works, but anything that requires a raw socket (notably ICMP) will fail to any subnet that falls outside of the first IP address's range.


>How-To-Repeat:
Create jail which has following IPs:

192.168.1.10
172.16.5.10
10.1.4.10

You can ping anything on the 192.168.1.0/24 subnet just fine, but you can't on the 172. or 10. subnets. Sniffing shows all source traffic to the 172. and 10. subnets incorrectly using 192.168.1.10 as the source address.
>Fix:
Bug bz@ until he fixes it :-)

He knows what's wrong, and will take care of it after some important ipv6 work is completed.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-jail 
Responsible-Changed-By: gavin 
Responsible-Changed-When: Mon Jun 18 14:16:53 UTC 2012 
Responsible-Changed-Why:  
Fix assignment per submitter request 

http://www.freebsd.org/cgi/query-pr.cgi?pr=168678 
Responsible-Changed-From-To: freebsd-jail->bz 
Responsible-Changed-By: bz 
Responsible-Changed-When: Tue Jun 19 12:33:35 UTC 2012 
Responsible-Changed-Why:  
bz feels the bugs.  The ping patch has been living in my browser 
window for weeks now; I should get the kernel fix done as well. 

http://people.freebsd.org/~bz/20120407-01-ping-source-addr.diff 

The problem is described here: 
http://svnweb.freebsd.org/base/head/sys/netinet/raw_ip.c?annotate=229265#l461 

http://www.freebsd.org/cgi/query-pr.cgi?pr=168678 
Responsible-Changed-From-To: bz->gnn 
Responsible-Changed-By: bz 
Responsible-Changed-When: Sun May 18 04:59:04 UTC 2014 
Responsible-Changed-Why:  
I shall not use bugzilla (at least until we will have a CLI). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=168678 
>Unformatted:
