On 1. May 2012, at 19:41 , David Thiel wrote: > Hello, > > So, I've been trying to debug an issue running nmap scans within jails, > partially documented here: > > http://seclists.org/nmap-dev/2012/q2/220 > > On further debugging, it's seeming like jails can't read routing > information directly at all: > > # route get 69.163.203.254 > route: writing to routing socket: No such process > > Now, this is normally done via reading the routing table via something like > socket(PF_ROUTE, SOCK_RAW, AF_INET), so one would suspect that this is a > problem with raw sockets; but raw sockets are enabled within the jail. > netstat is able to read routing information just fine, but I don't think > it's doing it via the socket() call.
hmm, sure you don't have /dev/mem in the jail? netstat -rn I think is still using libkvm *sigh* and not the sysctl API. > Anyone know why this behavior might be happening? Without thinking too much (as in if I got the right case) I think you are hitting this one: http://svnweb.freebsd.org/base/head/sys/net/rtsock.c?annotate=234572#l792 /bz -- Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do! _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
