[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] [PATCH] Locally configured IP check doesn't work for ipv6



On 30-07-2012 14:33, Thomas Steen Rasmussen wrote:
Hello all,

When I create a jail on 9-stable using the latest CVS version of
ezjail, I keep getting the message that the v6 IP I am using is not
configured on a local interface, even though it is.

The problem relates to differences between the ipv4 and ipv6
stack in FreeBSD. You can ping 127.0.0.1 from any configured
v4 IP on the system, but you cannot ping ::1 from a configured
v6 IP on the system - only from ::1.

The difference can easily be demonstrated:

---------------------------------------------------------------------------------
[tykling@glas ~]$ ping -S a.b.c.226 -c 1 127.0.0.1
PING 127.0.0.1 (127.0.0.1) from a.b.c.226: 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.021 ms

--- 127.0.0.1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.021/0.021/0.021/0.000 ms
[tykling@glas ~]$ ping6 -S w:x:y:z:: -c 1 ::1
PING6(56=40+8+8 bytes) w:x:y:z:: --> ::1

--- ::1 ping6 statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
[tykling@glas ~]$
---------------------------------------------------------------------------------

The below patch changes the functionality to ping the IP (v4
or v6) being checked, instead of pinging localhost. This works
well for me and got rid of the incorrect warning.

--------------------------------------------------------------------------------- --- /usr/local/bin/ezjail-admin.orig 2012-07-30 14:10:49.027650569 +0200
+++ /usr/local/bin/ezjail-admin 2012-07-30 14:19:21.310805271 +0200
@@ -714,7 +714,7 @@
   for ezjail_ip in ${ezjail_ips}; do
     case ${ezjail_ip} in *.*.*.*) _ping=ping;; *) _ping=ping6;; esac
# check, whether IP is configured on a local interface, warn if it isnt
-    ${_ping} -S ${ezjail_ip} -q -c 1 localhost >/dev/null 2>/dev/null
+    ${_ping} -S ${ezjail_ip} -q -c 1 ${ezjail_ip} >/dev/null 2>/dev/null
[ $? -eq 0 ] || echo "Warning: IP ${ezjail_ip} not configured on a local interface."

     # check, whether some host system services do listen on the Jails IP
---------------------------------------------------------------------------------

Hello,

The problem mentioned above is still a problem in the current version of ezjail.
The problem is on line 830 now though.

The fix is simply to ping the ip being checked instead of pinging localhost.

Am I the only one seeing this problem... or am I the only one using ipv6 ? :)
Any chance of seeing the patch commited ?

Thanks!

/Thomas Steen Rasmussen