jail - vnet bug - ping: UDP connect: No route to host

Mon Apr 12 10:53:08 UTC 2021

On Sun, 11 Apr 2021 07:42:23 +0300
Özkan KIRIK <ozkan.kirik at gmail.com> wrote:

> Hello,
> 
> 
> root at f13:~ # jexec client ping www.google.com
> ping: UDP connect: No route to host
> 
> root at f13:~ # jexec client ping -4 -c 2 www.google.com
> PING www.google.com (216.58.212.100): 56 data bytes
> 64 bytes from 216.58.212.100: icmp_seq=0 ttl=128 time=85.487 ms
> 64 bytes from 216.58.212.100: icmp_seq=1 ttl=128 time=90.243 ms
> 
> --- www.google.com ping statistics ---
> 2 packets transmitted, 2 packets received, 0.0% packet loss
> round-trip min/avg/max/stddev = 85.487/87.865/90.243/2.378 ms
> root at f13:~ #

That's interesting - ping6 was merged into ping last year, the basic
logic of deciding which AF to use is here:

https://cgit.freebsd.org/src/tree/sbin/ping/main.c#n128

Essentially it does:

1. IPv6 disabled? Use IPv4
else
2. IPv4 disabled? Use IPv6
else
3. do hostname lookup and decide based on the AF of the first result.

As far as I can tell, the result of 3. is not used for the ping though,
but only to decide if ping6 or ping should be done. I wonder if this is
actually a good idea - gut feeling-wise I would prefer only one lookup
to take place when calling ping.

That said, what happens if you call:

  jexec client ping -6 -c 2 www.google.com

I assume that should give you some output (including an IP address),
even though the ping6 itself will fail.

Also, what is your /etc/resolv.conf inside the jail?

I suspect that the problem is caused by the gethostbyaddr call in 3.
and is not directly IPv6 related - if I compare the code used by ping.c
and ping6.c (including capsicum support) with what 3. does, we might
have a bigger problem here.

Best,
Michael

> _______________________________________________
> freebsd-net at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

-- 
Michael Gmelin