Multiple ip-numbers in jails (fixed INADDR_ANY behaviour).
Jan Grant
Jan.Grant at bristol.ac.uk
Wed Apr 16 04:27:31 PDT 2003
On Tue, 15 Apr 2003, Pawel Jakub Dawidek wrote:
> Hello hackers...
>
> I've just finished patch for multiple ip-numbers inside jails.
>
> There was a problem with handling INADDR_ANY correctly in multiple ips
> implementations, but I think I solved this problem.
>
> Another thing are priorities.
> When port X is opened on main host and in jail as INADDR_ANY, current
> implementation of jail converts INADDR_ANY to jail's IP.
> When we're connecting to this port we will connect to jail's daemon,
> because "exactly match" is there.
> In my solution looking for opened port is in this order:
> 1. non-jailed, non-wild.
> 2. non-jailed, wild.
> 3. jailed, non-wild.
> 4. jailed, wild.
Hang on, so you're saying that if my machine has (say) 4 IP addresses,
and the jail has two of them, and I've a process listening on INADDR_ANY
in a non-jail, and one listening on INADDR_ANY in a jail, then a
connection to one of the jailed IPs will wind up with the non-jail
process?
That seems backwards to me. That is, it seems that the most "specific"
INADDR_ANY should match first.
> Please, review it. Thanks.
>
> PS. Patch is against FreeBSD-CURRENT.
>
>
--
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/
Axioms speak louder than words.
More information about the freebsd-hackers
mailing list