SCTP binds to IPs outside of jail
Michael Tuexen
Michael.Tuexen at lurchi.franken.de
Sun Apr 6 19:44:58 UTC 2014
On 06 Apr 2014, at 20:44, Bjoern A. Zeeb <bzeeb-lists at lists.zabbadoz.net> wrote:
>
> On 06 Apr 2014, at 17:04 , Michael Tuexen <Michael.Tuexen at lurchi.franken.de> wrote:
>
>>> Aehm, the SCTP code was filtering addresses at one point and made sure only jail-visible addresses were seen or bound very much like normal PCB handling. If this is not the case (anymore) SCTP shall not be allowed inside jails again.
>> Are you referring to prison_local_ip4() and prison_local_ip6() calls?
>> These are used while explicit binding. However, I don't think we
>> do the corresponding filtering when sending INIT-/INIT-ACKs or
>> export the list of address via the sysctl interface used by netstat.
>> I guess this needs to be added, right?
>
> Yes.
OK. Give me a couple of days and I'll try to fix the SCTP stack
(need to set up a test environment for it).
Best regards
Michael
>
> —
> Bjoern A. Zeeb ????????? ??? ??????? ??????:
> '??? ??? ???? ?????? ??????? ?? ?? ??????? ??????? ??? ????? ????? ????
> ?????? ?? ????? ????', ????????? ?????????, "??? ????? ?? ?????", ?.???
>
>
More information about the freebsd-net
mailing list