git: jail - Allow loopback interface in in_pcbladdr_find()

Matthew Dillon dillon at crater.dragonflybsd.org
Sun Feb 23 12:08:47 PST 2020


commit 567e5b2cd1f59335198a211f9c19c41490eae492
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Sun Feb 23 10:11:28 2020 -0800

    jail - Allow loopback interface in in_pcbladdr_find()
    
    * Prior jail adjustments to allow loopback IPs to be specified in
      the ip-list missed this bit of code which caused the binding
      code to ignore routes to loopback interfaces.
    
    * Adjust the code to accept such routes.  If a loopback IP is in
      the jail's ip-list, it can now be bound to.  If not, and a loopback
      route is returned, it will use the first non-loopback IP in the jail's
      ip-list.
    
    * Note that listen sockets within a jail are not overloaded and so can
      connect to listen sockets on the host or in other jails when a common
      IP (such as 127.0.0.1) is in the ip-list for both.  In this regard,
      shared loopback IPs now work identically to shared NIC IPs.
    
      IP aliases may be used to create a separation.  If you use e.g. 127.0.0.2
      in a jail, bindings to 127.0.0.1 will automatically be adjusted to
      use 127.0.0.2.

Summary of changes:
 sys/netinet/in_pcb.c | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/567e5b2cd1f59335198a211f9c19c41490eae492


-- 
DragonFly BSD source repository



More information about the Commits mailing list