git: jail - Fix broken port matching code
Matthew Dillon
dillon at crater.dragonflybsd.org
Sun Feb 23 12:08:47 PST 2020
commit 60844ec82bdb76bef6b5575aa3b10b07db4d671c
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Sun Feb 23 12:02:27 2020 -0800
jail - Fix broken port matching code
* in_pcblookup_local() and in_pcblookup_localremote() were trying to
use the cred to distinguish between jails, but these routines are used
to locate a free port for bindind purposes and could wind up returning
a lookup failure for an occupied port.
The code may have been present in an early isolation attempt for jails.
* Remove the code. Isolating the IPs for a jail basically requires using
IP aliases, not by trying to isolate port number sets between jails.
Summary of changes:
sys/netinet/in_pcb.c | 44 ++++++++++++++++----------------------------
1 file changed, 16 insertions(+), 28 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/60844ec82bdb76bef6b5575aa3b10b07db4d671c
--
DragonFly BSD source repository
More information about the Commits
mailing list