git: jail - Fix broken port matching code

Matthew Dillon dillon at crater.dragonflybsd.org
Sun Feb 23 12:08:47 PST 2020


commit 60844ec82bdb76bef6b5575aa3b10b07db4d671c
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Sun Feb 23 12:02:27 2020 -0800

    jail - Fix broken port matching code
    
    * in_pcblookup_local() and in_pcblookup_localremote() were trying to
      use the cred to distinguish between jails, but these routines are used
      to locate a free port for bindind purposes and could wind up returning
      a lookup failure for an occupied port.
    
      The code may have been present in an early isolation attempt for jails.
    
    * Remove the code.  Isolating the IPs for a jail basically requires using
      IP aliases, not by trying to isolate port number sets between jails.

Summary of changes:
 sys/netinet/in_pcb.c | 44 ++++++++++++++++----------------------------
 1 file changed, 16 insertions(+), 28 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/60844ec82bdb76bef6b5575aa3b10b07db4d671c


-- 
DragonFly BSD source repository



More information about the Commits mailing list