[patch] Multiple ips for jails
Victor Balada Diaz
victor at bsdes.net
Tue Nov 14 03:18:29 PST 2006
On Tue, Nov 14, 2006 at 11:31:57AM +0100, Joerg Sonnenberger wrote:
> On Tue, Nov 14, 2006 at 10:00:54AM +0100, Simon 'corecode' Schubert wrote:
> > Joerg Sonnenberger wrote:
> > >At least the IPv6 case is incomplete as it doesn't deal with mapped ipv4
> > >addresses. I also don't think the behaviour for INADDR_ANY is correct.
> >
> > Could you elaborate on that? How should mapped ipv4 addresses be handled?
> > I guess there would need to be a check for already used ipv4 addresses, and
> > vice versa.
>
> If mapped IPv4 addresses are allowed, they should get exactly the same
> handling as normal IPv4 addresses. Esp. mapped 127.0.0.1 needs to be
> handled accordingly.
The mapped ipv4 addresses needs further investigation, i'll check
it ASAP.
>
> > What behaviour for INADDR_ANY would be correct? (If you can use this term)
>
> When a socket is allowed to bind to INADDR_ANY two things have to be
> guarantied:
> (a) Connections to it are effectively only allowed, when one of the jail
> IPs can be used. E.g. if the jail is bound to 192.168.1.1 and 10.1.1.1,
> but the machine has also 176.1.1.1 as IP, a connection to that must not
> go to the jail.
This is already guaranteed.
> (b) Connections *from* the jail must use one of the jail addresses as
> source. E.g. when the jail is bound to 192.168.1.1 as before, a
> connection to 10.1.1.2 must not use 10.1.1.1 as soure address.
>
> This gets further complicated by the question whether or not binding to
> broadcast and/or multicast addresses should be enabled by default.
Multicast is not supported in jails.
--
La prueba más fehaciente de que existe vida inteligente en otros
planetas, es que no han intentado contactar con nosotros.
More information about the Users
mailing list