[patch] Multiple ips for jails

Simon 'corecode' Schubert corecode at fs.ei.tum.de
Tue Nov 14 03:24:56 PST 2006 

Joerg Sonnenberger wrote:
On Tue, Nov 14, 2006 at 10:00:54AM +0100, Simon 'corecode' Schubert wrote:
Joerg Sonnenberger wrote:
At least the IPv6 case is incomplete as it doesn't deal with mapped ipv4
addresses. I also don't think the behaviour for INADDR_ANY is correct.
Could you elaborate on that?  How should mapped ipv4 addresses be handled?  
I guess there would need to be a check for already used ipv4 addresses, and 
vice versa.
If mapped IPv4 addresses are allowed, they should get exactly the same
handling as normal IPv4 addresses. Esp. mapped 127.0.0.1 needs to be
handled accordingly.
yes, I agree.

What behaviour for INADDR_ANY would be correct?  (If you can use this term)
When a socket is allowed to bind to INADDR_ANY two things have to be
guarantied:
(a) Connections to it are effectively only allowed, when one of the jail
IPs can be used. E.g. if the jail is bound to 192.168.1.1 and 10.1.1.1,
but the machine has also 176.1.1.1 as IP, a connection to that must not
go to the jail.
(b) Connections *from* the jail must use one of the jail addresses as
source. E.g. when the jail is bound to 192.168.1.1 as before, a
connection to 10.1.1.2 must not use 10.1.1.1 as soure address.
as far as i can tell, the patch was designed to do exactly what you are describing.

This gets further complicated by the question whether or not binding to
broadcast and/or multicast addresses should be enabled by default.
I don't know how this is handled at the moment, but I am confident that this could even be handled when the code is committed.  As long as the old behaviour persists with just one IP, it is fine.

cheers
 simon
--
Serve - BSD     +++  RENT this banner advert  +++    ASCII Ribbon   /"\
Work - Mac      +++  space for low €€€ NOW!1  +++      Campaign     \ /
Party Enjoy Relax   |   http://dragonflybsd.org      Against  HTML   \
Dude 2c 2 the max   !   http://golden-apple.biz       Mail + News   / \
Attachment:
signature.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00009.pgp
Type: application/octet-stream
Size: 252 bytes
Desc: "Description: OpenPGP digital signature"
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20061114/8af88085/attachment-0021.obj>

More information about the Users mailing list