Date: Wed, 16 Apr 2003 15:34:38 +0100 (BST) From: Jan Grant <Jan.Grant@bristol.ac.uk> To: freebsd-hackers@FreeBSD.ORG Subject: Re: Multiple ip-numbers in jails (fixed INADDR_ANY behaviour). Message-ID: <Pine.GSO.4.44.0304161532120.14291-100000@mail.ilrt.bris.ac.uk> In-Reply-To: <200304161349.h3GDnKxl008394@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 16 Apr 2003, Oliver Fromme wrote: > Pawel Jakub Dawidek <nick@garage.freebsd.pl> wrote: > > On Wed, Apr 16, 2003 at 12:25:11PM +0100, Jan Grant wrote: > > +> Hang on, so you're saying that if my machine has (say) 4 IP addresses, > > +> and the jail has two of them, and I've a process listening on INADDR_ANY > > +> in a non-jail, and one listening on INADDR_ANY in a jail, > > That shouldn't be possible at all. You cannot have multiple > processes listen on the same address and port, no matter > whether they're in a jail or not. > > If this patch for multiple IP numbers in jails breaks that > behaviour, then it does not fix INADDR_ANY behaviour, despite > what the subject says. :-) > > > # /usr/sbin/sshd -p 666 > > # jail / temp <yourip> /usr/sbin/sshd -p 666 > > That last command _must_ fail with errno EADDRINUSE. You can't have multiple processes listen on the same address and port, but you CAN have one listen on a specific IP and port and another listen on INADDR_ANY and the same port. By extension, you'd expect a _more specific_ binding of INADDR_ANY to override a more general one. Certainly, if one process is listening on 192.168.0.1:1234, then another should NOT be able to bind to that same address. It's not clear that the same sweeping statement can be made about INADDR_ANY. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/ YKYBPTMRogueW... you try to move diagonally in vi.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.44.0304161532120.14291-100000>