Date: Sun, 6 Apr 2014 21:44:52 +0200 From: Michael Tuexen <Michael.Tuexen@lurchi.franken.de> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: FreeBSD Net <freebsd-net@freebsd.org>, Bernd Walter <ticso@cicely7.cicely.de>, ticso@cicely.de Subject: Re: SCTP binds to IPs outside of jail Message-ID: <B08FDC5C-31BC-4FC4-A818-174868EA0EC1@lurchi.franken.de> In-Reply-To: <B21AFBF1-2AE4-4BE8-88C6-9A09E872FE28@lists.zabbadoz.net> References: <20140405210246.GB58138@cicely7.cicely.de> <7D1ABA78-D48D-48B7-9CE7-152BD59DB1B0@lurchi.franken.de> <77B6DEC1-D7E8-446E-A057-A692379D9EFB@lists.zabbadoz.net> <5785F386-DC41-4D0A-BBBE-6DA935095451@lurchi.franken.de> <B21AFBF1-2AE4-4BE8-88C6-9A09E872FE28@lists.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06 Apr 2014, at 20:44, Bjoern A. Zeeb = <bzeeb-lists@lists.zabbadoz.net> wrote: >=20 > On 06 Apr 2014, at 17:04 , Michael Tuexen = <Michael.Tuexen@lurchi.franken.de> wrote: >=20 >>> Aehm, the SCTP code was filtering addresses at one point and made = sure only jail-visible addresses were seen or bound very much like = normal PCB handling. If this is not the case (anymore) SCTP shall not = be allowed inside jails again.=20 >> Are you referring to prison_local_ip4() and prison_local_ip6() calls? >> These are used while explicit binding. However, I don't think we >> do the corresponding filtering when sending INIT-/INIT-ACKs or >> export the list of address via the sysctl interface used by netstat. >> I guess this needs to be added, right? >=20 > Yes. OK. Give me a couple of days and I'll try to fix the SCTP stack (need to set up a test environment for it). Best regards Michael >=20 > =97=20 > Bjoern A. Zeeb ????????? ??? ??????? = ??????: > '??? ??? ???? ?????? ??????? ?? ?? ??????? ??????? ??? ????? ????? = ???? > ?????? ?? ????? ????', ????????? ?????????, "??? ????? ?? ?????", = ?.??? >=20 >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B08FDC5C-31BC-4FC4-A818-174868EA0EC1>