From owner-freebsd-net@FreeBSD.ORG  Sun Apr  6 19:44:58 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 7B09A1B1
 for <freebsd-net@freebsd.org>; Sun,  6 Apr 2014 19:44:58 +0000 (UTC)
Received: from mail-n.franken.de (drew.ipv6.franken.de
 [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "mail-n.franken.de", Issuer "Thawte DV SSL CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 37BC9321
 for <freebsd-net@freebsd.org>; Sun,  6 Apr 2014 19:44:58 +0000 (UTC)
Received: from [192.168.1.103] (p508F3041.dip0.t-ipconnect.de [80.143.48.65])
 (Authenticated sender: macmic)
 by mail-n.franken.de (Postfix) with ESMTP id 5E6371C10466A;
 Sun,  6 Apr 2014 21:44:54 +0200 (CEST)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
Subject: Re: SCTP binds to IPs outside of jail
From: Michael Tuexen <Michael.Tuexen@lurchi.franken.de>
In-Reply-To: <B21AFBF1-2AE4-4BE8-88C6-9A09E872FE28@lists.zabbadoz.net>
Date: Sun, 6 Apr 2014 21:44:52 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <B08FDC5C-31BC-4FC4-A818-174868EA0EC1@lurchi.franken.de>
References: <20140405210246.GB58138@cicely7.cicely.de>
 <7D1ABA78-D48D-48B7-9CE7-152BD59DB1B0@lurchi.franken.de>
 <77B6DEC1-D7E8-446E-A057-A692379D9EFB@lists.zabbadoz.net>
 <5785F386-DC41-4D0A-BBBE-6DA935095451@lurchi.franken.de>
 <B21AFBF1-2AE4-4BE8-88C6-9A09E872FE28@lists.zabbadoz.net>
To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
X-Mailer: Apple Mail (2.1874)
Cc: FreeBSD Net <freebsd-net@freebsd.org>,
 Bernd Walter <ticso@cicely7.cicely.de>, ticso@cicely.de
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Apr 2014 19:44:58 -0000

On 06 Apr 2014, at 20:44, Bjoern A. Zeeb =
<bzeeb-lists@lists.zabbadoz.net> wrote:

>=20
> On 06 Apr 2014, at 17:04 , Michael Tuexen =
<Michael.Tuexen@lurchi.franken.de> wrote:
>=20
>>> Aehm, the SCTP code was filtering addresses at one point and made =
sure only jail-visible addresses were seen or bound very much like =
normal PCB handling.  If this is not the case (anymore) SCTP shall not =
be allowed inside jails again.=20
>> Are you referring to prison_local_ip4() and prison_local_ip6() calls?
>> These are used while explicit binding. However, I don't think we
>> do the corresponding filtering when sending INIT-/INIT-ACKs or
>> export the list of address via the sysctl interface used by netstat.
>> I guess this needs to be added, right?
>=20
> Yes.
OK. Give me a couple of days and I'll try to fix the SCTP stack
(need to set up a test environment for it).

Best regards
Michael
>=20
> =97=20
> Bjoern A. Zeeb                             ????????? ??? ??????? =
??????:
> '??? ??? ???? ??????  ??????? ?? ?? ??????? ??????? ??? ????? ????? =
????
> ?????? ?? ????? ????',  ????????? ?????????, "??? ????? ?? ?????", =
?.???
>=20
>=20