From owner-freebsd-hackers  Mon Mar 18 15: 7:13 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from pintail.mail.pas.earthlink.net (pintail.mail.pas.earthlink.net [207.217.120.122])
	by hub.freebsd.org (Postfix) with ESMTP id 8748337B400
	for <hackers@freebsd.org>; Mon, 18 Mar 2002 15:07:09 -0800 (PST)
Received: from pool0273.cvx21-bradley.dialup.earthlink.net ([209.179.193.18] helo=mindspring.com)
	by pintail.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 16n6DM-0001Kz-00; Mon, 18 Mar 2002 15:06:52 -0800
Message-ID: <3C9672F8.D4ADEDDB@mindspring.com>
Date: Mon, 18 Mar 2002 15:06:32 -0800
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony}  (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Lamont Granquist <lamont@scriptkiddie.org>
Cc: Poul-Henning Kamp <phk@critter.freebsd.dk>, hackers@FreeBSD.ORG
Subject: Re: jail bug with ircd-hybrid in_pcbconnect()?
References: <20020318093711.J1605-100000@coredump.scriptkiddie.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Lamont Granquist wrote:
> On Mon, 18 Mar 2002, Poul-Henning Kamp wrote:
> > All I can say is that I have had hell with that code and jail, and
> > you might be right that some cleanup after the first call is missing.
> >
> > You're probably also the closest person to fix it at this point...
> 
> Alright, I'll keep digging.
> 
> My guess is that on the first call we've got:
> 
> inp->inp_laddr.s_addr == INADDR_ANY
> inp->inp_lport == 0
> 
> And that after the first call we're supposed to have laddr = jail IP and
> lport = emphemeral, but for some reason laddr isn't getting set, so on the
> 2nd call we've got laddr = INADDR_ANY and lport = emphemeral and that
> in_pcbbind() pukes on that.


There's a bug in the hash code that treats a lookup of a
local bind as if it were in the INADDR_ANY domain, instead
of in a per IP address domain, when you are using a wildcard
port.

The easy workaround is to bind to the local address, instead
of INADDR_ANY.

You can trigger the bug on outbound connections by using a
wildcard port with a specified local IP address; it basically
ignores the local IP address contribution in the has compare,
and assigns outbound ports sequentially out of a single port
space, instead of having per IP address port spaces.

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message