Date: Sun, 6 Apr 2014 13:42:36 +0200 From: Michael Tuexen <Michael.Tuexen@lurchi.franken.de> To: ticso@cicely.de Cc: FreeBSD Net <freebsd-net@freebsd.org>, Bernd Walter <ticso@cicely7.cicely.de> Subject: Re: SCTP binds to IPs outside of jail Message-ID: <7D1ABA78-D48D-48B7-9CE7-152BD59DB1B0@lurchi.franken.de> In-Reply-To: <20140405210246.GB58138@cicely7.cicely.de> References: <20140405210246.GB58138@cicely7.cicely.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05 Apr 2014, at 23:02, Bernd Walter <ticso@cicely7.cicely.de> wrote:
> So far I've tested this on FreeBSD-9.2 BETA2 r254053M only.
> The modifications are to allow IPv6 multicast support within jail
> which only makes a difference for multicast addresses and some =
multicast
> loopback checksum bugs - both changes are open PR.
>=20
> I've created an AF_INET6 SCTP one to many socket to receive incoming
> messages.
> The process was started within a jail.
> Now netstat -anW lists all host IPv6 IPs, not just those of the jail.
> Also not sure why this AF_INET6 socket is shown as sctp46.
This should be handled as a v6 only socket depending on your
setting of net.inet6.ip6.v6only sysctl variable by the SCTP stack.
However, netstat has no information about this and can not distinguish
between sctp6 and sctp46, so it reports sctp46 always. You can file
a PR about this.
The questions about the addresses and the jails: The SCTP code has
no jail specific code. If you bind a socket to the wildcard address
(which is what to do by not binding at all), the SCTP stack lists
all addresses it know about. I'm not sure what would happen, if
you send a packet to an address not owned by the jail.
You might want to file a separate PR about the support of jails.
Best regards
Michael
>=20
> This is the relevant C++ code part to open the socket:
> int
> setup_sctp_socket(uint16_t port)
> {
> int sc =3D socket(AF_INET6, SOCK_SEQPACKET, IPPROTO_SCTP);
> {
> // reuse address
> long val =3D 1;
> setsockopt(sc, SOL_SOCKET, SO_REUSEADDR, &val, =
sizeof(val));
> // XXX error handling
> }
> {
> // no delay
> long val =3D 1;
> setsockopt(sc, SOL_SOCKET, SCTP_NODELAY, &val, =
sizeof(val));
> // XXX error handling
> }
> {
> // eeor mode (last write needs MSG_EOR to declare end =
of message)
> // Linux has MSG_MORE negative send flag
> long val =3D 1;
> setsockopt(sc, SOL_SOCKET, SCTP_EXPLICIT_EOR, &val, =
sizeof(val));
> // XXX error handling
> }
> #if 0
> {
> struct sctp_initmsg init;
> bzero(&init, sizeof(init));
> init.sinit_num_ostreams =3D HDB_STREAMS;
> init.sinit_max_instreams =3D HDB_STREAMS;
> // SOL_SCTP instead of IPPROTO_SCTP on Linux
> setsockopt(sc, IPPROTO_SCTP, SCTP_INITMSG, &init, =
(socklen_t)sizeof(struct sctp_initmsg));
> // XXX error handling
> }
> #endif
> {
> struct sockaddr_in6 addr;
> bzero(&addr, sizeof(addr));
> addr.sin6_len =3D sizeof(addr);
> addr.sin6_family =3D AF_INET6;
> addr.sin6_port =3D htons(port);
> bind(sc, (struct sockaddr *)&addr, sizeof(struct =
sockaddr_in));
> // XXX error handling
> }
> {
> // enable heartbeats at 1000ms
> struct sctp_paddrparams paddr_params;
> bzero(&paddr_params, sizeof(paddr_params));
> paddr_params.spp_address.ss_family =3D AF_INET6;
> paddr_params.spp_flags =3D SPP_HB_ENABLE;
> paddr_params.spp_hbinterval =3D 1000;
> // SOL_SCTP instead of IPPROTO_SCTP on Linux
> setsockopt(sc, IPPROTO_SCTP, SCTP_PEER_ADDR_PARAMS, =
&paddr_params, sizeof(paddr_params));=20
> // XXX error handling
> }
> {
> struct sctp_event_subscribe events;
> bzero(&events, sizeof(events));
>=20
> events.sctp_data_io_event =3D 1; // we need io_events =
to know where the message came from
>=20
> // subscribe to other events as well for testing
> events.sctp_association_event =3D 1;
> events.sctp_address_event =3D 1;
> events.sctp_send_failure_event =3D 1;
> events.sctp_peer_error_event =3D 1;
> events.sctp_shutdown_event =3D 1;
> events.sctp_partial_delivery_event =3D 1;
> events.sctp_adaptation_layer_event =3D 1;
> events.sctp_authentication_event =3D 1;
> events.sctp_sender_dry_event =3D 1;
> events.sctp_stream_reset_event =3D 1;
>=20
> setsockopt(sc, IPPROTO_SCTP, SCTP_EVENTS, &events, =
sizeof(events));
> // XXX error handling
> }
> {
> // setup send and receive buffers (default on FreeBSD =
9.x)
> long val;
> val =3D 1864135;
> setsockopt(sc, SOL_SOCKET, SO_RCVBUF, &val, =
sizeof(val));
> // XXX error handling
> val =3D 1864135;
> setsockopt(sc, SOL_SOCKET, SO_SNDBUF, &val, =
sizeof(val));
> // XXX error handling
> }
> listen (sc, 1); // listen is required to allow incoming =
associations, but no listen queue
> // XXX error handling
>=20
> return sc;
> }
>=20
> --=20
> B.Walter <bernd@bwct.de> http://www.bwct.de
> Modbus/TCP Ethernet I/O Baugruppen, ARM basierte FreeBSD Rechner uvm.
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7D1ABA78-D48D-48B7-9CE7-152BD59DB1B0>