Date: Sun, 6 Apr 2014 18:44:50 +0000 From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Michael Tuexen <Michael.Tuexen@lurchi.franken.de> Cc: FreeBSD Net <freebsd-net@freebsd.org>, Bernd Walter <ticso@cicely7.cicely.de>, ticso@cicely.de Subject: Re: SCTP binds to IPs outside of jail Message-ID: <B21AFBF1-2AE4-4BE8-88C6-9A09E872FE28@lists.zabbadoz.net> In-Reply-To: <5785F386-DC41-4D0A-BBBE-6DA935095451@lurchi.franken.de> References: <20140405210246.GB58138@cicely7.cicely.de> <7D1ABA78-D48D-48B7-9CE7-152BD59DB1B0@lurchi.franken.de> <77B6DEC1-D7E8-446E-A057-A692379D9EFB@lists.zabbadoz.net> <5785F386-DC41-4D0A-BBBE-6DA935095451@lurchi.franken.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06 Apr 2014, at 17:04 , Michael Tuexen = <Michael.Tuexen@lurchi.franken.de> wrote: >> Aehm, the SCTP code was filtering addresses at one point and made = sure only jail-visible addresses were seen or bound very much like = normal PCB handling. If this is not the case (anymore) SCTP shall not = be allowed inside jails again.=20 > Are you referring to prison_local_ip4() and prison_local_ip6() calls? > These are used while explicit binding. However, I don't think we > do the corresponding filtering when sending INIT-/INIT-ACKs or > export the list of address via the sysctl interface used by netstat. > I guess this needs to be added, right? Yes. =97=20 Bjoern A. Zeeb ????????? ??? ??????? ??????: '??? ??? ???? ?????? ??????? ?? ?? ??????? ??????? ??? ????? ????? ???? ?????? ?? ????? ????', ????????? ?????????, "??? ????? ?? ?????", ?.???
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B21AFBF1-2AE4-4BE8-88C6-9A09E872FE28>