Multiple ip-numbers in jails (fixed INADDR_ANY behaviour).
Jan Grant
Jan.Grant at bristol.ac.uk
Wed Apr 16 07:36:22 PDT 2003
On Wed, 16 Apr 2003, Oliver Fromme wrote:
> Pawel Jakub Dawidek <nick at garage.freebsd.pl> wrote:
> > On Wed, Apr 16, 2003 at 12:25:11PM +0100, Jan Grant wrote:
> > +> Hang on, so you're saying that if my machine has (say) 4 IP addresses,
> > +> and the jail has two of them, and I've a process listening on INADDR_ANY
> > +> in a non-jail, and one listening on INADDR_ANY in a jail,
>
> That shouldn't be possible at all. You cannot have multiple
> processes listen on the same address and port, no matter
> whether they're in a jail or not.
>
> If this patch for multiple IP numbers in jails breaks that
> behaviour, then it does not fix INADDR_ANY behaviour, despite
> what the subject says. :-)
>
> > # /usr/sbin/sshd -p 666
> > # jail / temp <yourip> /usr/sbin/sshd -p 666
>
> That last command _must_ fail with errno EADDRINUSE.
You can't have multiple processes listen on the same address and port,
but you CAN have one listen on a specific IP and port and another listen
on INADDR_ANY and the same port. By extension, you'd expect a _more
specific_ binding of INADDR_ANY to override a more general one.
Certainly, if one process is listening on 192.168.0.1:1234, then another
should NOT be able to bind to that same address. It's not clear that the
same sweeping statement can be made about INADDR_ANY.
--
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/
YKYBPTMRogueW... you try to move diagonally in vi.
More information about the freebsd-hackers
mailing list