8.0 still allow creating ipv6 udp socket in jail without ipv6 ip

Jamie Gritton jamie at FreeBSD.org
Wed Jul 29 17:48:07 UTC 2009

Bjoern A. Zeeb wrote:
> On Wed, 29 Jul 2009, Mykola Dzham wrote:
>> Bjoern A. Zeeb wrote:
>>> On Sat, 25 Jul 2009, Mykola Dzham wrote:
>>>> After r188146 creating tcp ipv6 socket in jail without ipv6 ip is not
>>>> allowed, but udp socket is allowed.
>>> I cannot really follow what you are trying to say as wrt IPv4 and IPv6
>>> sockets and what about UDP.
>>> Your sample further down is trying to use an IPv4 address on an IPv6
>>> Datagram socket which is an error either way.
>> Some java programms attempt to use ipv6 sockets, then use ipv4 if
>> socket(AF_INET6,...) fail. My sample imitate this
>>> Prior to FreeBSD 7.2 IPv6 hadn't been supported at all for jails.
>>> With 7.2 it was possible to create IPv6 sockets (but only shortly and
>>> then fail on bind/connect/...).  With the commit you reference the
>>> "Protocol not supported" came back in case there was no address of
>>> that address family for a given jail.
>>> With 8 the primary syntax for jails has changed and the "backward
>>> compat mode" again allows you to create a socket on a jail even if
>>> no address of the same family was configured for the jail.
>>> This should be addressed by the following patch:
>>> http://people.freebsd.org/~bz/20090727-01-jail8-legacy.diff
>>> Can you give it a try and report if that fixes your problem?
>> Patch aplied cleanly on r195820 , but jail can not start after patching:
>> # jail -l -U root -i /usr/home/d/guests/tap2 tap2.my.domain.com 
>> /bin/sh /etc/rc
>> jail: ip6: unknown boolean value "disable"
> r195820 is too old; but Jamie has a better solution; I would suggest
> to backout the jail(8) patch and wait for the next two commits of
> Jamie to HEAD and then update the machine again.

OK, with r195945 things should be back to disallowing sockets when no 
addresses were assigned for that family.  You'll need to rebuild the 
kernel for the fix, and libjail and possibly jail(8) to get past the 
"unknown boolean value" error.

- Jamie

More information about the freebsd-jail mailing list