Review of patch for raw packet source address selection under jails
Steven Hartland
killing at multiplay.co.uk
Tue Apr 9 11:58:34 UTC 2013
Currently source address selection for raw packets under jails
uses prison_get_ip4 in the INADDR_ANY case.
This can cause an invalid source address to be used, including
using addresses which are unusable e.g. down interfaces
un-routable addresses etc.
I suspect this is a hang over from when jails where essentially
single IP.
The attached patch switches to use full resolution for raw
packets via in_pcbladdr, which fixes this problem in all of
our testing.
Is this the correct path to take?
Regards
Steve
================================================
This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it.
In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337
or return the E.mail to postmaster at multiplay.co.uk.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jail-raw-srcaddr.patch
Type: application/octet-stream
Size: 2069 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20130409/6e243029/attachment.obj>
More information about the freebsd-net
mailing list