bind()/sendto() behavior in RELENG_7
Brian A. Seklecki
seklecki at noc.cfi.pgh.pa.us
Fri May 8 21:07:32 UTC 2009
All:
Did the behavior of bind()/sendto() functions WRT jails change in
proximity to the RELENG_7_2 branch?
I just spent 1.5 days chasing, what I thought was a bug in Courier-MTA's
IPv6 socket selection code within Jails, to realize a paradox of a
configuration scenario:
My ESTMP client libraries in Courier were programed to explicitly bind()
to a specific source address. The system in question was RELENG_7 from
last month; but was upgraded to 7.2-R last week, when this problem was
observed. After which, I began to receive:
"Can't assign requested address", as expected.
Unfortunately, we also enabled IPv6 on the system at the same time,
complicating troubleshooting.
The configuration for Courier in the jail is being rsync(1)'d every hour
from a production environment (where explicit binding for System-Service
abstraction is a security policy requirement) to a DRP system within a
Jail.
So as far as I know, the explicit bind was always present in the DRP
jail and in theory, should never have worked.
I hypothesize that after 7.2-R was installed, the correct behavior of
bind() began to occur, and that prior to that, it was gracefully
allowing Courier to bind() to an IP that wasn't present in the jail.
Unfortunately, I don't have any records of what the RELENG_7 build date
was of the original jail environment to test this hypothesis.
~BAS
More information about the freebsd-jail
mailing list