bind()/sendto() behavior in RELENG_7

Bjoern A. Zeeb bzeeb-lists at lists.zabbadoz.net
Sat May 9 01:35:08 UTC 2009


On Fri, 8 May 2009, Brian A. Seklecki wrote:

Hi,

> All:
>
> Did the behavior of bind()/sendto() functions WRT jails change in
> proximity to the RELENG_7_2 branch?
>
> I just spent 1.5 days chasing, what I thought was a bug in Courier-MTA's
> IPv6 socket selection code within Jails, to realize a paradox of a
> configuration scenario:
>
> My ESTMP client libraries in Courier were programed to explicitly bind()
> to a specific source address.  The system in question was RELENG_7 from
> last month; but was upgraded to 7.2-R last week, when this problem was
> observed.  After which, I began to receive:
>   "Can't assign requested address", as expected.
>
> Unfortunately, we also enabled IPv6 on the system at the same time,
> complicating troubleshooting.
>
> The configuration for Courier in the jail is being rsync(1)'d every hour
> from a production environment (where explicit binding for System-Service
> abstraction is a security policy requirement) to a DRP system within a
> Jail.
>
> So as far as I know, the explicit bind was always present in the DRP
> jail and in theory, should never have worked.
>
> I hypothesize that after 7.2-R was installed, the correct behavior of
> bind() began to occur, and that prior to that, it was gracefully
> allowing Courier to bind() to an IP that wasn't present in the jail.
>
> Unfortunately, I don't have any records of what the RELENG_7 build date
> was of the original jail environment to test this hypothesis.

So I am having trouble understanding the actual problem with what on
which system what fails and enough things are coming together> So let
me ask a few questions/explain:

1) Had you been running the multi-IP jail work on the 7-STABLE before
already?

2) In the past you did bind to an IPv4 address and the same address
worked on machines even if the IP wasn't there. Right?

3) Now you switched on IPv6 as well 2) no longer works?

4) can you give me the output of sysctl net.inet6.ip6.v6only ?

/bz

-- 
Bjoern A. Zeeb                      The greatest risk is not taking one.


More information about the freebsd-jail mailing list