IPv6 multicast sent to jail
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Mon Sep 3 12:21:08 UTC 2012
On Sat, 25 Aug 2012, Jamie Gritton wrote:
...
>>>> Curtis
>>>
>>> Offhand, it does sound like a bug. I imagine the solution would be to
>>> reject the join - at least the easy solution to be done first until
>>> something more complicated can be done to make jails play nice with
>>> multicast.
>>>
>>> - Jamie
>>
>>
>> Jamie,
>>
>> Certainly not the preferred solution. Best would be a
>> jail.allow-ipv6multicast sysctl variable with rejecting the join if 0
>> and accepting the join and passing in multicast if 1. Same for v4,
>> though not of immediate concern since DHCPv4 doesn't need it.
>>
>> If you (or someone) would like to point me in the right direction, I
>> would be willing to put some time into learning the relevant code and
>> proposing a fix. No promises, but I can put some time into it. Off
>> list if you prefer.
>>
>> Curtis
>
> It'll have to be someone besides me - I don't know enough about
> multicast myself to be able to do more than keep it out of jails.
sysctl souns bad to me; I think it should actually be grouped by
ip4.* and ip6.*. What dod we currently do for raw sockets? Can we
have a third level easily, as in ip4.raw.*, ip6.mc.*, ... which of
course would kill the classic "allow" thing for raw sockets myabe?
/bz
--
Bjoern A. Zeeb You have to have visions!
Stop bit received. Insert coin for new address family.
More information about the freebsd-jail
mailing list