SCTP binds to IPs outside of jail
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Sun Apr 6 18:44:44 UTC 2014
On 06 Apr 2014, at 17:04 , Michael Tuexen <Michael.Tuexen at lurchi.franken.de> wrote:
>> Aehm, the SCTP code was filtering addresses at one point and made sure only jail-visible addresses were seen or bound very much like normal PCB handling. If this is not the case (anymore) SCTP shall not be allowed inside jails again.
> Are you referring to prison_local_ip4() and prison_local_ip6() calls?
> These are used while explicit binding. However, I don't think we
> do the corresponding filtering when sending INIT-/INIT-ACKs or
> export the list of address via the sysctl interface used by netstat.
> I guess this needs to be added, right?
Yes.
—
Bjoern A. Zeeb ????????? ??? ??????? ??????:
'??? ??? ???? ?????? ??????? ?? ?? ??????? ??????? ??? ????? ????? ????
?????? ?? ????? ????', ????????? ?????????, "??? ????? ?? ?????", ?.???
More information about the freebsd-net
mailing list