Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 31 Mar 2017 09:10:05 +0000 (UTC)
From:      Steven Hartland <smh@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r316328 - in head: . sys/netinet6
Message-ID:  <201703310910.v2V9A518061304@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: smh
Date: Fri Mar 31 09:10:05 2017
New Revision: 316328
URL: https://svnweb.freebsd.org/changeset/base/316328

Log:
  Allow explicitly assigned IPv6 loopback address to be used in jails
  
  If a jail has an explicitly assigned IPv6 loopback address then allow it
  to be used instead of remapping requests for the loopback adddress to the
  first IPv6 address assigned to the jail.
  
  This fixes issues where applications attempt to detect their bound port
  where they requested a loopback address, which was available, but instead
  the kernel remapped it to the jails first address.
  
  This is the same fix applied to IPv4 fix by: r316313
  
  Also:
  * Correct the description of prison_check_ip6_locked to match the code.
  
  MFC after:	2 weeks
  Relnotes:	Yes
  Sponsored by:	Multiplay

Modified:
  head/UPDATING
  head/sys/netinet6/in6_jail.c

Modified: head/UPDATING
==============================================================================
--- head/UPDATING	Fri Mar 31 08:43:07 2017	(r316327)
+++ head/UPDATING	Fri Mar 31 09:10:05 2017	(r316328)
@@ -52,9 +52,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 12
 ****************************** SPECIAL WARNING: ******************************
 
 20170331:
-	Binds and sends to the IPv4 loopback address (127.0.0.1) will now
+	Binds and sends to the loopback addresses, IPv6 and IPv4, will now
 	use any explicitly assigned loopback address available in the jail
-	instead of using the first assigned IPv4 address of the jail.
+	instead of using the first assigned address of the jail.
 
 20170329:
 	The ctl.ko module no longer implements the iSCSI target frontend:

Modified: head/sys/netinet6/in6_jail.c
==============================================================================
--- head/sys/netinet6/in6_jail.c	Fri Mar 31 08:43:07 2017	(r316327)
+++ head/sys/netinet6/in6_jail.c	Fri Mar 31 09:10:05 2017	(r316328)
@@ -293,12 +293,6 @@ prison_local_ip6(struct ucred *cred, str
 		return (EAFNOSUPPORT);
 	}
 
-	if (IN6_IS_ADDR_LOOPBACK(ia6)) {
-		bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr));
-		mtx_unlock(&pr->pr_mtx);
-		return (0);
-	}
-
 	if (IN6_IS_ADDR_UNSPECIFIED(ia6)) {
 		/*
 		 * In case there is only 1 IPv6 address, and v6only is true,
@@ -311,6 +305,11 @@ prison_local_ip6(struct ucred *cred, str
 	}
 
 	error = prison_check_ip6_locked(pr, ia6);
+	if (error == EADDRNOTAVAIL && IN6_IS_ADDR_LOOPBACK(ia6)) {
+		bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr));
+		error = 0;
+	}
+
 	mtx_unlock(&pr->pr_mtx);
 	return (error);
 }
@@ -341,7 +340,8 @@ prison_remote_ip6(struct ucred *cred, st
 		return (EAFNOSUPPORT);
 	}
 
-	if (IN6_IS_ADDR_LOOPBACK(ia6)) {
+	if (IN6_IS_ADDR_LOOPBACK(ia6) &&
+            prison_check_ip6_locked(pr, ia6) == EADDRNOTAVAIL) {
 		bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr));
 		mtx_unlock(&pr->pr_mtx);
 		return (0);
@@ -357,9 +357,8 @@ prison_remote_ip6(struct ucred *cred, st
 /*
  * Check if given address belongs to the jail referenced by cred/prison.
  *
- * Returns 0 if jail doesn't restrict IPv6 or if address belongs to jail,
- * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
- * doesn't allow IPv6.
+ * Returns 0 if address belongs to jail,
+ * EADDRNOTAVAIL if the address doesn't belong to the jail.
  */
 int
 prison_check_ip6_locked(const struct prison *pr, const struct in6_addr *ia6)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703310910.v2V9A518061304>