From owner-freebsd-hackers@FreeBSD.ORG Wed Apr 16 07:36:22 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 83C6C37B401 for ; Wed, 16 Apr 2003 07:36:22 -0700 (PDT) Received: from dire.bris.ac.uk (dire.bris.ac.uk [137.222.10.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id A23F443FBD for ; Wed, 16 Apr 2003 07:36:21 -0700 (PDT) (envelope-from Jan.Grant@bristol.ac.uk) Received: from mail.ilrt.bris.ac.uk by dire.bris.ac.uk with SMTP-PRIV with ESMTP; Wed, 16 Apr 2003 15:36:14 +0100 Received: from cmjg (helo=localhost) by mail.ilrt.bris.ac.uk with local-esmtp (Exim 3.16 #1) id 195nzi-0002GK-00; Wed, 16 Apr 2003 15:34:38 +0100 Date: Wed, 16 Apr 2003 15:34:38 +0100 (BST) From: Jan Grant X-X-Sender: cmjg@mail.ilrt.bris.ac.uk To: freebsd-hackers@FreeBSD.ORG In-Reply-To: <200304161349.h3GDnKxl008394@lurza.secnetix.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: Jan Grant Subject: Re: Multiple ip-numbers in jails (fixed INADDR_ANY behaviour). X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2003 14:36:22 -0000 On Wed, 16 Apr 2003, Oliver Fromme wrote: > Pawel Jakub Dawidek wrote: > > On Wed, Apr 16, 2003 at 12:25:11PM +0100, Jan Grant wrote: > > +> Hang on, so you're saying that if my machine has (say) 4 IP addresses, > > +> and the jail has two of them, and I've a process listening on INADDR_ANY > > +> in a non-jail, and one listening on INADDR_ANY in a jail, > > That shouldn't be possible at all. You cannot have multiple > processes listen on the same address and port, no matter > whether they're in a jail or not. > > If this patch for multiple IP numbers in jails breaks that > behaviour, then it does not fix INADDR_ANY behaviour, despite > what the subject says. :-) > > > # /usr/sbin/sshd -p 666 > > # jail / temp /usr/sbin/sshd -p 666 > > That last command _must_ fail with errno EADDRINUSE. You can't have multiple processes listen on the same address and port, but you CAN have one listen on a specific IP and port and another listen on INADDR_ANY and the same port. By extension, you'd expect a _more specific_ binding of INADDR_ANY to override a more general one. Certainly, if one process is listening on 192.168.0.1:1234, then another should NOT be able to bind to that same address. It's not clear that the same sweeping statement can be made about INADDR_ANY. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/ YKYBPTMRogueW... you try to move diagonally in vi.