From owner-freebsd-bugs@FreeBSD.ORG  Fri Jun 28 19:00:00 2013
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 9E84BE3B
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Fri, 28 Jun 2013 19:00:00 +0000 (UTC)
 (envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id 6C65F1FC0
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Fri, 28 Jun 2013 19:00:00 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r5SJ0021091570
 for <freebsd-bugs@freefall.freebsd.org>; Fri, 28 Jun 2013 19:00:00 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r5SJ008L091561;
 Fri, 28 Jun 2013 19:00:00 GMT (envelope-from gnats)
Resent-Date: Fri, 28 Jun 2013 19:00:00 GMT
Resent-Message-Id: <201306281900.r5SJ008L091561@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
 Bernd Walter <ticso@cicely.de>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id DB8CDCE8
 for <freebsd-gnats-submit@FreeBSD.org>; Fri, 28 Jun 2013 18:56:30 +0000 (UTC)
 (envelope-from nobody@FreeBSD.org)
Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121])
 by mx1.freebsd.org (Postfix) with ESMTP id CE8071F70
 for <freebsd-gnats-submit@FreeBSD.org>; Fri, 28 Jun 2013 18:56:30 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
 by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id r5SIuUYP098410
 for <freebsd-gnats-submit@FreeBSD.org>; Fri, 28 Jun 2013 18:56:30 GMT
 (envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
 by oldred.freebsd.org (8.14.5/8.14.5/Submit) id r5SIuU0u098409;
 Fri, 28 Jun 2013 18:56:30 GMT (envelope-from nobody)
Message-Id: <201306281856.r5SIuU0u098409@oldred.freebsd.org>
Date: Fri, 28 Jun 2013 18:56:30 GMT
From: Bernd Walter <ticso@cicely.de>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Subject: kern/180067: Multicast support within jails
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jun 2013 19:00:00 -0000


>Number:         180067
>Category:       kern
>Synopsis:       Multicast support within jails
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 28 19:00:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Bernd Walter
>Release:        9.1-STABLE
>Organization:
>Environment:
>Description:
To have multicast support in Jails it is required to allow group addresses to be configured for the jail.
In reality this is impossible as multicast groups are not always a local decision.
It also disallows joining the same multicast group within multiple jails.
The tiny patch allows IPv6 multicast adresses to be used within jails without special configuration.
It is used in production since more than one year, but considered more as an example than a complete patch.
A similar check should also be done for IPv4 and maybe placed under a sysctl or jail option which is disabled by default.
This change was worked out together with Aron Schlesinger <as@paefchen.net>.

>How-To-Repeat:

>Fix:
Index: kern/kern_jail.c
===================================================================
--- kern/kern_jail.c    (revision 251406)
+++ kern/kern_jail.c    (working copy)
@@ -3282,6 +3282,9 @@
 {
        int i, a, z, d;
 
+       if (IN6_IS_ADDR_MULTICAST(ia6))
+              return (0);
+
        /*
         * Check the primary IP.
         */


>Release-Note:
>Audit-Trail:
>Unformatted: