From owner-freebsd-hackers@FreeBSD.ORG Wed Apr 16 09:12:08 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A517437B401 for ; Wed, 16 Apr 2003 09:12:08 -0700 (PDT) Received: from lurza.secnetix.de (lurza.secnetix.de [212.66.1.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E12043F85 for ; Wed, 16 Apr 2003 09:12:07 -0700 (PDT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lwxklm@localhost [127.0.0.1]) by lurza.secnetix.de (8.12.8p1/8.12.8) with ESMTP id h3GGC5B5075926 for ; Wed, 16 Apr 2003 18:12:06 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.12.8p1/8.12.8/Submit) id h3GGC58Z075925; Wed, 16 Apr 2003 18:12:05 +0200 (CEST) Date: Wed, 16 Apr 2003 18:12:05 +0200 (CEST) Message-Id: <200304161612.h3GGC58Z075925@lurza.secnetix.de> From: Oliver Fromme To: freebsd-hackers@FreeBSD.ORG In-Reply-To: X-Newsgroups: list.freebsd-hackers User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.8-RELEASE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: Multiple ip-numbers in jails (fixed INADDR_ANY behaviour). X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-hackers@FreeBSD.ORG List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2003 16:12:08 -0000 Jan Grant wrote: > You can't have multiple processes listen on the same address and port, > but you CAN have one listen on a specific IP and port and another listen > on INADDR_ANY and the same port. By extension, you'd expect a _more > specific_ binding of INADDR_ANY to override a more general one. Oops, you are right. Must have been my lack of caffeine. :-) It means that you have to be very careful with daemons that run in the host environment. If they bind to INADDR_ANY, then any jailed process can override them (for the jail IPs). That might be a dangerous. Would be nice to have a knob to disable that behaviour. Regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "If you do things right, people won't be sure you've done anything at all." -- God in Futurama season 4 episode 8