From owner-freebsd-hackers@FreeBSD.ORG  Wed Apr 16 09:12:08 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A517437B401
	for <freebsd-hackers@FreeBSD.ORG>;
	Wed, 16 Apr 2003 09:12:08 -0700 (PDT)
Received: from lurza.secnetix.de (lurza.secnetix.de [212.66.1.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7E12043F85
	for <freebsd-hackers@FreeBSD.ORG>;
	Wed, 16 Apr 2003 09:12:07 -0700 (PDT)
	(envelope-from olli@lurza.secnetix.de)
Received: from lurza.secnetix.de (lwxklm@localhost [127.0.0.1])
	by lurza.secnetix.de (8.12.8p1/8.12.8) with ESMTP id h3GGC5B5075926
	for <freebsd-hackers@FreeBSD.ORG>;
	Wed, 16 Apr 2003 18:12:06 +0200 (CEST)
	(envelope-from oliver.fromme@secnetix.de)
Received: (from olli@localhost)
	by lurza.secnetix.de (8.12.8p1/8.12.8/Submit) id h3GGC58Z075925;
	Wed, 16 Apr 2003 18:12:05 +0200 (CEST)
Date: Wed, 16 Apr 2003 18:12:05 +0200 (CEST)
Message-Id: <200304161612.h3GGC58Z075925@lurza.secnetix.de>
From: Oliver Fromme <olli@secnetix.de>
To: freebsd-hackers@FreeBSD.ORG
In-Reply-To: <Pine.GSO.4.44.0304161532120.14291-100000@mail.ilrt.bris.ac.uk>
X-Newsgroups: list.freebsd-hackers
User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.8-RELEASE (i386))
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Subject: Re: Multiple ip-numbers in jails (fixed INADDR_ANY behaviour).
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: freebsd-hackers@FreeBSD.ORG
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Apr 2003 16:12:08 -0000

Jan Grant <Jan.Grant@bristol.ac.uk> wrote:
 > You can't have multiple processes listen on the same address and port,
 > but you CAN have one listen on a specific IP and port and another listen
 > on INADDR_ANY and the same port. By extension, you'd expect a _more
 > specific_ binding of INADDR_ANY to override a more general one.

Oops, you are right.  Must have been my lack of caffeine.  :-)

It means that you have to be very careful with daemons that
run in the host environment.  If they bind to INADDR_ANY,
then any jailed process can override them (for the jail IPs).
That might be a dangerous.  Would be nice to have a knob to
disable that behaviour.

Regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"If you do things right, people won't be sure you've done
anything at all." -- God in Futurama season 4 episode 8