From owner-freebsd-net@FreeBSD.ORG Sat Apr 5 21:03:34 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 036CB455 for ; Sat, 5 Apr 2014 21:03:34 +0000 (UTC) Received: from raven.bwct.de (raven.bwct.de [85.159.14.73]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "raven.bwct.de", Issuer "BWCT" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 88CBED7F for ; Sat, 5 Apr 2014 21:03:32 +0000 (UTC) Received: from mail.cicely.de ([10.1.1.37]) by raven.bwct.de (8.13.4/8.13.4) with ESMTP id s35L2x4V063907 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Sat, 5 Apr 2014 23:03:00 +0200 (CEST) (envelope-from ticso@cicely7.cicely.de) Received: from cicely7.cicely.de (cicely7.cicely.de [10.1.1.9]) by mail.cicely.de (8.14.5/8.14.4) with ESMTP id s35L2kLm034273 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 5 Apr 2014 23:02:46 +0200 (CEST) (envelope-from ticso@cicely7.cicely.de) Received: from cicely7.cicely.de (localhost [127.0.0.1]) by cicely7.cicely.de (8.14.2/8.14.2) with ESMTP id s35L2kCF065073; Sat, 5 Apr 2014 23:02:46 +0200 (CEST) (envelope-from ticso@cicely7.cicely.de) Received: (from ticso@localhost) by cicely7.cicely.de (8.14.2/8.14.2/Submit) id s35L2kqK065072; Sat, 5 Apr 2014 23:02:46 +0200 (CEST) (envelope-from ticso) Date: Sat, 5 Apr 2014 23:02:46 +0200 From: Bernd Walter To: freebsd-net@freebsd.org Subject: SCTP binds to IPs outside of jail Message-ID: <20140405210246.GB58138@cicely7.cicely.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Operating-System: FreeBSD cicely7.cicely.de 7.0-STABLE i386 User-Agent: Mutt/1.5.11 X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED=-1, BAYES_00=-1.9, T_FRT_STOCK2=0.01, T_RP_MATCHES_RCVD=-0.01 autolearn=unavailable version=3.3.0 X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on spamd.cicely.de Cc: Bernd Walter X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: ticso@cicely.de List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Apr 2014 21:03:34 -0000 So far I've tested this on FreeBSD-9.2 BETA2 r254053M only. The modifications are to allow IPv6 multicast support within jail which only makes a difference for multicast addresses and some multicast loopback checksum bugs - both changes are open PR. I've created an AF_INET6 SCTP one to many socket to receive incoming messages. The process was started within a jail. Now netstat -anW lists all host IPv6 IPs, not just those of the jail. Also not sure why this AF_INET6 socket is shown as sctp46. This is the relevant C++ code part to open the socket: int setup_sctp_socket(uint16_t port) { int sc = socket(AF_INET6, SOCK_SEQPACKET, IPPROTO_SCTP); { // reuse address long val = 1; setsockopt(sc, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)); // XXX error handling } { // no delay long val = 1; setsockopt(sc, SOL_SOCKET, SCTP_NODELAY, &val, sizeof(val)); // XXX error handling } { // eeor mode (last write needs MSG_EOR to declare end of message) // Linux has MSG_MORE negative send flag long val = 1; setsockopt(sc, SOL_SOCKET, SCTP_EXPLICIT_EOR, &val, sizeof(val)); // XXX error handling } #if 0 { struct sctp_initmsg init; bzero(&init, sizeof(init)); init.sinit_num_ostreams = HDB_STREAMS; init.sinit_max_instreams = HDB_STREAMS; // SOL_SCTP instead of IPPROTO_SCTP on Linux setsockopt(sc, IPPROTO_SCTP, SCTP_INITMSG, &init, (socklen_t)sizeof(struct sctp_initmsg)); // XXX error handling } #endif { struct sockaddr_in6 addr; bzero(&addr, sizeof(addr)); addr.sin6_len = sizeof(addr); addr.sin6_family = AF_INET6; addr.sin6_port = htons(port); bind(sc, (struct sockaddr *)&addr, sizeof(struct sockaddr_in)); // XXX error handling } { // enable heartbeats at 1000ms struct sctp_paddrparams paddr_params; bzero(&paddr_params, sizeof(paddr_params)); paddr_params.spp_address.ss_family = AF_INET6; paddr_params.spp_flags = SPP_HB_ENABLE; paddr_params.spp_hbinterval = 1000; // SOL_SCTP instead of IPPROTO_SCTP on Linux setsockopt(sc, IPPROTO_SCTP, SCTP_PEER_ADDR_PARAMS, &paddr_params, sizeof(paddr_params)); // XXX error handling } { struct sctp_event_subscribe events; bzero(&events, sizeof(events)); events.sctp_data_io_event = 1; // we need io_events to know where the message came from // subscribe to other events as well for testing events.sctp_association_event = 1; events.sctp_address_event = 1; events.sctp_send_failure_event = 1; events.sctp_peer_error_event = 1; events.sctp_shutdown_event = 1; events.sctp_partial_delivery_event = 1; events.sctp_adaptation_layer_event = 1; events.sctp_authentication_event = 1; events.sctp_sender_dry_event = 1; events.sctp_stream_reset_event = 1; setsockopt(sc, IPPROTO_SCTP, SCTP_EVENTS, &events, sizeof(events)); // XXX error handling } { // setup send and receive buffers (default on FreeBSD 9.x) long val; val = 1864135; setsockopt(sc, SOL_SOCKET, SO_RCVBUF, &val, sizeof(val)); // XXX error handling val = 1864135; setsockopt(sc, SOL_SOCKET, SO_SNDBUF, &val, sizeof(val)); // XXX error handling } listen (sc, 1); // listen is required to allow incoming associations, but no listen queue // XXX error handling return sc; } -- B.Walter http://www.bwct.de Modbus/TCP Ethernet I/O Baugruppen, ARM basierte FreeBSD Rechner uvm.