From owner-freebsd-net@FreeBSD.ORG  Sun Apr  6 18:44:44 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C3B8557C
 for <freebsd-net@freebsd.org>; Sun,  6 Apr 2014 18:44:44 +0000 (UTC)
Received: from mx1.sbone.de (bird.sbone.de [46.4.1.90])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 74A34E5A
 for <freebsd-net@freebsd.org>; Sun,  6 Apr 2014 18:44:44 +0000 (UTC)
Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587])
 (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.sbone.de (Postfix) with ESMTPS id EFFDB25D3AC0;
 Sun,  6 Apr 2014 18:44:41 +0000 (UTC)
Received: from content-filter.sbone.de (content-filter.sbone.de
 [IPv6:fde9:577b:c1a9:31::2013:2742])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.sbone.de (Postfix) with ESMTPS id 780ECC22BA8;
 Sun,  6 Apr 2014 18:44:41 +0000 (UTC)
X-Virus-Scanned: amavisd-new at sbone.de
Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587])
 by content-filter.sbone.de (content-filter.sbone.de
 [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024)
 with ESMTP id Ewq7fq_hJKb7; Sun,  6 Apr 2014 18:44:40 +0000 (UTC)
Received: from [IPv6:fde9:577b:c1a9:4410:395f:c902:48ef:f493] (unknown
 [IPv6:fde9:577b:c1a9:4410:395f:c902:48ef:f493])
 (using TLSv1 with cipher AES128-SHA (128/128 bits))
 (No client certificate requested)
 by mail.sbone.de (Postfix) with ESMTPSA id 65F47C22B9B;
 Sun,  6 Apr 2014 18:44:38 +0000 (UTC)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
Subject: Re: SCTP binds to IPs outside of jail
From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
In-Reply-To: <5785F386-DC41-4D0A-BBBE-6DA935095451@lurchi.franken.de>
Date: Sun, 6 Apr 2014 18:44:50 +0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <B21AFBF1-2AE4-4BE8-88C6-9A09E872FE28@lists.zabbadoz.net>
References: <20140405210246.GB58138@cicely7.cicely.de>
 <7D1ABA78-D48D-48B7-9CE7-152BD59DB1B0@lurchi.franken.de>
 <77B6DEC1-D7E8-446E-A057-A692379D9EFB@lists.zabbadoz.net>
 <5785F386-DC41-4D0A-BBBE-6DA935095451@lurchi.franken.de>
To: Michael Tuexen <Michael.Tuexen@lurchi.franken.de>
X-Mailer: Apple Mail (2.1874)
Cc: FreeBSD Net <freebsd-net@freebsd.org>,
 Bernd Walter <ticso@cicely7.cicely.de>, ticso@cicely.de
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Apr 2014 18:44:44 -0000


On 06 Apr 2014, at 17:04 , Michael Tuexen =
<Michael.Tuexen@lurchi.franken.de> wrote:

>> Aehm, the SCTP code was filtering addresses at one point and made =
sure only jail-visible addresses were seen or bound very much like =
normal PCB handling.  If this is not the case (anymore) SCTP shall not =
be allowed inside jails again.=20
> Are you referring to prison_local_ip4() and prison_local_ip6() calls?
> These are used while explicit binding. However, I don't think we
> do the corresponding filtering when sending INIT-/INIT-ACKs or
> export the list of address via the sysctl interface used by netstat.
> I guess this needs to be added, right?

Yes.

=97=20
Bjoern A. Zeeb                             ????????? ??? ??????? ??????:
'??? ??? ???? ??????  ??????? ?? ?? ??????? ??????? ??? ????? ????? ????
?????? ?? ????? ????',  ????????? ?????????, "??? ????? ?? ?????", ?.???