From owner-cvs-all  Sun Sep 17  6:40:29 2000
Delivered-To: cvs-all@freebsd.org
Received: from critter.freebsd.dk (flutter.freebsd.dk [212.242.40.147])
	by hub.freebsd.org (Postfix) with ESMTP
	id 973A537B422; Sun, 17 Sep 2000 06:40:24 -0700 (PDT)
Received: from critter (localhost [127.0.0.1])
	by critter.freebsd.dk (8.11.0/8.9.3) with ESMTP id e8HDeMN78670;
	Sun, 17 Sep 2000 15:40:22 +0200 (CEST)
	(envelope-from phk@critter.freebsd.dk)
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/netinet in_pcb.c 
In-Reply-To: Your message of "Sun, 17 Sep 2000 06:35:43 PDT."
             <200009171335.GAA01313@freefall.freebsd.org> 
Date: Sun, 17 Sep 2000 15:40:22 +0200
Message-ID: <78668.969198022@critter>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <200009171335.GAA01313@freefall.freebsd.org>, Poul-Henning Kamp writ
es:
>phk         2000/09/17 06:35:43 PDT
>
>  Modified files:
>    sys/netinet          in_pcb.c 
>  Log:
>  Properly jail UDP sockets.  This is quite a bit more tricky than TCP.
>  
>  This fixes a !root userland panic, and some cases where the wrong
>  interface was chosen for a jailed UDP socket.
>  
>  PR:		20167, 19839, 20946


There is still two wrinkle to UDP in jails:

When you send an UDP to 127.0.0.1 you get the answer from the jails
IP address:

	# dig @127.0.0.1 cybercity.dk ns

	; <<>> DiG 8.3 <<>> @127.0.0.1 cybercity.dk ns 
	; (1 server found)
	;; res options: init recurs defnam dnsrch
	;; not our server:
	[...]

I don't know what the practical upshot of that is, but if you
use the jails IP number in /etc/resolv.conf it works as expected.

The other wrinkle is that you have to use a lo0 alias address,
even if your jail-IP lives on one of your ethernets.  The workaround
for that is to add an permanent arp entry for your jail-IP and
your own ethernet address on the correct interface.

--
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD coreteam member | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message