John found and filed this bug during testing: 6749533 Zone incorrectly sees traffic sent to another zone on destination interface
It's an interesting bug, to say the least. The issue is specific to shared-stack zones, and is that a non-global zone is able to open a /dev/ipnet node for an IP interface on which it has no addresses. For example, if the system has two interfaces bge0 and bge1, and a non-global zone has an address on bge0 but not bge1, I can still run "snoop -I bge1" from that non-global zone. Is that a problem? Maybe, maybe not. The snoop process will only see packets that were sent from its zone, or put another way, packets that it could have seen anyway by running "snoop -I bge0". This kind of blurs whether or not this is acceptable. Is this something that should be fixed? Fixing this would require checking, at ipnet open time, whether or not a given ipnetif_t has addresses in the zone associated with the ipnet_t. Once the open succeeds (assuming that it does), we could go a step further and send M_HANGUP if the addresses that were in the zone associated with the ipnet_t go away. IMO, that's going too far... Any opinions? -Seb
