On Tue, 18 Sep 2007, Scott Lambert wrote: Hi,
I've been trying to get FreeRADIUS 2.0 working inside a FreeBSD 6.2-STABLE jail. The work I've been doing with the Alan DeKok of FreeRADIUS starts with this message: https://lists.freeradius.org/pipermail/freeradius-users/2007-September/065883.html Here is the thread index : https://lists.freeradius.org/pipermail/freeradius-users/2007-September/thread.html#65883 I am way out of my depth at this point. I thought I had the problem found yesterday in FreeRADIUS but Alan says what I did to "fix" it shouldn't work at all.
if you mean the == INADDR_ANY => != change, Alan should be right from the code you pasted into the mails.
He seems to think it is a jail problem.
I haven't read their code but from what I got in the thread it sounds like they seem to be overly clever doing assumtions that are just wrong (no matter if it's a jail or not). So it seems C: bind(INADDR_ANY) C: getsockname returns an address inside the jail C: packet gets out to dstaddr S: the packets gets proccessed S: a reply is send to the IP address from the dstaddr (as used by the client) and it should always be that way (no matter if the C: is in jail or not) C: packets is recved C: ip address is checked and to whatever it would be checked should match - in case they have the IP address it would match, in case they bound to inaddr_any all addresses should match. They might have problems matching up their internal state or overwriting something somewhere. I would assume what could happen is that bind to INADDR_ANY, getsockname returns != INADDR_ANY thus inaddr_any = 0; On recv. they fill in the match from the Client = * definition which would be INADDR_ANY but inaddr_any is set to 0 and thus the check on the ip address does not match because they would need both INADDR_ANY and inaddr_any = 1 for that (for whatever reason they need to duplicate that information). But that's just a wild guess... -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time. _______________________________________________ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[EMAIL PROTECTED]"