bind()/sendto() behavior in RELENG_7

2009-05-08 Thread Brian A. Seklecki
All:

Did the behavior of bind()/sendto() functions WRT jails change in
proximity to the RELENG_7_2 branch?

I just spent 1.5 days chasing, what I thought was a bug in Courier-MTA's
IPv6 socket selection code within Jails, to realize a paradox of a
configuration scenario:

My ESTMP client libraries in Courier were programed to explicitly bind()
to a specific source address.  The system in question was RELENG_7 from
last month; but was upgraded to 7.2-R last week, when this problem was
observed.  After which, I began to receive:
   Can't assign requested address, as expected.

Unfortunately, we also enabled IPv6 on the system at the same time,
complicating troubleshooting.

The configuration for Courier in the jail is being rsync(1)'d every hour
from a production environment (where explicit binding for System-Service
abstraction is a security policy requirement) to a DRP system within a
Jail.

So as far as I know, the explicit bind was always present in the DRP
jail and in theory, should never have worked.

I hypothesize that after 7.2-R was installed, the correct behavior of
bind() began to occur, and that prior to that, it was gracefully
allowing Courier to bind() to an IP that wasn't present in the jail.

Unfortunately, I don't have any records of what the RELENG_7 build date
was of the original jail environment to test this hypothesis.

~BAS

___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org


Re: bind()/sendto() behavior in RELENG_7

2009-05-08 Thread Bjoern A. Zeeb

On Fri, 8 May 2009, Brian A. Seklecki wrote:

Hi,


All:

Did the behavior of bind()/sendto() functions WRT jails change in
proximity to the RELENG_7_2 branch?

I just spent 1.5 days chasing, what I thought was a bug in Courier-MTA's
IPv6 socket selection code within Jails, to realize a paradox of a
configuration scenario:

My ESTMP client libraries in Courier were programed to explicitly bind()
to a specific source address.  The system in question was RELENG_7 from
last month; but was upgraded to 7.2-R last week, when this problem was
observed.  After which, I began to receive:
  Can't assign requested address, as expected.

Unfortunately, we also enabled IPv6 on the system at the same time,
complicating troubleshooting.

The configuration for Courier in the jail is being rsync(1)'d every hour
from a production environment (where explicit binding for System-Service
abstraction is a security policy requirement) to a DRP system within a
Jail.

So as far as I know, the explicit bind was always present in the DRP
jail and in theory, should never have worked.

I hypothesize that after 7.2-R was installed, the correct behavior of
bind() began to occur, and that prior to that, it was gracefully
allowing Courier to bind() to an IP that wasn't present in the jail.

Unfortunately, I don't have any records of what the RELENG_7 build date
was of the original jail environment to test this hypothesis.


So I am having trouble understanding the actual problem with what on
which system what fails and enough things are coming together So let
me ask a few questions/explain:

1) Had you been running the multi-IP jail work on the 7-STABLE before
already?

2) In the past you did bind to an IPv4 address and the same address
worked on machines even if the IP wasn't there. Right?

3) Now you switched on IPv6 as well 2) no longer works?

4) can you give me the output of sysctl net.inet6.ip6.v6only ?

/bz

--
Bjoern A. Zeeb  The greatest risk is not taking one.
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org