projects / dragonfly.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 567e5b2) | patch
jail - Fix broken port matching code
authorMatthew Dillon <dillon@apollo.backplane.com>
Sun, 23 Feb 2020 20:02:27 +0000 (12:02 -0800)
committerMatthew Dillon <dillon@apollo.backplane.com>
Sun, 23 Feb 2020 20:08:41 +0000 (12:08 -0800)
commit60844ec82bdb76bef6b5575aa3b10b07db4d671c
tree8c8e8deba6764871bf7d8ed946776d70ea2cd361tree | snapshot
parent567e5b2cd1f59335198a211f9c19c41490eae492commit | diff
jail - Fix broken port matching code

* in_pcblookup_local() and in_pcblookup_localremote() were trying to
  use the cred to distinguish between jails, but these routines are used
  to locate a free port for bindind purposes and could wind up returning
  a lookup failure for an occupied port.

  The code may have been present in an early isolation attempt for jails.

* Remove the code.  Isolating the IPs for a jail basically requires using
  IP aliases, not by trying to isolate port number sets between jails.
sys/netinet/in_pcb.c diff | blob | blame | history
DragonFly Project Source