From tobez@FreeBSD.org Thu Aug 2 16:13:02 2001 Date: Wed, 1 Aug 2001 17:25:20 +0200 From: Anton Berezin To: rwatson@FreeBSD.org Subject: [PATCH] make bind INADDR_LOOPBACK work in jails Hi, Currently, if one tries to bind a socket using INADDR_LOOPBACK inside a jail, it will fail because prison_ip() does not take this possibility into account. On the other hand, when one tries to connect(), for example, to localhost, prison_remote_ip() will silently convert INADDR_LOOPBACK to the jail's IP address. Therefore, it is desirable to make bind() to do this implicit conversion as well. Apart from this, the patch also replaces 0x7f000001 in prison_remote_ip() to a more correct INADDR_LOOPBACK. Do you think this can go in? Index: kern_jail.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_jail.c,v retrieving revision 1.10 diff -u -p -r1.10 kern_jail.c --- kern_jail.c 2001/02/21 06:39:54 1.10 +++ kern_jail.c 2001/08/01 15:16:28 @@ -123,6 +123,13 @@ prison_ip(struct ucred *cred, int flag, *ip = htonl(cred->cr_prison->pr_ip); return (0); } + if (tmp == INADDR_LOOPBACK) { + if (flag) + *ip = cred->cr_prison->pr_ip; + else + *ip = htonl(cred->cr_prison->pr_ip); + return (0); + } if (cred->cr_prison->pr_ip != tmp) return (1); return (0); @@ -139,7 +146,7 @@ prison_remote_ip(struct ucred *cred, int tmp = *ip; else tmp = ntohl(*ip); - if (tmp == 0x7f000001) { + if (tmp == INADDR_LOOPBACK) { if (flag) *ip = cred->cr_prison->pr_ip; else =Anton. -- May the tuna salad be with you.