On Fri, 13 Jan 2023, Matthew Seaman wrote:
On 08/01/2023 18:52, Steffen Christgau wrote:
ip4.addr
A list of IPv4 addresses assigned to the jail. If this is set, the jail
is restricted to using only these addresses. [...] Attempts to use
I think someone needs to add the word "unicast" to these sentences.
In classic plain old IP jails there is no MC support. You need, as
Matthew points out below, a vnet enabled jail for that.
wildcard addresses silently use the jailed address instead. For IPv4 the
first address given will be used as the source address when
source address selection on unbound sockets cannot find a better match.
The effect of the silently changed wildcard address in my case is that the
changed address prevents the required binding of the second/sending socket.
This is inconsistent with the behavior outside a jail. Is this actually
intended? If so, what can be done to bind both sockets to their required
ports?
I also tried to set ip4.saddrsel = 1 in the jail config, but it appeared
that nothing changed. If the IP address configuration is omitted for the
jail, the service does not encounter the error of an address that is
already in use.
If there is a solution to have the daemon run in a jail, I would be happy
to discuss this. If jails are not suitable for this use case, let me know
as well. 😉
Did you try using vnet style jails? These have their own, separate, loopback
interface and a separate network interface, typically using epair(4) so you
should avoid the silent rewriting of wildcard addresses that is causing you
such difficulty.
See: https://wiki.freebsd.org/Jails/VNET
/usr/src/share/examples/jails/jib
Cheers,
Matthew
--
Bjoern A. Zeeb r15:7
