From nobody@FreeBSD.org  Thu Jul  5 08:13:09 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 77DC716A468
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  5 Jul 2007 08:13:09 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.freebsd.org (Postfix) with ESMTP id 50B9213C4CA
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  5 Jul 2007 08:13:09 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l658D9M8038943
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 5 Jul 2007 08:13:09 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id l658D9c2038942;
	Thu, 5 Jul 2007 08:13:09 GMT
	(envelope-from nobody)
Message-Id: <200707050813.l658D9c2038942@www.freebsd.org>
Date: Thu, 5 Jul 2007 08:13:09 GMT
From: Floris Bos <info@je-eigen-domein.nl>
To: freebsd-gnats-submit@FreeBSD.org
Subject: SIOCGIFADDR ioctl behaves incorrectly inside jail
X-Send-Pr-Version: www-3.0

>Number:         114325
>Category:       kern
>Synopsis:       [jail] SIOCGIFADDR ioctl behaves incorrectly inside jail
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bz
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 05 08:20:03 GMT 2007
>Closed-Date:    Wed Jan 06 20:15:54 UTC 2010
>Last-Modified:  Tue Sep 28 19:20:05 UTC 2010
>Originator:     Floris Bos
>Release:        FreeBSD 6.2-STABLE-200702
>Organization:
>Environment:
FreeBSD cheetah.to-the-max.net 6.2-STABLE-200702 FreeBSD 6.2-STABLE-200702 #0: Sat Mar 10 01:09:58 CET 2007     max@cheetah.to-the-max.net:/usr/obj/usr/src/sys/MAX  amd64

>Description:
Inside a jail: When using the SIOCGIFADDR ioctl to retrieve the IP-address of a network device it returns the main IP-address of the parent host instead of the jail's IP-address.


Inside a jail with IP-address 83.149.75.179:

# ifconfig
nve0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 83.149.75.179 netmask 0xffffffff broadcast 83.149.75.179
        ether 00:e0:81:5f:b5:ad
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
bge0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
        options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
        ether 00:e0:81:5f:b5:ac
        media: Ethernet autoselect (none)
        status: no carrier
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
# ./ipaddr
According to SIOCGIFADDR Device nve0 has IP-address: 83.149.75.182
>How-To-Repeat:
- Use a server with multiple IP-addresses.
- Create a jail using one of the IP-addresses other than the main address.
- Compile and execute the following program inside the jail (change the ETHERNET_DEVICE to the name of the network device):

ipaddr.c:
==

#include <string.h>
#include <stdio.h>
#include <sys/ioctl.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <net/if.h>	

// The ethernet device to retrieve the IP of
#define ETHERNET_DEVICE  "nve0"

int main(int argc, char **argv)
{
	int sock;
	struct ifreq ifr;
	struct sockaddr_in *ifaddr;
	
	sock = socket(AF_INET, SOCK_DGRAM, 0);
	memset(&ifr, 0, sizeof(struct ifreq));
	strncpy(ifr.ifr_name, ETHERNET_DEVICE, IF_NAMESIZE);
	if (ioctl(sock, SIOCGIFADDR, &ifr) == -1)
	{
		perror("Error retrieving IP address");
	}
	else
	{
	  ifaddr = (struct sockaddr_in *)&ifr.ifr_addr;
	  printf("According to SIOCGIFADDR Device %s has IP-address: %s\n", ETHERNET_DEVICE, inet_ntoa(ifaddr->sin_addr));
	}
	 
	return 0;
}

==

Expected behavior: it should return the IP-address of the jail.
Actual behavior: it returns the main IP-address of the parent environment.

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-jail 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Fri Jan 25 22:04:26 UTC 2008 
Responsible-Changed-Why:  
Reassign to appropriate mailing list. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=114325 
Responsible-Changed-From-To: freebsd-jail->bz 
Responsible-Changed-By: bz 
Responsible-Changed-When: Fri Jan 25 22:20:04 UTC 2008 
Responsible-Changed-Why:  
Take. I am working on that (jail and priv) atm. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=114325 
State-Changed-From-To: open->analyzed 
State-Changed-By: bz 
State-Changed-When: Thu Oct 23 15:20:29 UTC 2008 
State-Changed-Why:  
Problem reproduced, understood and identified. 
Will mail a patch in a few days. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=114325 

From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
To: bug-followup@FreeBSD.org, info@je-eigen-domein.nl
Cc:  
Subject: Re: kern/114325: [jail] SIOCGIFADDR ioctl behaves incorrectly inside
 jail
Date: Fri, 9 Jan 2009 11:16:17 +0000 (UTC)

   This message is in MIME format.  The first part should be readable text,
   while the remaining parts are likely unreadable without MIME-aware tools.
 
 --0-906395119-1231499777=:45399
 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
 
 Hi,
 
 I have attached a patch, I'll soon commit to HEAD and updated test
 programs for both v4 and v6.
 
 /bz
 
 -- 
 Bjoern A. Zeeb                      The greatest risk is not taking one.
 --0-906395119-1231499777=:45399
 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=20090108-04-jail-ioctl-in.diff
 Content-Transfer-Encoding: BASE64
 Content-ID: <20090109111617.H45399@maildrop.int.zabbadoz.net>
 Content-Description: 20090108-04-jail-ioctl-in.diff
 Content-Disposition: attachment; filename=20090108-04-jail-ioctl-in.diff
 
 ISANCiEgU2VlIFBSIGh0dHA6Ly93d3cuZnJlZWJzZC5vcmcvY2dpL3F1ZXJ5
 LXByLmNnaT9wcj1rZXJuLzExNDMyNQ0KISANCiEgQW5kIGZpbmQgYSB0ZXN0
 IHByb2dyYW0gZm9yIHY0IGJhc2VkIG9uIHRoZSBvbmVzIGZyb20gdGhlIFBS
 IGF0DQohIGh0dHA6Ly9wZW9wbGUuZnJlZWJzZC5vcmcvfmJ6L3ByMTE0MzI1
 LmMNCiEgDQohIEluIGFkZGl0aW9uIGFsc28gaGFuZGxlIElQdjYgdGhvdWdo
 IHRoZSBsb2dpYyB0aGVyZSBpcyBub3QgYXMNCiEgYWdncmVzc2l2ZSB0byBm
 aW5kIGEgdmFsaWQgSVAgZm9yIGEgamFpbC4gVGVzdCBwcm9ncmFtIGNhbg0K
 ISBiZSBmb3VuZCBoZXJlOg0KISBodHRwOi8vcGVvcGxlLmZyZWVic2Qub3Jn
 L35iei9wcjExNDMyNS12Ni5jDQohIA0KSW5kZXg6IHN5cy9uZXRpbmV0L2lu
 LmMNCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
 PT09PT09PT09PT09PT09PT09PT09PT09PT0NClJDUyBmaWxlOiAvc2hhcmVk
 L21pcnJvci9GcmVlQlNEL3IvbmN2cy9zcmMvc3lzL25ldGluZXQvaW4uYyx2
 DQpyZXRyaWV2aW5nIHJldmlzaW9uIDEuMTE1DQpkaWZmIC11IC1wIC1yMS4x
 MTUgaW4uYw0KLS0tIHN5cy9uZXRpbmV0L2luLmMJMyBKYW4gMjAwOSAwMDoy
 NzoyOCAtMDAwMAkxLjExNQ0KKysrIHN5cy9uZXRpbmV0L2luLmMJOCBKYW4g
 MjAwOSAyMTozNjowOCAtMDAwMA0KQEAgLTQxLDcgKzQxLDkgQEAgX19GQlNE
 SUQoIiRGcmVlQlNEOiBzcmMvc3lzL25ldGluZXQvaW4uYw0KICNpbmNsdWRl
 IDxzeXMvbWFsbG9jLmg+DQogI2luY2x1ZGUgPHN5cy9wcml2Lmg+DQogI2lu
 Y2x1ZGUgPHN5cy9zb2NrZXQuaD4NCisjaW5jbHVkZSA8c3lzL2phaWwuaD4N
 CiAjaW5jbHVkZSA8c3lzL2tlcm5lbC5oPg0KKyNpbmNsdWRlIDxzeXMvcHJv
 Yy5oPg0KICNpbmNsdWRlIDxzeXMvc3lzY3RsLmg+DQogI2luY2x1ZGUgPHN5
 cy92aW1hZ2UuaD4NCiANCkBAIC0yNjEsMTMgKzI2MywxOSBAQCBpbl9jb250
 cm9sKHN0cnVjdCBzb2NrZXQgKnNvLCB1X2xvbmcgY21kDQogCQlMSVNUX0ZP
 UkVBQ0goaWFwLCBJTkFERFJfSEFTSChkc3Quc19hZGRyKSwgaWFfaGFzaCkN
 CiAJCQlpZiAoaWFwLT5pYV9pZnAgPT0gaWZwICYmDQogCQkJICAgIGlhcC0+
 aWFfYWRkci5zaW5fYWRkci5zX2FkZHIgPT0gZHN0LnNfYWRkcikgew0KLQkJ
 CQlpYSA9IGlhcDsNCisJCQkJaWYgKHRkID09IE5VTEwgfHwgcHJpc29uX2No
 ZWNrX2lwNCgNCisJCQkJICAgIHRkLT50ZF91Y3JlZCwgJmRzdCkpDQorCQkJ
 CQlpYSA9IGlhcDsNCiAJCQkJYnJlYWs7DQogCQkJfQ0KIAkJaWYgKGlhID09
 IE5VTEwpDQogCQkJVEFJTFFfRk9SRUFDSChpZmEsICZpZnAtPmlmX2FkZHJo
 ZWFkLCBpZmFfbGluaykgew0KIAkJCQlpYXAgPSBpZmF0b2lhKGlmYSk7DQog
 CQkJCWlmIChpYXAtPmlhX2FkZHIuc2luX2ZhbWlseSA9PSBBRl9JTkVUKSB7
 DQorCQkJCQlpZiAodGQgIT0gTlVMTCAmJg0KKwkJCQkJICAgICFwcmlzb25f
 Y2hlY2tfaXA0KHRkLT50ZF91Y3JlZCwNCisJCQkJCSAgICAmaWFwLT5pYV9h
 ZGRyLnNpbl9hZGRyKSkNCisJCQkJCQljb250aW51ZTsNCiAJCQkJCWlhID0g
 aWFwOw0KIAkJCQkJYnJlYWs7DQogCQkJCX0NCkluZGV4OiBzeXMvbmV0aW5l
 dDYvaW42LmMNCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NClJDUyBmaWxlOiAv
 c2hhcmVkL21pcnJvci9GcmVlQlNEL3IvbmN2cy9zcmMvc3lzL25ldGluZXQ2
 L2luNi5jLHYNCnJldHJpZXZpbmcgcmV2aXNpb24gMS45NA0KZGlmZiAtdSAt
 cCAtcjEuOTQgaW42LmMNCi0tLSBzeXMvbmV0aW5ldDYvaW42LmMJMyBKYW4g
 MjAwOSAwMDoyNzoyOCAtMDAwMAkxLjk0DQorKysgc3lzL25ldGluZXQ2L2lu
 Ni5jCTkgSmFuIDIwMDkgMDA6NTA6NTkgLTAwMDANCkBAIC02OCw2ICs2OCw3
 IEBAIF9fRkJTRElEKCIkRnJlZUJTRDogc3JjL3N5cy9uZXRpbmV0Ni9pbjYN
 CiANCiAjaW5jbHVkZSA8c3lzL3BhcmFtLmg+DQogI2luY2x1ZGUgPHN5cy9l
 cnJuby5oPg0KKyNpbmNsdWRlIDxzeXMvamFpbC5oPg0KICNpbmNsdWRlIDxz
 eXMvbWFsbG9jLmg+DQogI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiAjaW5j
 bHVkZSA8c3lzL3NvY2tldHZhci5oPg0KQEAgLTMyOSw2ICszMzAsOSBAQCBp
 bjZfY29udHJvbChzdHJ1Y3Qgc29ja2V0ICpzbywgdV9sb25nIGNtDQogCQkJ
 ZXJyb3IgPSBpbjZfc2V0c2NvcGUoJnNhNi0+c2luNl9hZGRyLCBpZnAsIE5V
 TEwpOw0KIAkJaWYgKGVycm9yICE9IDApDQogCQkJcmV0dXJuIChlcnJvcik7
 DQorCQlpZiAodGQgIT0gTlVMTCAmJiAhcHJpc29uX2NoZWNrX2lwNih0ZC0+
 dGRfdWNyZWQsDQorCQkgICAgJnNhNi0+c2luNl9hZGRyKSkNCisJCQlyZXR1
 cm4gKEVBRERSTk9UQVZBSUwpOw0KIAkJaWEgPSBpbjZpZmFfaWZwd2l0aGFk
 ZHIoaWZwLCAmc2E2LT5zaW42X2FkZHIpOw0KIAl9IGVsc2UNCiAJCWlhID0g
 TlVMTDsNCg==
 
 --0-906395119-1231499777=:45399
 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=pr114325.c
 Content-Transfer-Encoding: BASE64
 Content-ID: <20090109111617.T45399@maildrop.int.zabbadoz.net>
 Content-Description: pr114325.c
 Content-Disposition: attachment; filename=pr114325.c
 
 LyoNCiAqIGh0dHA6Ly93d3cuZnJlZWJzZC5vcmcvY2dpL3F1ZXJ5LXByLmNn
 aT9wcj1rZXJuLzExNDMyNQ0KICoNCiAqIEludGlhbCByZXZpc2lvbiBzdWJt
 aXR0ZWQgYnkgRmxvcmlzIEJvcyA8aW5mb0BqZS1laWdlbi1kb21laW4ubmw+
 Lg0KICogR2VuZXJhbGl6ZWQgYW5kIGVuaGFuY2VkIGZvciBkZWJ1Z2dpbmcg
 YnkgQmpvZXJuIEEuIFplZWIgPGJ6QD4uDQogKg0KICogS0RCOiBzdGFjayBi
 YWNrdHJhY2U6DQogKiBkYl90cmFjZV9zZWxmX3dyYXBwZXIoYzA4NDhlMzgs
 ZTg4NGRiYTgsYzA2NTYzYTUsYzA4NTY2NzMsYzA4MWQ0YmQsLi4uKSBhdCBk
 Yl90cmFjZV9zZWxmX3dyYXBwZXIrMHgyNg0KICoga2RiX2JhY2t0cmFjZShj
 MDg1NjY3MyxjMDgxZDRiZCwxMGEsYzg0MjZmMGEsYzg0MjZmMGEsLi4uKSBh
 dCBrZGJfYmFja3RyYWNlKzB4MjkNCiAqIGluX2NvbnRyb2woYzY2OTdkYzgs
 YzAyMDY5MjEsYzY2YWVhZTAsYzVlYzk0MDAsYzY2MzA0ODAsLi4uKSBhdCBp
 bl9jb250cm9sKzB4NTA1DQogKiBpZmlvY3RsKGM2Njk3ZGM4LGMwMjA2OTIx
 LGM2NmFlYWUwLGM2NjMwNDgwLGMwMjA2OTIxLC4uLikgYXQgaWZpb2N0bCsw
 eDMyMg0KICogc29vX2lvY3RsKGM2NmFjYWI4LGMwMjA2OTIxLGM2NmFlYWUw
 LGM2NjJkODAwLGM2NjMwNDgwLC4uLikgYXQgc29vX2lvY3RsKzB4Mzk3DQog
 KiBrZXJuX2lvY3RsKGM2NjMwNDgwLDMsYzAyMDY5MjEsYzY2YWVhZTAsMTg3
 NjI1ZCwuLi4pIGF0IGtlcm5faW9jdGwrMHgxZGQNCiAqIGlvY3RsKGM2NjMw
 NDgwLGU4ODRkY2Y4LGMsYyxjMDg4Zjc5MCwuLi4pIGF0IGlvY3RsKzB4MTM0
 DQogKiBzeXNjYWxsKGU4ODRkZDM4KSBhdCBzeXNjYWxsKzB4MmEzDQogKiBY
 aW50MHg4MF9zeXNjYWxsKCkgYXQgWGludDB4ODBfc3lzY2FsbCsweDIwDQog
 KiAtLS0gc3lzY2FsbCAoNTQsIEZyZWVCU0QgRUxGMzIsIGlvY3RsKSwgZWlw
 ID0gMHgyODE2ZTQyMywgZXNwID0gMHhiZmJmZWEwYywgZWJwID0gMHhiZmJm
 ZWE2OCAtLS0NCiAqLw0KI2luY2x1ZGUgPGVyci5oPg0KI2luY2x1ZGUgPHN0
 ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL2lv
 Y3RsLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZSA8c3lz
 L3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRl
 IDxhcnBhL2luZXQuaD4NCiNpbmNsdWRlIDxuZXQvaWYuaD4NCg0KaW50IG1h
 aW4oaW50IGFyZ2MsIGNoYXIgKiphcmd2KQ0Kew0KCWludCBzb2NrOw0KCXN0
 cnVjdCBpZnJlcSBpZnI7DQoJc3RydWN0IHNvY2thZGRyX2luIHNpbiwgKmlm
 YWRkcjsNCglzdHJ1Y3QgaW5fYWRkciBpbjsNCg0KCWlmIChhcmdjICE9IDIg
 JiYgYXJnYyAhPSAzKQ0KCQllcnJ4KDEsICJVc2FnZTogJXMgaWZOYW1lIFtJ
 UF0iLCBhcmd2WzBdKTsNCg0KCXNvY2sgPSBzb2NrZXQoQUZfSU5FVCwgU09D
 S19ER1JBTSwgMCk7DQoJbWVtc2V0KCZpZnIsIDAsIHNpemVvZihzdHJ1Y3Qg
 aWZyZXEpKTsNCglzdHJuY3B5KGlmci5pZnJfbmFtZSwgYXJndlsxXSwgSUZf
 TkFNRVNJWkUpOw0KCWlmIChhcmdjID09IDMpIHsNCgkJaWYgKGluZXRfcHRv
 bihBRl9JTkVULCBhcmd2WzJdLCAmaW4pID09IDEpIHsNCgkJCW1lbXNldCgm
 c2luLCAwLCBzaXplb2Yoc3RydWN0IHNvY2thZGRyX2luKSk7DQoJCQlzaW4u
 c2luX2xlbiA9IHNpemVvZihzdHJ1Y3Qgc29ja2FkZHJfaW4pOw0KCQkJc2lu
 LnNpbl9mYW1pbHkgPSBBRl9JTkVUOw0KCQkJc2luLnNpbl9hZGRyLnNfYWRk
 ciA9IGluLnNfYWRkcjsNCgkJCWlmci5pZnJfYWRkciA9ICooc3RydWN0IHNv
 Y2thZGRyICopJnNpbjsNCgkJfSBlbHNlDQoJCQl3YXJuKCJpbmV0X3B0b24i
 KTsNCgl9DQoJaWYgKGlvY3RsKHNvY2ssIFNJT0NHSUZBRERSLCAmaWZyKSA9
 PSAtMSkNCgkJZXJyKDEsICJpb2N0bCBTSU9DR0lGQUREUiBmYWlsZWQiKTsN
 CgllbHNlIHsNCgkJaWZhZGRyID0gKHN0cnVjdCBzb2NrYWRkcl9pbiAqKSZp
 ZnIuaWZyX2FkZHI7DQoJCXByaW50ZigiU0lPQ0dJRkFERFIgcmV0dXJuZWQg
 SVAgYWRkcmVzcyAlcyBmb3IgZGV2aWNlICVzXG4iLA0KCQkgICAgaW5ldF9u
 dG9hKGlmYWRkci0+c2luX2FkZHIpLCBhcmd2WzFdKTsNCgl9DQoNCglyZXR1
 cm4gMDsNCn0NCg==
 
 --0-906395119-1231499777=:45399
 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=pr114325-v6.c
 Content-Transfer-Encoding: BASE64
 Content-ID: <20090109111617.R45399@maildrop.int.zabbadoz.net>
 Content-Description: pr114325-v6.c
 Content-Disposition: attachment; filename=pr114325-v6.c
 
 LyoNCiAqIGh0dHA6Ly93d3cuZnJlZWJzZC5vcmcvY2dpL3F1ZXJ5LXByLmNn
 aT9wcj1rZXJuLzExNDMyNQ0KICoNCiAqIEJhc2VkIG9uIHRoZSB2NCB2ZXJz
 aW9uIGZyb206DQogKiBJbnRpYWwgcmV2aXNpb24gc3VibWl0dGVkIGJ5IEZs
 b3JpcyBCb3MgPGluZm9AamUtZWlnZW4tZG9tZWluLm5sPi4NCiAqIEdlbmVy
 YWxpemVkIGZvciBkZWJ1Z2dpbmcgYnkgQmpvZXJuIEEuIFplZWINCiAqLw0K
 I2luY2x1ZGUgPGVyci5oPg0KI2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVk
 ZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL2lvY3RsLmg+DQojaW5jbHVk
 ZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2lu
 Y2x1ZGUgPHN5cy9xdWV1ZS5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4N
 CiNpbmNsdWRlIDxhcnBhL2luZXQuaD4NCiNpbmNsdWRlIDxuZXQvaWYuaD4N
 CiNpbmNsdWRlIDxuZXQvaWZfdmFyLmg+DQojaW5jbHVkZSA8bmV0aW5ldDYv
 aW42X3Zhci5oPg0KDQppbnQgbWFpbihpbnQgYXJnYywgY2hhciAqKmFyZ3Yp
 DQp7DQoJaW50IHNvY2s7DQoJc3RydWN0IGluNl9pZnJlcSBpZnI7DQoJc3Ry
 dWN0IHNvY2thZGRyX2luNiBzaW42LCAqaWZhZGRyOw0KCWNoYXIgYltJTkVU
 Nl9BRERSU1RSTEVOXTsNCg0KCWlmIChhcmdjICE9IDIgJiYgYXJnYyAhPSAz
 KQ0KCQllcnJ4KDEsICJVc2FnZTogJXMgaWZOYW1lIFthZGRyZXNzXVxuIg0K
 CQkgICAgIlx0KGFkZHJlc3MgaXMgYWN0dWFsbHkgbWFuYWRhdG9yeSkiLCBh
 cmd2WzBdKTsNCg0KCXNvY2sgPSBzb2NrZXQoQUZfSU5FVDYsIFNPQ0tfREdS
 QU0sIDApOw0KCW1lbXNldCgmaWZyLCAwLCBzaXplb2Yoc3RydWN0IGlmcmVx
 KSk7DQoJc3RybmNweShpZnIuaWZyX25hbWUsIGFyZ3ZbMV0sIElGX05BTUVT
 SVpFKTsNCglpZiAoYXJnYyA9PSAzKSB7DQoJCW1lbXNldCgmc2luNiwgMCwg
 c2l6ZW9mKHN0cnVjdCBzb2NrYWRkcl9pbjYpKTsNCgkJc2luNi5zaW42X2xl
 biA9IHNpemVvZihzdHJ1Y3Qgc29ja2FkZHJfaW42KTsNCgkJc2luNi5zaW42
 X2ZhbWlseSA9IEFGX0lORVQ2Ow0KCQlpZiAoaW5ldF9wdG9uKEFGX0lORVQ2
 LCBhcmd2WzJdLCAmc2luNi5zaW42X2FkZHIpID09IDEpIHsNCgkJCWlmci5p
 ZnJfaWZydS5pZnJ1X2FkZHIgPSBzaW42Ow0KCQl9IGVsc2UNCgkJCXdhcm4o
 ImluZXRfcHRvbiIpOw0KCX0NCglpZiAoaW9jdGwoc29jaywgU0lPQ0dJRkFE
 RFJfSU42LCAmaWZyKSA9PSAtMSkNCgkJZXJyKDEsICJpb2N0bCBTSU9DR0lG
 QUREUl9JTjYgZmFpbGVkIik7DQoJZWxzZSB7DQoJCWlmYWRkciA9IChzdHJ1
 Y3Qgc29ja2FkZHJfaW42ICopJmlmci5pZnJfaWZydS5pZnJ1X2FkZHI7DQoJ
 CXByaW50ZigiU0lPQ0dJRkFERFJfSU42IHJldHVybmVkIGFkZHJlc3MgJXMg
 Zm9yIGRldmljZSAlc1xuIiwNCgkJICAgIGluZXRfbnRvcChBRl9JTkVUNiwg
 JmlmYWRkci0+c2luNl9hZGRyLCBiLCBzaXplb2YoYikgLTEpLA0KCQkgICAg
 YXJndlsxXSk7DQoJfQ0KDQoJcmV0dXJuIDA7DQp9DQo=
 
 --0-906395119-1231499777=:45399--
State-Changed-From-To: analyzed->patched 
State-Changed-By: bz 
State-Changed-When: Fri Jan 9 13:09:40 UTC 2009 
State-Changed-Why:  
Patch comitted to HEAD; will be MFCed with the multi-IP jails 
most likely. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=114325 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/114325: commit references a PR
Date: Fri,  9 Jan 2009 13:07:13 +0000 (UTC)

 Author: bz
 Date: Fri Jan  9 13:06:56 2009
 New Revision: 186948
 URL: http://svn.freebsd.org/changeset/base/186948
 
 Log:
   Make SIOCGIFADDR and related, as well as SIOCGIFADDR_IN6 and related
   jail-aware. Up to now we returned the first address of the interface
   for SIOCGIFADDR w/o an ifr_addr in the query. This caused problems for
   programs querying for an address but running inside a jail, as the
   address returned usually did not belong to the jail.
   Like for v6, if there was an ifr_addr given on v4, you could probe
   for more addresses on the interfaces that you were not allowed to see
   from inside a jail. Return an error (EADDRNOTAVAIL) in that case
   now unless the address is on the given interface and valid for the
   jail.
   
   PR:		kern/114325
   Reviewed by:	rwatson
   MFC after:	4 weeks
 
 Modified:
   head/sys/netinet/in.c
   head/sys/netinet6/in6.c
 
 Modified: head/sys/netinet/in.c
 ==============================================================================
 --- head/sys/netinet/in.c	Fri Jan  9 12:38:41 2009	(r186947)
 +++ head/sys/netinet/in.c	Fri Jan  9 13:06:56 2009	(r186948)
 @@ -41,7 +41,9 @@ __FBSDID("$FreeBSD$");
  #include <sys/malloc.h>
  #include <sys/priv.h>
  #include <sys/socket.h>
 +#include <sys/jail.h>
  #include <sys/kernel.h>
 +#include <sys/proc.h>
  #include <sys/sysctl.h>
  #include <sys/vimage.h>
  
 @@ -261,13 +263,19 @@ in_control(struct socket *so, u_long cmd
  		LIST_FOREACH(iap, INADDR_HASH(dst.s_addr), ia_hash)
  			if (iap->ia_ifp == ifp &&
  			    iap->ia_addr.sin_addr.s_addr == dst.s_addr) {
 -				ia = iap;
 +				if (td == NULL || prison_check_ip4(
 +				    td->td_ucred, &dst))
 +					ia = iap;
  				break;
  			}
  		if (ia == NULL)
  			TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
  				iap = ifatoia(ifa);
  				if (iap->ia_addr.sin_family == AF_INET) {
 +					if (td != NULL &&
 +					    !prison_check_ip4(td->td_ucred,
 +					    &iap->ia_addr.sin_addr))
 +						continue;
  					ia = iap;
  					break;
  				}
 
 Modified: head/sys/netinet6/in6.c
 ==============================================================================
 --- head/sys/netinet6/in6.c	Fri Jan  9 12:38:41 2009	(r186947)
 +++ head/sys/netinet6/in6.c	Fri Jan  9 13:06:56 2009	(r186948)
 @@ -68,6 +68,7 @@ __FBSDID("$FreeBSD$");
  
  #include <sys/param.h>
  #include <sys/errno.h>
 +#include <sys/jail.h>
  #include <sys/malloc.h>
  #include <sys/socket.h>
  #include <sys/socketvar.h>
 @@ -329,6 +330,9 @@ in6_control(struct socket *so, u_long cm
  			error = in6_setscope(&sa6->sin6_addr, ifp, NULL);
  		if (error != 0)
  			return (error);
 +		if (td != NULL && !prison_check_ip6(td->td_ucred,
 +		    &sa6->sin6_addr))
 +			return (EADDRNOTAVAIL);
  		ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
  	} else
  		ia = NULL;
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/114325: commit references a PR
Date: Sat,  7 Feb 2009 13:51:31 +0000 (UTC)

 Author: bz
 Date: Sat Feb  7 13:51:15 2009
 New Revision: 188285
 URL: http://svn.freebsd.org/changeset/base/188285
 
 Log:
   MFC: r186948
   
     Make SIOCGIFADDR and related, as well as SIOCGIFADDR_IN6 and related
     jail-aware. Up to now we returned the first address of the interface
     for SIOCGIFADDR w/o an ifr_addr in the query. This caused problems for
     programs querying for an address but running inside a jail, as the
     address returned usually did not belong to the jail.
     Like for v6, if there was an ifr_addr given on v4, you could probe
     for more addresses on the interfaces that you were not allowed to see
     from inside a jail. Return an error (EADDRNOTAVAIL) in that case
     now unless the address is on the given interface and valid for the
     jail.
   
     PR:		kern/114325
 
 Modified:
   stable/7/sys/   (props changed)
   stable/7/sys/contrib/pf/   (props changed)
   stable/7/sys/dev/ath/ath_hal/   (props changed)
   stable/7/sys/dev/cxgb/   (props changed)
   stable/7/sys/netinet/in.c
   stable/7/sys/netinet6/in6.c
 
 Modified: stable/7/sys/netinet/in.c
 ==============================================================================
 --- stable/7/sys/netinet/in.c	Sat Feb  7 13:46:51 2009	(r188284)
 +++ stable/7/sys/netinet/in.c	Sat Feb  7 13:51:15 2009	(r188285)
 @@ -41,7 +41,9 @@ __FBSDID("$FreeBSD$");
  #include <sys/malloc.h>
  #include <sys/priv.h>
  #include <sys/socket.h>
 +#include <sys/jail.h>
  #include <sys/kernel.h>
 +#include <sys/proc.h>
  #include <sys/sysctl.h>
  
  #include <net/if.h>
 @@ -252,13 +254,19 @@ in_control(struct socket *so, u_long cmd
  		LIST_FOREACH(iap, INADDR_HASH(dst.s_addr), ia_hash)
  			if (iap->ia_ifp == ifp &&
  			    iap->ia_addr.sin_addr.s_addr == dst.s_addr) {
 -				ia = iap;
 +				if (td == NULL || prison_check_ip4(
 +				    td->td_ucred, &dst))
 +					ia = iap;
  				break;
  			}
  		if (ia == NULL)
  			TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
  				iap = ifatoia(ifa);
  				if (iap->ia_addr.sin_family == AF_INET) {
 +					if (td != NULL &&
 +					    !prison_check_ip4(td->td_ucred,
 +					    &iap->ia_addr.sin_addr))
 +						continue;
  					ia = iap;
  					break;
  				}
 
 Modified: stable/7/sys/netinet6/in6.c
 ==============================================================================
 --- stable/7/sys/netinet6/in6.c	Sat Feb  7 13:46:51 2009	(r188284)
 +++ stable/7/sys/netinet6/in6.c	Sat Feb  7 13:51:15 2009	(r188285)
 @@ -68,6 +68,7 @@ __FBSDID("$FreeBSD$");
  
  #include <sys/param.h>
  #include <sys/errno.h>
 +#include <sys/jail.h>
  #include <sys/malloc.h>
  #include <sys/socket.h>
  #include <sys/socketvar.h>
 @@ -468,6 +469,9 @@ in6_control(struct socket *so, u_long cm
  			error = in6_setscope(&sa6->sin6_addr, ifp, NULL);
  		if (error != 0)
  			return (error);
 +		if (td != NULL && !prison_check_ip6(td->td_ucred,
 +		    &sa6->sin6_addr))
 +			return (EADDRNOTAVAIL);
  		ia = in6ifa_ifpwithaddr(ifp, &sa6->sin6_addr);
  	} else
  		ia = NULL;
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/114325: commit references a PR
Date: Wed,  6 Jan 2010 20:07:29 +0000 (UTC)

 Author: bz
 Date: Wed Jan  6 20:07:18 2010
 New Revision: 201663
 URL: http://svn.freebsd.org/changeset/base/201663
 
 Log:
   MFC r186948 (w/o the IPv6 parts):
   
     Make SIOCGIFADDR and related,
     jail-aware. Up to now we returned the first address of the interface
     for SIOCGIFADDR w/o an ifr_addr in the query. This caused problems for
     programs querying for an address but running inside a jail, as the
     address returned usually did not belong to the jail.
     If there was an ifr_addr given on v4, you could probe
     for more addresses on the interfaces that you were not allowed to see
     from inside a jail. Return an error (EADDRNOTAVAIL) in that case
     now unless the address is on the given interface and valid for the
     jail.
   
   PR:		kern/114325
   Thanks to:	Axel Scheepers (axel.scheepers nl.clara.net)
 
 Modified:
   stable/6/sys/netinet/in.c
 Directory Properties:
   stable/6/sys/   (props changed)
   stable/6/sys/contrib/pf/   (props changed)
   stable/6/sys/dev/cxgb/   (props changed)
 
 Modified: stable/6/sys/netinet/in.c
 ==============================================================================
 --- stable/6/sys/netinet/in.c	Wed Jan  6 20:04:36 2010	(r201662)
 +++ stable/6/sys/netinet/in.c	Wed Jan  6 20:07:18 2010	(r201663)
 @@ -38,7 +38,9 @@
  #include <sys/sockio.h>
  #include <sys/malloc.h>
  #include <sys/socket.h>
 +#include <sys/jail.h>
  #include <sys/kernel.h>
 +#include <sys/proc.h>
  #include <sys/sysctl.h>
  
  #include <net/if.h>
 @@ -254,13 +256,19 @@ in_control(so, cmd, data, ifp, td)
  		LIST_FOREACH(iap, INADDR_HASH(dst.s_addr), ia_hash)
  			if (iap->ia_ifp == ifp &&
  			    iap->ia_addr.sin_addr.s_addr == dst.s_addr) {
 -				ia = iap;
 +				if (td == NULL || !prison_ip(
 +				    td->td_ucred, 0, &dst.s_addr))
 +					ia = iap;
  				break;
  			}
  		if (ia == NULL)
  			TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
  				iap = ifatoia(ifa);
  				if (iap->ia_addr.sin_family == AF_INET) {
 +					if (td != NULL &&
 +					    prison_ip(td->td_ucred, 0,
 +					    &iap->ia_addr.sin_addr.s_addr))
 +						continue;
  					ia = iap;
  					break;
  				}
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: bz 
State-Changed-When: Wed Jan 6 20:14:26 UTC 2010 
State-Changed-Why:  
RELENG_6 was now patched as well. 
The patch used there (http://svn.freebsd.org/changeset/base/201663) 
should equally aply to 7.1 or 7.0 in case you'd need it there. 

Thanks a lot for reporting and the inital regression test! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=114325 

From: Andreas Longwitz <longwitz@incore.de>
To: bug-followup@freebsd.org, info@je-eigen-domein.nl
Cc:  
Subject: Re: kern/114325: [jail] SIOCGIFADDR ioctl behaves incorrectly inside
 jail
Date: Sun, 19 Sep 2010 15:37:41 +0200

 The committed patch to RELENG_6 has a serious side effekt: If a process
 in the jail invokes the cammand ifconfig, then the IP address of the
 loopback interface lo0 will be overwritten with the ip address of the
 jail. Thats not acceptabele, therefore the patch should be revoked or
 corrected.
 
 -- 
 Dr. Andreas Longwitz
 
 Data Service GmbH
 Beethovenstr. 2A
 23617 Stockelsdorf
 

From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
To: Andreas Longwitz <longwitz@incore.de>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/114325: [jail] SIOCGIFADDR ioctl behaves incorrectly inside
 jail
Date: Sun, 19 Sep 2010 16:54:59 +0000 (UTC)

 On Sun, 19 Sep 2010, Andreas Longwitz wrote:
 
 Hallo Herr Dr. Longwitz,
 
 > The committed patch to RELENG_6 has a serious side effekt: If a process
 > in the jail invokes the cammand ifconfig, then the IP address of the
 > loopback interface lo0 will be overwritten with the ip address of the
 > jail. Thats not acceptabele, therefore the patch should be revoked or
 > corrected.
 
 could you try the following patch and report back if it fixes the problem
 for you?   You can also fetch it from here:
 
 http://people.freebsd.org/~bz/20100919-01-stable6-jail-incontrol.diff
 
 !
 ! On stable/6 prison_ip() might change the passed address argument,
 ! while we are only interested in whether it is a valid address of
 ! the jail.  This can modify an address in the live interface address
 ! list with an address of the jail.  Make a copy of thre address for
 ! the call to prison_ip() to avoid this.
 !
 ! Reported by:	Andreas Longwitz (longwitz incore.de)
 ! Tested by: 
 ! PR:		kern/114325
 !
 Index: sys/netinet/in.c
 ===================================================================
 --- sys/netinet/in.c	(revision 212863)
 +++ sys/netinet/in.c	(working copy)
 @@ -252,12 +252,15 @@ in_control(so, cmd, data, ifp, td)
   	 * the first one on the interface, if possible.
   	 */
   	if (ifp) {
 +		struct in_addr tmp;
 +
   		dst = ((struct sockaddr_in *)&ifr->ifr_addr)->sin_addr;
   		LIST_FOREACH(iap, INADDR_HASH(dst.s_addr), ia_hash)
   			if (iap->ia_ifp == ifp &&
   			    iap->ia_addr.sin_addr.s_addr == dst.s_addr) {
 +				tmp.s_addr = dst.s_addr;
   				if (td == NULL || !prison_ip(
 -				    td->td_ucred, 0, &dst.s_addr))
 +				    td->td_ucred, 0, &tmp.s_addr))
   					ia = iap;
   				break;
   			}
 @@ -265,9 +268,11 @@ in_control(so, cmd, data, ifp, td)
   			TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
   				iap = ifatoia(ifa);
   				if (iap->ia_addr.sin_family == AF_INET) {
 +					tmp.s_addr =
 +					    iap->ia_addr.sin_addr.s_addr;
   					if (td != NULL &&
   					    prison_ip(td->td_ucred, 0,
 -					    &iap->ia_addr.sin_addr.s_addr))
 +					    &tmp.s_addr))
   						continue;
   					ia = iap;
   					break;
 
 
 /bz
 
 -- 
 Bjoern A. Zeeb                              Welcome a new stage of life.

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/114325: commit references a PR
Date: Tue, 28 Sep 2010 19:17:47 +0000 (UTC)

 Author: bz
 Date: Tue Sep 28 19:17:39 2010
 New Revision: 213249
 URL: http://svn.freebsd.org/changeset/base/213249
 
 Log:
   r201663 introduced a bug in stable/6 that prison_ip() might change the
   passed address argument, while we are only interested in whether it is a
   valid address of the jail.
   This can modify an address in the live interface address list with an
   address of the jail.  Make a copy of the address for the call to
   prison_ip() to avoid this.
   
   Reported by:	Andreas Longwitz (longwitz incore.de)
   Tested by:	Andreas Longwitz (longwitz incore.de)
   PR:		kern/114325
 
 Modified:
   stable/6/sys/netinet/in.c
 
 Modified: stable/6/sys/netinet/in.c
 ==============================================================================
 --- stable/6/sys/netinet/in.c	Tue Sep 28 15:33:30 2010	(r213248)
 +++ stable/6/sys/netinet/in.c	Tue Sep 28 19:17:39 2010	(r213249)
 @@ -252,12 +252,15 @@ in_control(so, cmd, data, ifp, td)
  	 * the first one on the interface, if possible.
  	 */
  	if (ifp) {
 +		struct in_addr tmp;
 +
  		dst = ((struct sockaddr_in *)&ifr->ifr_addr)->sin_addr;
  		LIST_FOREACH(iap, INADDR_HASH(dst.s_addr), ia_hash)
  			if (iap->ia_ifp == ifp &&
  			    iap->ia_addr.sin_addr.s_addr == dst.s_addr) {
 +				tmp.s_addr = dst.s_addr;
  				if (td == NULL || !prison_ip(
 -				    td->td_ucred, 0, &dst.s_addr))
 +				    td->td_ucred, 0, &tmp.s_addr))
  					ia = iap;
  				break;
  			}
 @@ -265,9 +268,11 @@ in_control(so, cmd, data, ifp, td)
  			TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
  				iap = ifatoia(ifa);
  				if (iap->ia_addr.sin_family == AF_INET) {
 +					tmp.s_addr =
 +					    iap->ia_addr.sin_addr.s_addr;
  					if (td != NULL &&
  					    prison_ip(td->td_ucred, 0,
 -					    &iap->ia_addr.sin_addr.s_addr))
 +					    &tmp.s_addr))
  						continue;
  					ia = iap;
  					break;
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
