[Vserver] multicast support

Fri, 14 Apr 2006 09:10:14 -0700 

Hi,

I wasn't able to use multicast for some application server load
balancer, and it didn't work inside a vserver, despite apparently having
every related capability like NET_ADMIN, NET_RAW, NET_BROADCAST,
NET_BIND_SERVICE..

I tried to make a simple multicast application work:

udpcast, http://udpcast.linux.lu/

It didn't work either.

First because it attempted to bind to the broadcast address of the
vserver interface, ie: 192.168.0.255, it failed with: -EADDRNOTAVAIL.

Then because it attempted to bind to a multicast address, which resulted
in the same error. (I saw it when I patched enough to pass the first error.)

I patched the /usr/src/linux/net/ipv4/af_inet.c from 2.6.14-vs2.01.

I think that without the patch in a vserver i'm only allowed to bind to:
0.0.0.0, the loopback address, vserver own addresses and "v4_bcast"
which seems to always be 255.255.255.255, whatever value is in
/etc/vserver/<vserver_name>/bcast.

With the patch I can also bind to 192.168.0.255 and multicast addresses.
 And perhaps even more addresses as i don't fully know what
inet_addr_type() returning RTN_BROADCAST implies.

Now udpcast works (receiving and sending data), even if I give no
capabilities at all to the vserver.
I'm wondering if I'm too permissive. Do we need some more checks ? Or
even a new ccapability ?

I'll try the load balancing software as soon as I find the time to
reinstall it.

At least this patch could help people who need multicast where security
isn't that much of a concern.

Regards, Luc.


--- linux-2.6.14.3-vs2.0.1/net/ipv4/af_inet.c.orig      2006-04-14 
15:33:09.000000000 +0200
+++ linux-2.6.14.3-vs2.0.1/net/ipv4/af_inet.c   2006-04-14 13:59:41.000000000 
+0200
@@ -427,6 +427,9 @@
                sk, sk->sk_nx_info, sk->sk_socket,
                (sk->sk_socket?sk->sk_socket->flags:0),
                VXD_QUAD(s_addr));
+
+       chk_addr_ret = inet_addr_type(s_addr);
+
        if (nxi) {
                __u32 v4_bcast = nxi->v4_bcast;
                __u32 ipv4root = nxi->ipv4[0];
@@ -441,13 +444,12 @@
                        /* rewrite localhost to ipv4root */
                        s_addr = ipv4root;
                        s_addr1 = ipv4root;
-               } else if (s_addr != v4_bcast) {
+               } else if ((chk_addr_ret != RTN_BROADCAST) && (chk_addr_ret != 
RTN_MULTICAST)) {
                        /* normal address bind */
                        if (!addr_in_nx_info(nxi, s_addr))
                                return -EADDRNOTAVAIL;
                }
        }
-       chk_addr_ret = inet_addr_type(s_addr);
 
        vxdprintk(VXD_CBIT(net, 3),
                "inet_bind(%p) %d.%d.%d.%d, %d.%d.%d.%d, %d.%d.%d.%d",

_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Reply via email to