From owner-freebsd-questions@FreeBSD.ORG Tue Jan 12 20:12:40 2010 Return-Path: Delivered-To: freebsd-questions@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 831B11065670 for ; Tue, 12 Jan 2010 20:12:40 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from gritton.org (gritton.org [161.58.222.4]) by mx1.freebsd.org (Postfix) with ESMTP id 436A08FC16 for ; Tue, 12 Jan 2010 20:12:40 +0000 (UTC) Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by gritton.org (8.13.6.20060614/8.13.6) with ESMTP id o0CJt4pK013581; Tue, 12 Jan 2010 12:55:05 -0700 (MST) Message-ID: <4B4CD371.3080601@FreeBSD.org> Date: Tue, 12 Jan 2010 12:54:25 -0700 From: Jamie Gritton User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.1.5) Gecko/20100103 Thunderbird/3.0 MIME-Version: 1.0 To: Tim Judd References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions Subject: Re: Jails - Ethernet data vs IP data X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jan 2010 20:12:40 -0000 On 01/09/10 21:21, Tim Judd wrote: > I bought a new SiliconDust HDHomeRun device which brings two Digital > coaxial tuners to an ethernet network. From what I read and > understand about the HDHomeRun ("HDHR"), is that it does have an IP > address assigned to the system, but all packets of video are actually > just raw Ethernet packets/data that has it's own payload and protocol. > > The port MythTV (to which I'm starting to love) maintainer has marked > the two pieces of MythTV as conflicting ports (I'll address to the > maintainer directly), so I build the frontend (the user interface if > you will) on the host, because it needs lots of X11/xorg. The backend > runs as a daemon talking with MySQL to manage everything. Since they > conflict, the backend goes onto a jail. > > I have to port-compile the backend every time, the packages have > missing dependencies. It takes quite a while. I know the HDHR is > online, I can watch the video without MythTV interaction, but the > jailed backend isn't seeing it. So I was hoping to see if I can query > the group and see if "raw ethernet data" can be delivered to a jail, > or if I'm just fishing in the empty fish bowl trying to get this to > work in a jail. > > Thanks for input in regards to limits the jail system might > have. This is on a golden 8.0-RELEASE i386, haven't updated it yet. Take a look at the security.jail.allow_raw_sockets sysctl, or the allow.raw_sockets jail parameter (probably the former since the jail parameters don't have good rc support yet). By default, jails aren't allowed to create the raw sockets necessary for direct ethernet communication. Setting security.jail.allow_raw_sockets=1 should allow that. You might also need to clear security.jail.socket_unixiproute_only (or set allow.socket_af) - not sure about that. - Jamie