Date: Wed, 17 Nov 1999 15:31:26 +0900 From: Yoshinobu Inoue <shin@nd.net.fujitsu.co.jp> To: phk@critter.freebsd.dk Cc: beyssac@enst.fr, freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Should jail treat ip-number? Message-ID: <19991117153126C.shin@nd.net.fujitsu.co.jp> In-Reply-To: <19991117151309T.shin@nd.net.fujitsu.co.jp> References: <19991117134132S.shin@nd.net.fujitsu.co.jp> <28858.942818296@critter.freebsd.dk> <19991117151309T.shin@nd.net.fujitsu.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Don't specify addresses via jail(2), and let kernel select > > > any non binded address. > > No, that doesn't work. People want to run servers so they want > > to know their IP for DNS. > Hmmm, I wish if I could just let jail(2) pass DNS name into > the kernel, but the implementation in the kernel won't be easy > nor clean.... Then I have a new proposal which might not be so clean but I think it is somewhat practical. -Only think about inet and inet6. Forget about other protocol family and sockaddr. (Just as current jail only think about inet.) -Just add an in6_addr structure(IPv6 address) member "ip6_number" into the jail structure. -Jail(2) specify "ip_number" and/or "ip6_number" into the kernel. -Kernel treat "ip6_number" as just a same kind of extension for IPv6 as "ip_number" for IPv4. -Jail(8) command can also accept DNS name, and then it resolve the name internally and, if A record is obtained, specify its address into "ip_number". if AAAA record is obtained, also specify its address into "ip6_number". Yoshinobu Inoue To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991117153126C.shin>