Date: Wed, 17 Nov 1999 08:59:03 +0100 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Yoshinobu Inoue <shin@nd.net.fujitsu.co.jp> Cc: beyssac@enst.fr, freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Should jail treat ip-number? Message-ID: <289.942825543@critter.freebsd.dk> In-Reply-To: Your message of "Wed, 17 Nov 1999 15:31:26 %2B0900." <19991117153126C.shin@nd.net.fujitsu.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <19991117153126C.shin@nd.net.fujitsu.co.jp>, Yoshinobu Inoue writes: >-Only think about inet and inet6. Forget about other protocol > family and sockaddr. > (Just as current jail only think about inet.) This has basically been the policy until now: Don't worry about a protocol until somebody needs it. >-Just add an in6_addr structure(IPv6 address) member > "ip6_number" into the jail structure. > >-Jail(2) specify "ip_number" and/or "ip6_number" into the kernel. Well, I guess we want it to be "and", right ? Will people want to bind both a IPv4 and IPv6 address (does it make sense to do so ?) or will people only need to bind one of them ? >-Kernel treat "ip6_number" as just a same kind of extension > for IPv6 as "ip_number" for IPv4. I'm not against them being sockaddr's. >-Jail(8) command can also accept DNS name, and then it resolve > the name internally and, > if A record is obtained, specify its address into "ip_number". > if AAAA record is obtained, also specify its address into "ip6_number". Sure, this is trivial to do. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?289.942825543>