From owner-freebsd-hackers  Tue Nov  9 16:39:31 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from enst.enst.fr (enst.enst.fr [137.194.2.16])
	by hub.freebsd.org (Postfix) with ESMTP
	id 48742151DA; Tue,  9 Nov 1999 16:39:20 -0800 (PST)
	(envelope-from beyssac@enst.fr)
Received: from bofh.enst.fr (bofh-2.enst.fr [137.194.2.37])
	by enst.enst.fr (8.9.1a/8.9.1) with ESMTP id BAA05128;
	Wed, 10 Nov 1999 01:39:18 +0100 (MET)
Received: by bofh.enst.fr (Postfix, from userid 12426)
	id C8CFCD246; Wed, 10 Nov 1999 01:39:13 +0100 (CET)
Message-ID: <19991110013913.A5181@enst.fr>
Date: Wed, 10 Nov 1999 01:39:13 +0100
From: Pierre Beyssac <beyssac@enst.fr>
To: Yoshinobu Inoue <shin@nd.net.fujitsu.co.jp>,
	freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: Should jail treat ip-number?
References: <19991109125445E.shin@nd.net.fujitsu.co.jp>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <19991109125445E.shin@nd.net.fujitsu.co.jp>; from Yoshinobu Inoue on Tue, Nov 09, 1999 at 12:54:45PM +0900
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, Nov 09, 1999 at 12:54:45PM +0900, Yoshinobu Inoue wrote:
> Currentlly jail set an ip-number and let prisoned processes
> only to bind it.

[ the current jail(2) interface and its future WRT IPv6 ]

> I think kernel change will not so much for any above addition
> or changes, but there will be some backword compatibility
> issue for API. (some member addition to the jail structure,
> and jail command extensions)

There's been a discussion a few weeks ago on freebsd-security on
this very matter. See attached mail below.

The conclusion was that jail(2) should be fixed to use a sockaddr
instead of a 32 bit int to specify the address.

That seems to be the first logical step, even before making jail(2)
IPv6-compliant.

Pierre

Date: Sun, 19 Sep 1999 11:58:39 -0400 (EDT)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <199909191558.LAA64750@khavrinen.lcs.mit.edu>
To: Matthew Dillon <dillon@apollo.backplane.com>
Cc: Poul-Henning Kamp <phk@critter.freebsd.dk>, security@FreeBSD.ORG
Subject: Re: BPF on in 3.3-RC GENERIC kernel 
In-Reply-To: <199909190551.WAA68627@apollo.backplane.com>
References: <12516.937680952@critter.freebsd.dk>
	<199909190551.WAA68627@apollo.backplane.com>

<<On Sat, 18 Sep 1999 22:51:14 -0700 (PDT), Matthew Dillon <dillon@apollo.backplane.com> said:

>     struct sockaddr is the standard for specifying an IP address.  Jail
>     isn't using it, not even for IPV4.  It's using an unsigned 32 bit int.
>     Hell, it isn't even using a struct in_addr!  The field is plain and
>     simply inappropriately specified in the structure.

For once, I agree with Matt.  As titular networking czar, I'm asking
you, Poul, to please fix the interface.

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message