From owner-freebsd-hackers@FreeBSD.ORG Thu Apr 22 04:52:35 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D75316A4CE; Thu, 22 Apr 2004 04:52:35 -0700 (PDT) Received: from sev.net.ua (sev.net.ua [212.86.233.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DF9243D1D; Thu, 22 Apr 2004 04:52:32 -0700 (PDT) (envelope-from shadow@psoft.net) Received: from berloga.shadowland ([213.227.237.65]) by sev.net.ua (8.12.10/8.12.9) with ESMTP id i3MBqTv0059690; Thu, 22 Apr 2004 14:52:29 +0300 (EEST) (envelope-from shadow@psoft.net) Received: from berloga.shadowland (berloga.shadowland [127.0.0.1]) by berloga.shadowland (8.12.10/8.12.10) with ESMTP id i3MBqTba003025; Thu, 22 Apr 2004 14:52:29 +0300 Received: (from root@localhost) by berloga.shadowland (8.12.10/8.12.10/Submit) id i3MBqSWN003023; Thu, 22 Apr 2004 14:52:28 +0300 From: Alex Lyashkov To: Pawel Jakub Dawidek In-Reply-To: <20040422113002.GW24376@darkness.comp.waw.pl> References: <20040420015638.A84821@staff.seccuris.com> <14522.1082452837@critter.freebsd.dk> <20040420200027.A51891@staff.seccuris.com> <20040422113002.GW24376@darkness.comp.waw.pl> Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable Organization: PSoft Message-Id: <1082634747.8239.39.camel@berloga.shadowland> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 (1.4.5-1) Date: Thu, 22 Apr 2004 14:52:28 +0300 cc: freebsd-hackers@FreeBSD.org Subject: Re: [patch] Raw sockets in jails X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Apr 2004 11:52:35 -0000 =F7 =FE=D4=D7, 22.04.2004, =D7 14:30, Pawel Jakub Dawidek =D0=C9=DB=C5=D4: > On Tue, Apr 20, 2004 at 08:00:27PM +0000, Christian S.J. Peron wrote: > +> Poul/group > +>=20 > +> The following patch makes raw sockets comply with prison IP addresses. > +> Some tools such as traceroute(8) may require that the prison IP addres= s > +> be specified on the command line. I.E. > +>=20 > +> traceroute -s > +>=20 > +> Otherwise it might fail. > +>=20 > +> (because of this we may want to get rid of the > +> create_raw_sockets MIB all together). > +>=20 > +> Anyway, take a gander at it (testers feedback welcome): >=20 > Looks very neat! I've merge your patch to my jail work (pjd_jail perforce > branch) and changed it to be usable with my multiple ips stuff. > I haven't reviewed nor tested it yet. You don`t plain do port vimage to -current ? --=20 Alex Lyashkov PSoft