From owner-freebsd-hackers@FreeBSD.ORG Mon May 14 14:14:18 2007 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EA75B16A404; Mon, 14 May 2007 14:14:18 +0000 (UTC) (envelope-from ed@hoeg.nl) Received: from palm.hoeg.nl (mx0.hoeg.nl [83.98.131.211]) by mx1.freebsd.org (Postfix) with ESMTP id B1C0613C458; Mon, 14 May 2007 14:14:18 +0000 (UTC) (envelope-from ed@hoeg.nl) Received: by palm.hoeg.nl (Postfix, from userid 1000) id D50061CCC5; Mon, 14 May 2007 16:14:16 +0200 (CEST) Date: Mon, 14 May 2007 16:14:16 +0200 From: Ed Schouten To: Andre Oppermann Message-ID: <20070514141416.GR23313@hoeg.nl> References: <45F1C355.8030504@digitaldaemon.com> <20070511075857.GL23313@hoeg.nl> <4644773E.60909@freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="gV1yUYniiDLxW66s" Content-Disposition: inline In-Reply-To: <4644773E.60909@freebsd.org> User-Agent: Mutt/1.5.15 (2007-04-06) Cc: FreeBSD Hackers Subject: Re: Multiple IP Jail's patch for FreeBSD 6.2 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 May 2007 14:14:19 -0000 --gV1yUYniiDLxW66s Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello Andre, * Andre Oppermann wrote: > I'm working on a "light" variant of multi-IPv[46] per jail. It doesn't > create an entirely new network instance per jail and probably is more > suitable for low- to mid-end (virtual) hosting. In those cases you > normally want the host administrator to excercise full control over > IP address and firewall configuration of the individual jails. For > high-end stuff where you offer jail based virtual machines or network > and routing simulations Marco's work is more appropriate. Is there a way for us to colaborate on this? I'd really love to work on this sort of stuff and I think it's really interesting to dig in that sort of code. I already wrote an initial patch which changes the system call and sysctl format of the jail structures which allow you to specify lists of addresses for IPv4 and IPv6. In theory, the only thing that needs to be done in the kernel, is adding bits to the netinet6 code to prevent usage of unauthorized IPv6 addresses (nothing is altered yet). Userspace utilities like jls(8) and jexec(8) need to be polished as well. http://g-rave.nl/junk/freebsd-jail-multi-inet46.diff Feedback (and help) is very welcome! :-) Yours, --=20 Ed Schouten WWW: http://g-rave.nl/ --gV1yUYniiDLxW66s Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGSG6452SDGA2eCwURAsUlAJ99UP/L120QT4f6te0PZ7gjIpobugCeKvTJ nUJ8Vo724fNE3/ZKg2bycSw= =OY/x -----END PGP SIGNATURE----- --gV1yUYniiDLxW66s--