Date: Thu, 22 Apr 2004 13:30:02 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: "Christian S.J. Peron" <maneo@bsdpro.com> Cc: freebsd-security@freebsd.org Subject: Re: [patch] Raw sockets in jails Message-ID: <20040422113002.GW24376@darkness.comp.waw.pl> In-Reply-To: <20040420200027.A51891@staff.seccuris.com> References: <20040420015638.A84821@staff.seccuris.com> <14522.1082452837@critter.freebsd.dk> <20040420200027.A51891@staff.seccuris.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--5mjPmdht4ZehXHR2 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 20, 2004 at 08:00:27PM +0000, Christian S.J. Peron wrote: +> Poul/group +>=20 +> The following patch makes raw sockets comply with prison IP addresses. +> Some tools such as traceroute(8) may require that the prison IP address +> be specified on the command line. I.E. +>=20 +> traceroute -s <prison ip> <dest address> +>=20 +> Otherwise it might fail. +>=20 +> (because of this we may want to get rid of the +> create_raw_sockets MIB all together). +>=20 +> Anyway, take a gander at it (testers feedback welcome): Looks very neat! I've merge your patch to my jail work (pjd_jail perforce branch) and changed it to be usable with my multiple ips stuff. I haven't reviewed nor tested it yet. --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --5mjPmdht4ZehXHR2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAh6y6ForvXbEpPzQRArWBAKDKijJxa0MWetxMmwtuKgYgFYv6WQCgpL/W on2HykuapcHLa7EGsAhkxNM= =QbHT -----END PGP SIGNATURE----- --5mjPmdht4ZehXHR2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040422113002.GW24376>