Date: Thu, 22 Apr 2004 13:30:02 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: "Christian S.J. Peron" <maneo@bsdpro.com> Cc: freebsd-security@freebsd.org Subject: Re: [patch] Raw sockets in jails Message-ID: <20040422113002.GW24376@darkness.comp.waw.pl> In-Reply-To: <20040420200027.A51891@staff.seccuris.com> References: <20040420015638.A84821@staff.seccuris.com> <14522.1082452837@critter.freebsd.dk> <20040420200027.A51891@staff.seccuris.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Tue, Apr 20, 2004 at 08:00:27PM +0000, Christian S.J. Peron wrote: +> Poul/group +> +> The following patch makes raw sockets comply with prison IP addresses. +> Some tools such as traceroute(8) may require that the prison IP address +> be specified on the command line. I.E. +> +> traceroute -s <prison ip> <dest address> +> +> Otherwise it might fail. +> +> (because of this we may want to get rid of the +> create_raw_sockets MIB all together). +> +> Anyway, take a gander at it (testers feedback welcome): Looks very neat! I've merge your patch to my jail work (pjd_jail perforce branch) and changed it to be usable with my multiple ips stuff. I haven't reviewed nor tested it yet. -- Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAh6y6ForvXbEpPzQRArWBAKDKijJxa0MWetxMmwtuKgYgFYv6WQCgpL/W on2HykuapcHLa7EGsAhkxNM= =QbHT -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040422113002.GW24376>