From owner-freebsd-net@FreeBSD.ORG  Thu Jan  3 21:23:56 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 7B3092BD;
 Thu,  3 Jan 2013 21:23:56 +0000 (UTC)
 (envelope-from lx@redundancy.redundancy.org)
Received: from redundancy.redundancy.org (redundancy.redundancy.org
 [IPv6:2607:f2f8:a9c4::2])
 by mx1.freebsd.org (Postfix) with ESMTP id 654BB7AF;
 Thu,  3 Jan 2013 21:23:56 +0000 (UTC)
Received: by redundancy.redundancy.org (Postfix, from userid 1001)
 id 76BD42FC36E; Thu,  3 Jan 2013 13:23:55 -0800 (PST)
Date: Thu, 3 Jan 2013 13:23:55 -0800
From: David Thiel <lx@FreeBSD.org>
To: Jamie Gritton <jamie@FreeBSD.org>
Subject: Re: kern/68189 and kern/169751: what jails are allowed to see in a
 routing socket
Message-ID: <20130103212355.GA37196@redundancy.redundancy.org>
References: <50E4F7A9.4070900@FreeBSD.org>
 <alpine.BSF.2.00.1301030926030.4401@ai.fobar.qr>
 <50E5C468.7080700@FreeBSD.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <50E5C468.7080700@FreeBSD.org>
X-OpenPGP-Key-fingerprint: 482A 8C46 C844 7E7C 8CBC 2313 96EE BEE5 1F4B CA13
X-OpenPGP-Key-available: http://redundancy.redundancy.org/lx.gpg
X-Face: %H~{$1~NOw1y#%mM6{|4:/<p]y9X%E+4%:1wo-M!re,
 zl.qH~yzbL-MWhtp$3QuKP&di/a{FOctD[FuX.\n4U*,
 M{TJg$oYp663.NyX!%H~~Tw$eR9xZU5W?1BM#t"a@'27^2x
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: freebsd-net@FreeBSD.org, "Bjoern A. Zeeb" <bz@FreeBSD.org>,
 FreeBSD-Jail <freebsd-jail@FreeBSD.org>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jan 2013 21:23:56 -0000

On Thu, Jan 03, 2013 at 10:48:24AM -0700, Jamie Gritton wrote:
> On 01/03/13 02:36, Bjoern A. Zeeb wrote:
> > Meanwhile your suggestion might be ok given simple enough, but I wonder
> > if a different flag would be helpful still. I would not be able to
> > "trust" (the little that is possible anyway) raw_sockets anymore if they
> > suddently could fiddle with the routing table - even read-only, should
> > that really be enough.
> > I would explicitly advertise it as 'do not use - will go away again'
> > feature and it should the moment vnets are declared non-experimental.
> 
> Well I'd rather not introduce something as a stopgap. Either this is
> worth doing or it isn't. It does make sense to at least make sure it
> works with VNET.

Hello all,

Thanks for your consideration of the issue. 

I don't think it would necessarily have to be a stopgap - I think 
something like jail.socket_allow_readroute, default 0, wouldn't hurt 
anything and would definitely help some folks, as this issue has arisen 
for multiple people over the years.

While I agree that vnets will be a great future solution, I think that 
the very existence of unixiproute_only is kind of problematic, as it 
implies that jails should be able to use routing sockets by default 
(read-only, presumably). If we don't want to allow that, should it at 
least be slated to rename/redocument this sysctl at some point in the 
future? Or is it intended that VNET totally replace old jail 
infrastructure, obviating the need for that sysctl at all?

-David