From owner-freebsd-hackers@FreeBSD.ORG Sat Mar 12 16:40:19 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF16716A4CE for ; Sat, 12 Mar 2005 16:40:19 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id E643043D1D for ; Sat, 12 Mar 2005 16:40:18 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1DA9ez-0006q4-00; Sat, 12 Mar 2005 17:40:17 +0100 Received: from [217.227.158.161] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1DA9ey-0000gs-00; Sat, 12 Mar 2005 17:40:17 +0100 From: Max Laier To: freebsd-hackers@freebsd.org Date: Sat, 12 Mar 2005 17:40:06 +0100 User-Agent: KMail/1.7.2 References: <63687.81.84.174.5.1110636203.squirrel@mail.revolutionsp.com> In-Reply-To: <63687.81.84.174.5.1110636203.squirrel@mail.revolutionsp.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart5322373.QeXrN1cgP9"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200503121740.12605.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: "H. S." Subject: Re: IP packets from host system showing inside a jail? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Mar 2005 16:40:20 -0000 --nextPart5322373.QeXrN1cgP9 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 12 March 2005 15:03, H. S. wrote: > Hey, > > I've noticed something odd.. I'm using FreeBSD 5.3-STABLE with PF, on a > dual xeon 2.4 system. I have two jails running for web and mail servers. > Today I was testing something and needed a tcpdump, so inside a jail I > started tcpdump as root. > > To my amazement, IP packets from the host system (IRC connections that > should NOT show on that jail) were appearing on the tcpdump INSIDE the > jail! > > tcpdump then became irresponsive quickly after capturing those, ^C > wouldn't kill it and ^Z didn't nothing either. I had to login from another > terminal to the host system, and killall -KILL tcpdump. > > Is this a known bug? IP packets from the host system<->internet should not > be visible inside the jail. > > If you need tcpdump/uname -a etc, I'll provide these when asked. tcpdump reads "raw" data from the hardware useing the bpf socket. There is= no=20 way (implemented) to filter bpf for jails. It'd be also a bit tricky to=20 realize as bpf sees "raw" i.e. ethernet packets while jails are a IP-level= =20 construct, so in order to filter bpf for jails one would have to do a lot o= f=20 extra work. I don't think there is a "legal" application for bpf inside of= a=20 jail that would justify the additional work. The only way to avoid this, is to not give your jail(s) access to /dev/bpf = =2D=20 why would you want to in the first place? =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart5322373.QeXrN1cgP9 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCMxtsXyyEoT62BG0RAmGnAJsGIqLQvfvPag0gbmzxb/SYvsFXtwCfQKDT dYw1qR14Jou4z1MbdwAN2sc= =tDpM -----END PGP SIGNATURE----- --nextPart5322373.QeXrN1cgP9--