From owner-freebsd-jail@FreeBSD.ORG  Tue Apr 10 22:14:37 2012
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id A288B10657BF
	for <freebsd-jail@freebsd.org>; Tue, 10 Apr 2012 22:14:37 +0000 (UTC)
	(envelope-from feld@feld.me)
Received: from feld.me (unknown [IPv6:2607:f4e0:100:300::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 775A08FC14
	for <freebsd-jail@freebsd.org>; Tue, 10 Apr 2012 22:14:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=feld.me;
	s=blargle; 
	h=In-Reply-To:Message-Id:From:Mime-Version:Date:References:Subject:To:Content-Type;
	bh=KxFJWd/3/ou+uD2RkjTTiuMgclJaSrDflSfXhOF9QZw=; 
	b=PrEfbaNnvZeysYyEKuRjeFx5t2QD8Tby5dZ2lDyT/hpnkek/VHYGotvdY+2RxT9sjqQT1cSM1qe/J8LY1kCqNGNh20EDvDFZTqXmSTVvEKoax3o0w9CksRpl1Bsug6qG;
Received: from localhost ([127.0.0.1] helo=mwi1.coffeenet.org)
	by feld.me with esmtp (Exim 4.77 (FreeBSD))
	(envelope-from <feld@feld.me>) id 1SHjKe-0009M9-HP
	for freebsd-jail@freebsd.org; Tue, 10 Apr 2012 17:14:37 -0500
Received: from feld@feld.me by mwi1.coffeenet.org (Archiveopteryx 3.1.4)
	with esmtpa id 1334096070-23734-23733/5/11; Tue, 10 Apr 2012 22:14:30
	+0000
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
To: freebsd-jail@freebsd.org
References: <493438014.49159.1333999007132.JavaMail.root@mrelmx09.mrec.ar>
	<op.wcik10bo34t2sn@tech304>
	<903CBCF8-5096-4C5B-A5A9-F8495AA8751C@netplex.se>
Date: Tue, 10 Apr 2012 17:14:29 -0500
Mime-Version: 1.0
From: Mark Felder <feld@feld.me>
Message-Id: <op.wcklefqm34t2sn@cr48.lan>
In-Reply-To: <903CBCF8-5096-4C5B-A5A9-F8495AA8751C@netplex.se>
User-Agent: Opera Mail/11.62 (FreeBSD)
X-SA-Score: -1.5
Subject: Re: Jail source address selection broken, patch for ping
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Apr 2012 22:14:37 -0000

On Tue, 10 Apr 2012 04:03:22 -0500, Anders Hagman  
<anders.hagman@netplex.se> wrote:

> I have used vnet jail to get your own IP stack.
> One strange thing is that tcpdump on the host can not see the packets.


Yes, vnet avoids this issue. You shouldn't be able to tcpdump on the host  
to see the packets; those interfaces are now entirely owned by the jail.

Unfortunately we cannot use vnet because it is very experimental still and  
I have been able to cause it to panic many times.