From owner-freebsd-ipfw@FreeBSD.ORG  Wed Oct 12 04:40:20 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@hub.freebsd.org
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DF91116A41F
	for <freebsd-ipfw@hub.freebsd.org>;
	Wed, 12 Oct 2005 04:40:20 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AFC2C43D45
	for <freebsd-ipfw@hub.freebsd.org>;
	Wed, 12 Oct 2005 04:40:20 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j9C4eK5X027823
	for <freebsd-ipfw@freefall.freebsd.org>; Wed, 12 Oct 2005 04:40:20 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j9C4eKFZ027822;
	Wed, 12 Oct 2005 04:40:20 GMT (envelope-from gnats)
Date: Wed, 12 Oct 2005 04:40:20 GMT
Message-Id: <200510120440.j9C4eKFZ027822@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
Cc: 
Subject: Re: kern/87032: [PATCH] ipfw ioctl interface implementation
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: "Andrey V. Elsukov" <bu7cher@yandex.ru>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2005 04:40:21 -0000

The following reply was made to PR kern/87032; it has been noted by GNATS.

From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/87032: [PATCH] ipfw ioctl interface implementation
Date: Wed, 12 Oct 2005 08:36:51 +0400

 This is a multi-part message in MIME format.
 --------------050604070508040903090904
 Content-Type: text/plain; charset=KOI8-R; format=flowed
 Content-Transfer-Encoding: 7bit
 
 Related with the jail the addition patch.
 Full last version of the patch can be found on the URL
 http://butcher.heavennet.ru/ipfw_ioctl/
 
 --------------050604070508040903090904
 Content-Type: text/plain;
  name="netinet.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="netinet.diff"
 
 --- sys/netinet/ip_dummynet.c.orig	Tue Oct 11 16:33:13 2005
 +++ sys/netinet/ip_dummynet.c	Wed Oct 12 08:01:24 2005
 @@ -88,6 +88,7 @@
  #ifdef DEV_DNCTL
  #include <sys/conf.h>
  #include <sys/fcntl.h>
 +#include <sys/jail.h>
  #include <netinet/ip_dummynet_io.h>
  
  static d_ioctl_t ip_dn_ioctl;
 @@ -2119,6 +2120,9 @@
  	size_t size;
  	struct ip_dummynet_ctl* ctl = (struct ip_dummynet_ctl*)data;
  
 +	if (jailed(td->td_ucred)) {
 +		return EPERM;
 +	}
  	switch(cmd) {
  		case IPDNIOCSCMD:
  			if ((fflag & FWRITE) != FWRITE) {
 --- sys/netinet/ip_fw2.c.orig	Tue Oct 11 16:19:32 2005
 +++ sys/netinet/ip_fw2.c	Wed Oct 12 07:58:55 2005
 @@ -4127,6 +4127,9 @@
  	size_t size;
  	struct ip_fw_ctl* ctl = (struct ip_fw_ctl*)data;
  
 +	if (jailed(td->td_ucred)) {
 +		return EPERM;
 +	}
  	switch(cmd) {
  		/*
  		 * IPFWIOCSCMD makes some modifications of ipfw's state 
 
 --------------050604070508040903090904--