Date: Sat, 12 Mar 2005 17:40:06 +0100 From: Max Laier <max@love2party.net> To: freebsd-hackers@freebsd.org Cc: "H. S." <security@revolutionsp.com> Subject: Re: IP packets from host system showing inside a jail? Message-ID: <200503121740.12605.max@love2party.net> In-Reply-To: <63687.81.84.174.5.1110636203.squirrel@mail.revolutionsp.com> References: <63687.81.84.174.5.1110636203.squirrel@mail.revolutionsp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart5322373.QeXrN1cgP9 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 12 March 2005 15:03, H. S. wrote: > Hey, > > I've noticed something odd.. I'm using FreeBSD 5.3-STABLE with PF, on a > dual xeon 2.4 system. I have two jails running for web and mail servers. > Today I was testing something and needed a tcpdump, so inside a jail I > started tcpdump as root. > > To my amazement, IP packets from the host system (IRC connections that > should NOT show on that jail) were appearing on the tcpdump INSIDE the > jail! > > tcpdump then became irresponsive quickly after capturing those, ^C > wouldn't kill it and ^Z didn't nothing either. I had to login from another > terminal to the host system, and killall -KILL tcpdump. > > Is this a known bug? IP packets from the host system<->internet should not > be visible inside the jail. > > If you need tcpdump/uname -a etc, I'll provide these when asked. tcpdump reads "raw" data from the hardware useing the bpf socket. There is= no=20 way (implemented) to filter bpf for jails. It'd be also a bit tricky to=20 realize as bpf sees "raw" i.e. ethernet packets while jails are a IP-level= =20 construct, so in order to filter bpf for jails one would have to do a lot o= f=20 extra work. I don't think there is a "legal" application for bpf inside of= a=20 jail that would justify the additional work. The only way to avoid this, is to not give your jail(s) access to /dev/bpf = =2D=20 why would you want to in the first place? =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart5322373.QeXrN1cgP9 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCMxtsXyyEoT62BG0RAmGnAJsGIqLQvfvPag0gbmzxb/SYvsFXtwCfQKDT dYw1qR14Jou4z1MbdwAN2sc= =tDpM -----END PGP SIGNATURE----- --nextPart5322373.QeXrN1cgP9--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503121740.12605.max>