From owner-freebsd-security  Sat Sep 18 11:40:16 1999
Delivered-To: freebsd-security@freebsd.org
Received: from proxy2.ba.best.com (proxy2.ba.best.com [206.184.139.14])
	by hub.freebsd.org (Postfix) with ESMTP id DDB2E14D46
	for <security@FreeBSD.ORG>; Sat, 18 Sep 1999 11:40:14 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: from apollo.backplane.com ([209.157.86.2])
	by proxy2.ba.best.com (8.9.3/8.9.2/best.out) with ESMTP id LAA00892;
	Sat, 18 Sep 1999 11:39:18 -0700 (PDT)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id LAA66478;
	Sat, 18 Sep 1999 11:39:13 -0700 (PDT)
	(envelope-from dillon)
Date: Sat, 18 Sep 1999 11:39:13 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199909181839.LAA66478@apollo.backplane.com>
To: Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>,
	imp@village.org (Warner Losh), liam@tiora.net (Liam Slusser),
	kdrobnac@mission.mvnc.edu (Kenny Drobnack),
	Harry_M_Leitzell@cmu.edu (Harry M. Leitzell), security@FreeBSD.ORG
Subject: Re: BPF on in 3.3-RC GENERIC kernel 
References:  <12434.937679573@critter.freebsd.dk>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


:In message <199909181819.LAA66207@apollo.backplane.com>, Matthew Dillon writes:
:>    In regards to the jail call, I still strongly recommend that the syscall
:>    be changed to take a sockaddr before it becomes too late, or we will blow
:>    compatibility with IPV6 coming up in the near future.
:>
:>						-Matt
:
:Until we know more about how IPv6 multihoming will work it is too
:early to say what kind of argument we will need to pass to jail(2)
:for IPv6.
:
:--
:Poul-Henning Kamp             FreeBSD coreteam member

    Let me put it this way:  Passing an unsigned 32 bit integer is obviously
    the *WRONG* type of argument to pass for an IP address considering that
    just about every single other system call takes a sockaddr of one sort 
    or another.

    And, frankly, it is not too early.  There's nothing wrong with a
    sockaddr.  It's a typed data structure so compatibility will be 
    maintained no matter what happens with IPV6.  There is even already an
    IPV6 family defined for it.

    Now is the time.  If you throw it into -STABLE without this, then you
    will screw over the people who are trying to use it when you eventually
    have to make the change, creating totally unnecessary pain in the process.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message