From owner-freebsd-security@FreeBSD.ORG Thu Apr 22 04:30:23 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4103116A4CF; Thu, 22 Apr 2004 04:30:23 -0700 (PDT) Received: from darkness.comp.waw.pl (darkness.comp.waw.pl [195.117.238.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1462E43D2D; Thu, 22 Apr 2004 04:30:10 -0700 (PDT) (envelope-from pjd@darkness.comp.waw.pl) Received: by darkness.comp.waw.pl (Postfix, from userid 1009) id DCC39ACC5C; Thu, 22 Apr 2004 13:30:02 +0200 (CEST) Date: Thu, 22 Apr 2004 13:30:02 +0200 From: Pawel Jakub Dawidek To: "Christian S.J. Peron" Message-ID: <20040422113002.GW24376@darkness.comp.waw.pl> References: <20040420015638.A84821@staff.seccuris.com> <14522.1082452837@critter.freebsd.dk> <20040420200027.A51891@staff.seccuris.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="5mjPmdht4ZehXHR2" Content-Disposition: inline In-Reply-To: <20040420200027.A51891@staff.seccuris.com> User-Agent: Mutt/1.4.2i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 5.2.1-RC2 i386 cc: freebsd-hackers@freebsd.org cc: Poul-Henning Kamp cc: freebsd-security@freebsd.org Subject: Re: [patch] Raw sockets in jails X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Apr 2004 11:30:23 -0000 --5mjPmdht4ZehXHR2 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 20, 2004 at 08:00:27PM +0000, Christian S.J. Peron wrote: +> Poul/group +>=20 +> The following patch makes raw sockets comply with prison IP addresses. +> Some tools such as traceroute(8) may require that the prison IP address +> be specified on the command line. I.E. +>=20 +> traceroute -s +>=20 +> Otherwise it might fail. +>=20 +> (because of this we may want to get rid of the +> create_raw_sockets MIB all together). +>=20 +> Anyway, take a gander at it (testers feedback welcome): Looks very neat! I've merge your patch to my jail work (pjd_jail perforce branch) and changed it to be usable with my multiple ips stuff. I haven't reviewed nor tested it yet. --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --5mjPmdht4ZehXHR2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAh6y6ForvXbEpPzQRArWBAKDKijJxa0MWetxMmwtuKgYgFYv6WQCgpL/W on2HykuapcHLa7EGsAhkxNM= =QbHT -----END PGP SIGNATURE----- --5mjPmdht4ZehXHR2--