[patch] Raw sockets in jails
Devon H. O'Dell
dodell at sitetronics.com
Thu Apr 22 02:21:54 PDT 2004
Christian S.J. Peron <maneo at bsdpro.com> scribbled:
> Poul/group
>
> The following patch makes raw sockets comply with prison IP addresses.
> Some tools such as traceroute(8) may require that the prison IP address
> be specified on the command line. I.E.
>
> traceroute -s <prison ip> <dest address>
>
> Otherwise it might fail.
>
> (because of this we may want to get rid of the
> create_raw_sockets MIB all together).
>
> Anyway, take a gander at it (testers feedback welcome):
>
> Regards
> Christian S.J. Peron
Nice work! It doesn't seem that it would be very difficult to get this
to comply with Pawels multiple IPs in jail patch, but it would have to
be optimized a bit as the IPs are currently stored in a linked list in
his patch and traversing that list to determine whether the IP complies
with the jails allotted IP range is sub-optimal (as it would have to be
done on a per-packet basis). If we could store those IPs in a hash table
with a fast algorithm for O(1) lookup times, the prison subsystem would
experience significant feature improvements.
--
Kind regards,
Devon H. O'Dell | dodell at sitetronics.com
ICQ: 2903604 | IRC: dho at freenode/dodell at efnet
More information about the freebsd-hackers
mailing list