Christian S.J. Peron <[EMAIL PROTECTED]> scribbled: > Poul/group > > The following patch makes raw sockets comply with prison IP addresses. > Some tools such as traceroute(8) may require that the prison IP address > be specified on the command line. I.E. > > traceroute -s <prison ip> <dest address> > > Otherwise it might fail. > > (because of this we may want to get rid of the > create_raw_sockets MIB all together). > > Anyway, take a gander at it (testers feedback welcome): > > Regards > Christian S.J. Peron
Nice work! It doesn't seem that it would be very difficult to get this to comply with Pawels multiple IPs in jail patch, but it would have to be optimized a bit as the IPs are currently stored in a linked list in his patch and traversing that list to determine whether the IP complies with the jails allotted IP range is sub-optimal (as it would have to be done on a per-packet basis). If we could store those IPs in a hash table with a fast algorithm for O(1) lookup times, the prison subsystem would experience significant feature improvements. -- Kind regards, Devon H. O'Dell | [EMAIL PROTECTED] ICQ: 2903604 | IRC: [EMAIL PROTECTED]/[EMAIL PROTECTED] _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
