On Saturday 12 March 2005 15:03, H. S. wrote: > Hey, > > I've noticed something odd.. I'm using FreeBSD 5.3-STABLE with PF, on a > dual xeon 2.4 system. I have two jails running for web and mail servers. > Today I was testing something and needed a tcpdump, so inside a jail I > started tcpdump as root. > > To my amazement, IP packets from the host system (IRC connections that > should NOT show on that jail) were appearing on the tcpdump INSIDE the > jail! > > tcpdump then became irresponsive quickly after capturing those, ^C > wouldn't kill it and ^Z didn't nothing either. I had to login from another > terminal to the host system, and killall -KILL tcpdump. > > Is this a known bug? IP packets from the host system<->internet should not > be visible inside the jail. > > If you need tcpdump/uname -a etc, I'll provide these when asked.
tcpdump reads "raw" data from the hardware useing the bpf socket. There is no way (implemented) to filter bpf for jails. It'd be also a bit tricky to realize as bpf sees "raw" i.e. ethernet packets while jails are a IP-level construct, so in order to filter bpf for jails one would have to do a lot of extra work. I don't think there is a "legal" application for bpf inside of a jail that would justify the additional work. The only way to avoid this, is to not give your jail(s) access to /dev/bpf - why would you want to in the first place? -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News
pgp9lih9wZDVN.pgp
Description: PGP signature