In message <[email protected]> "Bjoern A. Zeeb" writes: > On Sat, 25 Aug 2012, Jamie Gritton wrote: > > ... > >>>> Curtis > >>> > >>> Offhand, it does sound like a bug. I imagine the solution would be to > >>> reject the join - at least the easy solution to be done first until > >>> something more complicated can be done to make jails play nice with > >>> multicast. > >>> > >>> - Jamie > >> > >> > >> Jamie, > >> > >> Certainly not the preferred solution. Best would be a > >> jail.allow-ipv6multicast sysctl variable with rejecting the join if 0 > >> and accepting the join and passing in multicast if 1. Same for v4, > >> though not of immediate concern since DHCPv4 doesn't need it. > >> > >> If you (or someone) would like to point me in the right direction, I > >> would be willing to put some time into learning the relevant code and > >> proposing a fix. No promises, but I can put some time into it. Off > >> list if you prefer. > >> > >> Curtis > > > > It'll have to be someone besides me - I don't know enough about > > multicast myself to be able to do more than keep it out of jails. > > sysctl souns bad to me; I think it should actually be grouped by > ip4.* and ip6.*. What dod we currently do for raw sockets? Can we > have a third level easily, as in ip4.raw.*, ip6.mc.*, ... which of > course would kill the classic "allow" thing for raw sockets myabe? > > /bz
For raw sockets the sysctl variable is: security.jail.allow_raw_sockets One sysctl variable for both inet and inet6 AF. Perhaps a reasonable name would be: security.jail.ip4.allow_multicast security.jail.ip6.allow_multicast Just to be clear, I was hoping to get some help if I were to make an attempt to allow ipv6 multicast through, though I suspect that the code would be very similar for ipv4. Curtis > -- > Bjoern A. Zeeb You have to have visions! > Stop bit received. Insert coin for new address family. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[email protected]"
