https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254623
--- Comment #7 from Zhenlei Huang <zlei.hu...@gmail.com> --- (In reply to Mark Johnston from comment #6) The patch D29523 works greatly :) I do not have a FreeBSD phabricator account, and just registered one and the account is not approved yet. So I comment directly here. Summary from review D29523: > For ICMP6 we were using the same socket for both, and we limited rights on the socket such that it's impossible to receive anything. At first glance it seems the regression was due to no sufficient rights on receiving socket, and I tried setting CAP_RECV on the receiving socket without luck, I also tried disabling capsicum entirely and it behaves the same. So the root cause is not no sufficient rights on receiving socket. Limit rights on the recv socket is great :) PS, man of cap_rights_limit gives an example entering capability mode before limiting rights. I tried setting CAP_RECV on recv socket after entering capability mode it also works greatly :-) I'm not familiar with capsicum and it's pleasant if someone clarify this. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
