[crossbow-discuss] Re: Snooping on non-global network interfaces from global zone
Erik Nordmark
erik.nordmark at sun.com
Thu Feb 22 16:41:36 PST 2007
Jeff Victor wrote:
> Erik Nordmark wrote:
>> Xu wrote:
>>
>>> And when NOT using IP instances - is such a snooping (from one non
>>> global zone to a different non global zone) available ? (did not test
>>> it yet)
>>> Is there something with privileges of zone that stops him from doing
>>> so ?
>>
>> It is just the devices. zonecfg has a mechanism to assign additional
>> devices to a non-global zone (add device). This can be used to give a
>> non-global zone the ability to snoop - by giving it layer 2 access -
>> which means it can send any receive any Ethernet frames on that
>> interface.
>
> The zone will also need the net_rawaccess privilege in order to snoop.
> Adding that privilege requires S10 11/06 or Nevada build 37.
Correct. I forgot about that one.
Erik
More information about the crossbow-discuss
mailing list