http://typo.submonkey.net/articles/2008/05/16/new-release-of-tcpdrop-for-solaris en-us 40 I do what I want <p>Some years ago <a href="http://typo.submonkey.net/articles/2006/07/31/tcpdrop-for-solaris">I ported tcpdrop to Solaris</a> from the FreeBSD version. I did it very quickly as a proof of concept and never got round to quite getting the error handling right or worrying about Solaris 10 <a href="http://blogs.sun.com/gbrunett/entry/top_5_solaris_10_security">privileges</a>.</p> <p>After spending the required 14 seconds looking at the privileges stuff, it became pretty clear that the required privilege for using tcpdrop was <code>PRIV_SYS_IP_CONFIG</code>. This cannot be asserted in a non-global zone, so if you are one of the many people who have emailed me asking if it can work in a non-global zone, the answer is &#8220;no, it can&#8217;t&#8221;. Not only that, but there&#8217;s nothing I can do about it.</p> <p>Also in this release, I fixed up the error messages so that they are at least correct :)</p> <p>The next release will feature a manpage in man format, rather than the current mdoc one which can&#8217;t actually be formatted on Solaris. Anyone who knows an automated method to convert from mdoc to man, please shout.</p> <p>Anyway, the new release is <a href="http://typo.submonkey.net/pages/tcpdrop-solaris">available for download</a>, knock yourselves out.</p> Fri, 16 May 2008 21:09:00 +0000 urn:uuid:62bae70f-be57-4e2e-a364-d76884e3cee3 Ceri Davies http://typo.submonkey.net/articles/2008/05/16/new-release-of-tcpdrop-for-solaris Software Solaris