Site Navigation

FreeBSD Manual Pages

   man apropos
 
   All Sections 1 - General Commands 2 - System Calls 3 - Subroutines 4 - Special Files 5 - File Formats 6 - Games 7 - Macros and Conventions 8 - Maintenance Commands 9 - Kernel Interface n - New Commands FreeBSD 16.0-CURRENT FreeBSD 15.0-STABLE FreeBSD 14.3-RELEASE FreeBSD 14.3-RELEASE and Ports FreeBSD 14.3-STABLE FreeBSD 14.2-RELEASE FreeBSD 14.2-RELEASE and Ports FreeBSD 14.1-RELEASE FreeBSD 14.1-RELEASE and Ports FreeBSD 14.0-RELEASE FreeBSD 14.0-RELEASE and Ports FreeBSD 13.5-RELEASE FreeBSD 13.5-RELEASE and Ports FreeBSD 13.5-STABLE FreeBSD 13.4-RELEASE FreeBSD 13.4-RELEASE and Ports FreeBSD 13.3-RELEASE FreeBSD 13.3-RELEASE and Ports FreeBSD 13.2-RELEASE FreeBSD 13.2-RELEASE and Ports FreeBSD 13.1-RELEASE FreeBSD 13.1-RELEASE and Ports FreeBSD 13.0-RELEASE FreeBSD 13.0-RELEASE and Ports FreeBSD 12.4-RELEASE FreeBSD 12.4-RELEASE and Ports FreeBSD 12.3-RELEASE FreeBSD 12.3-RELEASE and Ports FreeBSD 12.2-RELEASE FreeBSD 12.2-RELEASE and Ports FreeBSD 12.1-RELEASE FreeBSD 12.1-RELEASE and Ports FreeBSD 12.0-RELEASE FreeBSD 12.0-RELEASE and Ports FreeBSD 11.4-RELEASE FreeBSD 11.4-RELEASE and Ports FreeBSD 11.3-RELEASE FreeBSD 11.3-RELEASE and Ports FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE and Ports FreeBSD 11.1-RELEASE FreeBSD 11.1-RELEASE and Ports FreeBSD 11.0-RELEASE FreeBSD 11.0-RELEASE and Ports FreeBSD 10.4-RELEASE FreeBSD 10.4-RELEASE and Ports FreeBSD 10.3-RELEASE FreeBSD 10.3-RELEASE and Ports FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE and Ports FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE and Ports FreeBSD 10.0-RELEASE FreeBSD 10.0-RELEASE and Ports FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE and Ports FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE and Ports FreeBSD 9.1-RELEASE FreeBSD 9.1-RELEASE and Ports FreeBSD 9.0-RELEASE FreeBSD 9.0-RELEASE and Ports FreeBSD 8.4-RELEASE FreeBSD 8.4-RELEASE and Ports FreeBSD 8.3-RELEASE FreeBSD 8.3-RELEASE and Ports FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE and Ports FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE and Ports FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE and Ports FreeBSD 7.4-RELEASE FreeBSD 7.4-RELEASE and Ports FreeBSD 7.3-RELEASE FreeBSD 7.3-RELEASE and Ports FreeBSD 7.2-RELEASE FreeBSD 7.2-RELEASE and Ports FreeBSD 7.1-RELEASE FreeBSD 7.1-RELEASE and Ports FreeBSD 7.0-RELEASE FreeBSD 6.4-RELEASE FreeBSD 6.4-RELEASE and Ports FreeBSD 6.3-RELEASE FreeBSD 6.3-RELEASE and Ports FreeBSD 6.2-RELEASE FreeBSD 6.1-RELEASE FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE and Ports FreeBSD 5.5-RELEASE FreeBSD 5.5-RELEASE and Ports FreeBSD 5.4-RELEASE FreeBSD 5.4-RELEASE and Ports FreeBSD 5.3-RELEASE FreeBSD 5.3-RELEASE and Ports FreeBSD 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE and Ports FreeBSD 5.2-RELEASE FreeBSD 5.2-RELEASE and Ports FreeBSD 5.1-RELEASE FreeBSD 5.0-RELEASE FreeBSD 4.11-RELEASE FreeBSD 4.11-RELEASE and Ports FreeBSD 4.10-RELEASE FreeBSD 4.10-RELEASE and Ports FreeBSD 4.9-RELEASE FreeBSD 4.9-RELEASE and Ports FreeBSD 4.8-RELEASE FreeBSD 4.8-RELEASE and Ports FreeBSD 4.7-RELEASE FreeBSD 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE and Ports FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE and Ports FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE and Ports FreeBSD 4.4-RELEASE FreeBSD 4.3-RELEASE FreeBSD 4.3-RELEASE and Ports FreeBSD 4.2-RELEASE FreeBSD 4.2-RELEASE and Ports FreeBSD 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE and Ports FreeBSD 4.1-RELEASE FreeBSD 4.0-RELEASE FreeBSD 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE and Ports FreeBSD 3.5-RELEASE and Ports FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE and Ports FreeBSD 3.3-RELEASE FreeBSD 3.2-RELEASE FreeBSD 3.1-RELEASE FreeBSD 3.0-RELEASE FreeBSD 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE and Ports FreeBSD 2.2.7-RELEASE FreeBSD 2.2.6-RELEASE FreeBSD 2.2.5-RELEASE FreeBSD 2.2.2-RELEASE FreeBSD 2.2.1-RELEASE FreeBSD 2.1.7.1-RELEASE FreeBSD 2.1.6.1-RELEASE FreeBSD 2.1.5-RELEASE FreeBSD 2.1.0-RELEASE FreeBSD 2.0.5-RELEASE FreeBSD 2.0-RELEASE FreeBSD 1.1.5.1-RELEASE FreeBSD 1.1-RELEASE FreeBSD 1.0-RELEASE FreeBSD Ports 14.3 FreeBSD Ports 14.3.quarterly FreeBSD Ports 14.2 FreeBSD Ports 14.1 FreeBSD Ports 14.0 FreeBSD Ports 13.5 FreeBSD Ports 13.4 FreeBSD Ports 13.3 FreeBSD Ports 13.2 FreeBSD Ports 13.1 FreeBSD Ports 13.0 FreeBSD Ports 12.4 FreeBSD Ports 12.3 FreeBSD Ports 12.2 FreeBSD Ports 12.1 FreeBSD Ports 12.0 FreeBSD Ports 11.4 FreeBSD Ports 11.3 FreeBSD Ports 11.2 FreeBSD Ports 11.1 FreeBSD Ports 11.0 FreeBSD Ports 10.4 FreeBSD Ports 10.3 FreeBSD Ports 10.2 FreeBSD Ports 10.1 FreeBSD Ports 10.0 FreeBSD Ports 9.3 FreeBSD Ports 9.2 FreeBSD Ports 9.1 FreeBSD Ports 9.0 FreeBSD Ports 8.4 FreeBSD Ports 8.3 FreeBSD Ports 8.2 FreeBSD Ports 8.1 FreeBSD Ports 8.0 FreeBSD Ports 7.4 FreeBSD Ports 7.3 FreeBSD Ports 7.2 FreeBSD Ports 7.1 FreeBSD Ports 7.0 FreeBSD Ports 6.4 FreeBSD Ports 6.3 FreeBSD Ports 6.2 FreeBSD Ports 6.0 FreeBSD Ports 5.5 FreeBSD Ports 5.4 FreeBSD Ports 5.3 FreeBSD Ports 5.2.1 FreeBSD Ports 5.2 FreeBSD Ports 5.1 FreeBSD Ports 4.11 FreeBSD Ports 4.10 FreeBSD Ports 4.9 FreeBSD Ports 4.8 FreeBSD Ports 4.7 FreeBSD Ports 4.6.2 FreeBSD Ports 4.6 FreeBSD Ports 4.5 FreeBSD Ports 4.3 FreeBSD Ports 4.2 FreeBSD Ports 4.1.1 FreeBSD Ports 3.5.1 FreeBSD Ports 3.5 FreeBSD Ports 3.4 FreeBSD Ports 2.2.8 4.4BSD Lite2 4.3BSD NET/2 4.3BSD Reno 2.11 BSD 2.10 BSD 2.9.1 BSD 2.8 BSD 386BSD 0.1 386BSD 0.0 CentOS 7.9 CentOS 7.8 CentOS 7.7 CentOS 7.6 CentOS 7.5 CentOS 7.4 CentOS 7.3 CentOS 7.2 CentOS 7.1 CentOS 7.0 CentOS 6.10 CentOS 6.9 CentOS 6.8 CentOS 6.7 CentOS 6.6 CentOS 6.5 CentOS 6.4 CentOS 6.3 CentOS 6.2 CentOS 6.1 CentOS 6.0 CentOS 5.11 CentOS 5.10 CentOS 5.9 CentOS 5.8 CentOS 5.7 CentOS 5.6 CentOS 5.5 CentOS 5.4 CentOS 4.8 CentOS 3.9 Darwin 8.0.1/ppc Darwin 7.0.1 Darwin 6.0.2/x86 Darwin 1.4.1/x86 Darwin 1.3.1/x86 Debian 14.0 unstable Debian 13.1.0 Debian 12.12.0 Debian 11.11.0 Debian 10.13.0 Debian 9.13.0 Debian 8.11.1 Debian 7.11.0 Debian 6.0.10 Debian 5.0.10 Debian 4.0.9 Debian 3.1.8 Debian 2.2.7 Debian 2.0.0 Dell UNIX SVR4 2.2 DragonFly 6.4.0 DragonFly 5.8.3 DragonFly 4.8.1 DragonFly 3.8.2 DragonFly 2.10.1 DragonFly 1.12.1 DragonFly 1.0A HP-UX 11.22 HP-UX 11.20 HP-UX 11.11 HP-UX 11.00 HP-UX 10.20 HP-UX 10.10 HP-UX 10.01 HP-UX 9.07 HP-UX 8.07 Inferno 4th Edition IRIX 6.5.30 Linux Slackware 3.1 MACH 2.5/i386 macOS 26.0 macOS 15.7 macOS 14.8 macOS 13.6.5 macOS 12.7.3 macOS 11.1 macOS 10.15.0 macOS 10.13.6 macOS 10.12.0 Minix 3.3.0 Minix 3.2.1 Minix 3.2.0 Minix 3.1.7 Minix 3.1.6 Minix 3.1.5 Minix 2.0.0 NetBSD 10.1 NetBSD 10.0 NetBSD 9.4 NetBSD 9.3 NetBSD 9.2 NetBSD 9.1 NetBSD 9.0 NetBSD 8.3 NetBSD 8.2 NetBSD 8.1 NetBSD 8.0 NetBSD 7.2 NetBSD 7.1.2 NetBSD 7.1 NetBSD 7.0 NetBSD 6.1.5 NetBSD 6.0 NetBSD 5.2.3 NetBSD 5.2 NetBSD 5.1 NetBSD 5.0 NetBSD 4.0.1 NetBSD 4.0 NetBSD 3.1 NetBSD 3.0 NetBSD 2.1 NetBSD 2.0.2 NetBSD 2.0 NetBSD 1.6.2 NetBSD 1.6.1 NetBSD 1.6 NetBSD 1.5.3 NetBSD 1.5.2 NetBSD 1.5.1 NetBSD 1.5 NetBSD 1.4.3 NetBSD 1.4.2 NetBSD 1.4.1 NetBSD 1.4 NetBSD 1.3.3 NetBSD 1.3.2 NetBSD 1.3.1 NetBSD 1.3 NetBSD 1.2.1 NetBSD 1.2 NetBSD 1.1 NetBSD 1.0 NeXTSTEP 3.3 OpenBSD 7.8 OpenBSD 7.7 OpenBSD 7.6 OpenBSD 7.5 OpenBSD 7.4 OpenBSD 7.3 OpenBSD 7.2 OpenBSD 7.1 OpenBSD 7.0 OpenBSD 6.9 OpenBSD 6.8 OpenBSD 6.7 OpenBSD 6.6 OpenBSD 6.5 OpenBSD 6.4 OpenBSD 6.3 OpenBSD 6.2 OpenBSD 6.1 OpenBSD 6.0 OpenBSD 5.9 OpenBSD 5.8 OpenBSD 5.7 OpenBSD 5.6 OpenBSD 5.5 OpenBSD 5.4 OpenBSD 5.3 OpenBSD 5.2 OpenBSD 5.1 OpenBSD 5.0 OpenBSD 4.9 OpenBSD 4.8 OpenBSD 4.7 OpenBSD 4.6 OpenBSD 4.5 OpenBSD 4.4 OpenBSD 4.3 OpenBSD 4.2 OpenBSD 4.1 OpenBSD 4.0 OpenBSD 3.9 OpenBSD 3.8 OpenBSD 3.7 OpenBSD 3.6 OpenBSD 3.5 OpenBSD 3.4 OpenBSD 3.3 OpenBSD 3.2 OpenBSD 3.1 OpenBSD 3.0 OpenBSD 2.9 OpenBSD 2.8 OpenBSD 2.7 OpenBSD 2.6 OpenBSD 2.5 OpenBSD 2.4 OpenBSD 2.3 OpenBSD 2.2 OpenBSD 2.1 OpenBSD 2.0 OpenDarwin 7.2.1 OpenDarwin 6.6.2/x86 OpenDarwin 6.6.1/x86 OpenDarwin 20030208pre4/ppc OpenIndiana 2024.10 OpenIndiana 2022.10 OpenIndiana 2020.10 OpenIndiana 2017.10 OpenIndiana 2015.10 OpenIndiana 2013.08 OpenSolaris 2010.03 OpenSolaris 2009.06 OpenStep 4.2 openSUSE 42.3 openSUSE 42.2 openSUSE 42.1 openSUSE 16.0 openSUSE 15.6 openSUSE 15.5 openSUSE 15.4 openSUSE 15.3 openSUSE 15.2 openSUSE 15.1 openSUSE 15.0 openSUSE 13.2 openSUSE 13.1 openSUSE 11.4 openSUSE 11.3 openSUSE 11.2 openSUSE 10.3 openSUSE 10.2 OSF1 V5.1/alpha OSF1 V4.0/alpha OSF1 V1.0/mips Plan 9 Red Hat 9.0 Red Hat 8.0 Red Hat 7.3 Red Hat 7.2 Red Hat 7.1 Red Hat 7.0 Red Hat 6.2 Red Hat 6.1 Red Hat 5.2 Red Hat 5.0 Red Hat 4.2 Rhapsody DR1 Rhapsody DR2 Rocky 10.0 Rocky 9.6 Rocky 9.5 Rocky 9.4 Rocky 9.3 Rocky 9.2 Rocky 9.1 Rocky 9.0 Rocky 8.10 Rocky 8.9 Rocky 8.8 Rocky 8.7 Rocky 8.6 Rocky 8.5 Rocky 8.4 Rocky 8.3 Sun UNIX 0.4 SunOS 5.10 SunOS 5.9 SunOS 5.8 SunOS 5.7 SunOS 5.6 SunOS 5.5.1 SunOS 4.1.3 SuSE 11.3 SuSE 11.2 SuSE 11.1 SuSE 11.0 SuSE 10.3 SuSE 10.2 SuSE 10.1 SuSE 10.0 SuSE 9.3 SuSE 9.2 SuSE 8.2 SuSE 8.1 SuSE 8.0 SuSE 7.3 SuSE 7.2 SuSE 7.1 SuSE 7.0 SuSE 6.4 SuSE 6.3 SuSE 6.1 SuSE 6.0 SuSE 5.3 SuSE 5.2 SuSE 5.0 SuSE 4.3 SuSE ES 10 SP1 Ubuntu 24.04 noble Ubuntu 23.10 mantic Ubuntu 22.04 jammy Ubuntu 20.04 focal Ubuntu 18.04 bionic Ubuntu 16.04 xenial Ubuntu 14.04 trusty ULTRIX 4.2 Ultrix-32 2.0/VAX Unix Seventh Edition X11R7.4 X11R7.3.2 X11R7.2 X11R6.9.0 X11R6.8.2 X11R6.7.0 XFree86 4.8.0 XFree86 4.7.0 XFree86 4.6.0 XFree86 4.5.0 XFree86 4.4.0 XFree86 4.3.0 XFree86 4.2.99.3 XFree86 4.2.0 XFree86 4.1.0 XFree86 4.0.2 XFree86 4.0.1 XFree86 4.0 XFree86 3.3.6 XFree86 3.3 XFree86 2.1 All Architectures html pdf ascii

home | help

---

CAP_NET(3)		    Library Functions Manual		    CAP_NET(3)

NAME
       cap_bind,      cap_connect,     cap_getaddrinfo,	    cap_gethostbyaddr,
       cap_gethostbyname, cap_gethostbyname2,  cap_getnameinfo,	 cap_net_free,
       cap_net_limit, cap_net_limit_addr2name, cap_net_limit_addr2name_family,
       cap_net_limit_bind,	cap_net_limit_connect,	   cap_net_limit_init,
       cap_net_limit_name2addr,	cap_net_limit_name2addr_family,	-- library for
       networking in capability	mode

LIBRARY
       library "libcap_net"

SYNOPSIS
       #include	<sys/nv.h>
       #include	<libcasper.h>
       #include	<casper/cap_net.h>

       int
       cap_bind(cap_channel_t *chan,  int  s,  const  struct  sockaddr	*addr,
	   socklen_t addrlen);

       int
       cap_connect(cap_channel_t  *chan,  int  s, const	struct sockaddr	*name,
	   socklen_t namelen);

       int
       cap_getaddrinfo(cap_channel_t	*chan,	  const	   char	    *hostname,
	   const    char    *servname,	  const	   struct   addrinfo   *hints,
	   struct addrinfo **res);

       int
       cap_getnameinfo(cap_channel_t  *chan,  const   struct   sockaddr	  *sa,
	   socklen_t   salen,	char   *host,	size_t	hostlen,  char	*serv,
	   size_t servlen, int flags);

       struct hostent *
       cap_gethostbyname(const cap_channel_t *chan, const char *name);

       struct hostent *
       cap_gethostbyname2(const	 cap_channel_t	*chan,	 const	 char	*name,
	   int af);

       struct hostent *
       cap_gethostbyaddr(const	 cap_channel_t	 *chan,	  const	  void	*addr,
	   socklen_t len, int af);

       cap_net_limit_t *
       cap_net_limit_init(cap_channel_t	*chan, uint64_t	mode);

       int
       cap_net_limit(cap_net_limit_t *limit);

       void
       cap_net_free(cap_net_limit_t *limit);

       cap_net_limit_t *
       cap_net_limit_addr2name_family(cap_net_limit_t  *limit,	int   *family,
	   size_t size);

       cap_net_limit_t *
       cap_net_limit_addr2name(cap_net_limit_t			       *limit,
	   const struct	sockaddr *sa, socklen_t	salen);

       cap_net_limit_t *
       cap_net_limit_name2addr_family(cap_net_limit_t  *limit,	int   *family,
	   size_t size);

       cap_net_limit_t *
       cap_net_limit_name2addr(cap_net_limit_t	 *limit,   const  char	*name,
	   const char *serv);

       cap_net_limit_t *
       cap_net_limit_connect(cap_net_limit_t			       *limit,
	   const struct	sockaddr *sa, socklen_t	salen);

       cap_net_limit_t *
       cap_net_limit_bind(cap_net_limit_t  *limit,  const struct sockaddr *sa,
	   socklen_t salen);

DESCRIPTION
       The    functions	   cap_bind(),	  cap_connect(),    cap_getaddrinfo(),
       cap_getnameinfo(),   cap_gethostbyname(),   cap_gethostbyname2(),   and
       cap_gethostbyaddr() provide  a  set  of	APIs  equivalent  to  bind(2),
       connect(2),     getaddrinfo(3),	  getnameinfo(3),    gethostbyname(3),
       gethostbyname2(3), and gethostbyaddr(3) except that a connection	to the
       system.net service needs	to be provided.

       These functions,	as well	as  cap_net_limit(),  are  reentrant  but  not
       thread-safe.   That  is,	 they may be called from separate threads only
       with different cap_channel_t arguments or with synchronization.

LIMITS
       By default, the cap_net capability provides unrestricted	access to  the
       network	namespace.   Applications  typically  only require access to a
       small portion of	the network namespace:	The  cap_net_limit()  function
       can    be    used   to	restrict   access   to	 the   network.	   The
       cap_net_limit_init() returns an opaque limit handle  used  to  store  a
       list of capabilities.  The mode restricts the functionality of the ser-
       vice.  Modes are	encoded	using the following flags:

	     CAPNET_ADDR2NAME		     reverse DNS lookups are allowed with
					     cap_getnameinfo
	     CAPNET_NAME2ADDR		     name resolution is	allowed	with
					     cap_getaddrinfo
	     CAPNET_DEPRECATED_ADDR2NAME     reverse DNS lookups are allowed with
					     cap_gethostbyaddr
	     CAPNET_DEPRECATED_NAME2ADDR     name resolution is	allowed	with
					     cap_gethostbyname and cap_gethostbyname2
	     CAPNET_BIND		     bind syscall is allowed
	     CAPNET_CONNECT		     connect syscall is	allowed
	     CAPNET_CONNECTDNS		     connect syscall is	allowed	to the values
					     returned from previous call to
					     the cap_getaddrinfo or cap_gethostbyname

       cap_net_limit_addr2name_family()	  limits   the	cap_getnameinfo()  and
       cap_gethostbyaddr() to  do  reverse  DNS	 lookups  to  specific	family
       (AF_INET, AF_INET6, etc.)

       cap_net_limit_addr2name()     limits    the    cap_getnameinfo()	   and
       cap_gethostbyaddr() to do reverse DNS lookups only  on  those  specific
       structures.

       cap_net_limit_name2addr_family()	   limits    the    cap_getaddrinfo(),
       cap_gethostbyname() and cap_gethostbyname2() to do the name  resolution
       on specific family (AF_INET, AF_INET6, etc.)

       cap_net_limit_addr2name()	  restricts	    cap_getaddrinfo(),
       cap_gethostbyname() and cap_gethostbyname2() to a set of	domains.

       cap_net_limit_bind() limits cap_bind() to bind only on  those  specific
       structures.

       cap_net_limit_connect()	limits	cap_connect() to connect only on those
       specific	structures.  If	the CAPNET_CONNECTDNS is set  the  limits  are
       extended	   to	 the	values	  returned    by    cap_getaddrinfo(),
       cap_gethostbyname()   and   cap_gethostbyname2()	  In   case   of   the
       cap_getaddrinfo()   the	 restriction   is  strict.   In	 case  of  the
       cap_gethostbyname() and cap_gethostbyname2() any	port will be  accepted
       in the cap_connect() function.

       The cap_net_limit() will	consume	and apply the limits.

       Once  a	set  of	limits is applied, subsequent calls to cap_net_limit()
       will fail unless	the new	set is a subset	of the current set.

       If the cap_net_limit() was not called the rights	 may  be  freed	 using
       cap_net_free().	 Multiple  calls  to cap_net_limit_addr2name_family(),
       cap_net_limit_addr2name(),	     cap_net_limit_name2addr_family(),
       cap_net_limit_name2addr(),	  cap_net_limit_connect(),	   and
       cap_net_limit_bind() is supported, each call is extending preview capa-
       bilities.

EXAMPLES
       The following example first opens a capability to casper	and then  uses
       this  capability	to create the system.net casper	service	and uses it to
       resolve a host and connect to it.

       cap_channel_t *capcas, *capnet;
       cap_net_limit_t *limit;
       int familylimit,	error, s;
       const char *host	= "example.com";
       struct addrinfo hints, *res;

       /* Open capability to Casper. */
       capcas =	cap_init();
       if (capcas == NULL)
	       err(1, "Unable to contact Casper");

       /* Cache	NLA for	gai_strerror. */
       caph_cache_catpages();

       /* Enter	capability mode	sandbox. */
       if (caph_enter_casper() < 0)
	       err(1, "Unable to enter capability mode");

       /* Use Casper capability	to create capability to	the system.net service.	*/
       capnet =	cap_service_open(capcas, "system.net");
       if (capnet == NULL)
	       err(1, "Unable to open system.net service");

       /* Close	Casper capability. */
       cap_close(capcas);

       /* Limit	system.net to reserve IPv4 addresses, to host example.com . */
       limit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR | CAPNET_CONNECTDNS);
       if (limit == NULL)
	       err(1, "Unable to create	limits.");
       cap_net_limit_name2addr(limit, host, "80");
       familylimit = AF_INET;
       cap_net_limit_name2addr_family(limit, &familylimit, 1);
       if (cap_net_limit(limit)	< 0)
	       err(1, "Unable to apply limits.");

       /* Find IP addresses for	the given host.	*/
       memset(&hints, 0, sizeof(hints));
       hints.ai_family = AF_INET;
       hints.ai_socktype = SOCK_STREAM;

       error = cap_getaddrinfo(capnet, host, "80", &hints, &res);
       if (error != 0)
	       errx(1, "cap_getaddrinfo(): %s: %s", host, gai_strerror(error));

       s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
       if (s < 0)
	       err(1, "Unable to create	socket");

       if (cap_connect(capnet, s, res->ai_addr,	 res->ai_addrlen) < 0)
	       err(1, "Unable to connect to host");

SEE ALSO
       bind(2),	   cap_enter(2),    connect(2),	    caph_enter(3),     err(3),
       gethostbyaddr(3),  gethostbyname(3), gethostbyname2(3), getnameinfo(3),
       capsicum(4), nv(9)

AUTHORS
       Mariusz Zaborski	<oshogbo@FreeBSD.org>

FreeBSD	14.3		       December	6, 2023			    CAP_NET(3)

---

NAME | LIBRARY | SYNOPSIS | DESCRIPTION | LIMITS | EXAMPLES | SEE ALSO | AUTHORS

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=cap_net&sektion=3&manpath=FreeBSD+14.3-RELEASE+and+Ports>

home | help

---

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact