s/to set/to a set/

s/to do bind/to bind/

s/to do connect/to connect/

s/previews/preview/

s/an host/a host/

s/revers/reverse/ (here and below)

also these shouldn't begin with "the"

It's not clear what "those specific structures" means.

Are we only allowing specific addresses to be looked up? Why does the signature take a pointer to a single sockaddr? Are we supposed to call this multiple times, one for each allowed address?

(same applies to other similar functions)

s/conenct/connect/

Yes there is not about that

Multiple calls to
.Fn cap_net_limit_addr2name_family,
.Fn cap_net_limit_addr2name,
.Fn cap_net_limit_name2addr_family,
.Fn cap_net_limit_name2addr,
.Fn cap_net_limit_conenct,
and
.Fn cap_net_limit_bind
is supported, each call is extending previews capabilities.

Should we make it "is obsolete and will be removed in .Fx 14"?

igor doesn't like the contraction

s/cep/cap/

"small number of the network namespace" doesn't quite make sense - you might say "small portion of the network namespace" or similar.

limit*s* the
and similarly elsewhere

However I'd be also happy enough to just do a pass over the man page once it's in the tree for these

need a space before the .
it currently renders as may be freed using cap_net_free.()
similarly below

Should we have a cap_enter() in the example to clearly distinguish what runs in the sandbox vs what sets up the service?

Missing period.

Style: opening brace should be on its own line, there should be newlines between functions.

Why are they obsolete?

We should avoid adding "All rights reserved" to new copyrights.

Typo, "reverse"

If addrinfo_unpack() returns NULL, we don't return EAI_MEMORY here.

If prevai == NULL then it must be true that firstai == NULL, so the condition is redundant.

Mixing GAI error values with errno values.

Why do we dup the socket?

IMO it would be a bit cleaner to handle salimits == NULL in net_allowed_bsaddr_impl().

Shouldn't it be an errno value? Ditto above.

I think we should start defining constants for the command strings. Otherwise the compiler can't catch typos.

This file is inconsistent in the way that it braces single-line statements. net_command(), below, does not have any.

Remove what?

Extra newline.

Maybe add /* Capability functions. */ to complement /* Limit functions. */ below.

Hmm, I guess this ensures that we don't trigger error handling in the caller? We could provide a static non-NULL pointer instead, like (void *)(uintptr_t)0x1.

cap_sysctl has the same problem.

Mariusz replied on IRC, this just reflects the fact that getaddrinfo() and getnameinfo() are preferred over gethost*() per the man page for these functions.

Difficult to figure out what to do with a period after a domain name, in plain text :)
Maybe a space after .com before the period?

Probably "deprecated" is better

Thats a good question I'm not sure.
From one hand yes we would like to on the other hand there may be some consumers of it.

Thank you!!!

There is caph_enter_casper which is cap_enter which check if the casper is buildin.

Fixded.

I added space.

Nice catch.

Right.

We don't have to we can just take it from nvlist.

We can't do that. Here if the capdnscache is NULL we return ENOTCAPABLE, but in case of the net_allowed_bsaddr which is used much offten if the right are not defined it means that we allow all bsaddr.

Not really sure what to do with that ;(

Thats a good idea. I started with the limits name for know.

Style fixed.

The flags after the development. The CASPER_SERVICE_FD nor the CASPER_SERVICE_STDIO in not needed.

Yes. As well as we ensure working with the proper descriptor. For example in fileargs we are doing much more checks.

Perhaps say that it may be removed after FreeBSD 13, then? I think it would be good to give some encouragement for people to migrate.

We could handle this in later followup though (after this gets committed.)

typo, "Deprecated"

Still an extra newline here?

deprecated

deprecated

Deprecated