diff -ur sys/kern/kern_jail.c sys-jail-sockraw/kern/kern_jail.c
--- sys/kern/kern_jail.c	Fri Aug 17 01:00:26 2001
+++ sys-jail-sockraw/kern/kern_jail.c	Mon Mar 10 21:22:59 2003
@@ -39,6 +39,12 @@
     &jail_socket_unixiproute_only, 0,
     "Processes in jail are limited to creating UNIX/IPv4/route sockets only");
 
+/* Jared jared */
+int     jail_socket_allow_sockraw = 0;
+SYSCTL_INT(_jail, OID_AUTO, socket_allow_sockraw, CTLFLAG_RW,
+    &jail_socket_allow_sockraw, 0,
+    "Processes in jail are allowed use SOCK_RAW sockets");
+
 int	jail_sysvipc_allowed = 0;
 SYSCTL_INT(_jail, OID_AUTO, sysvipc_allowed, CTLFLAG_RW,
     &jail_sysvipc_allowed, 0,
diff -ur sys/netinet/raw_ip.c sys-jail-sockraw/netinet/raw_ip.c
--- sys/netinet/raw_ip.c	Fri Jan 24 10:52:50 2003
+++ sys-jail-sockraw/netinet/raw_ip.c	Sun Mar 16 20:50:33 2003
@@ -66,6 +66,8 @@
 #include <netinet/ip_fw.h>
 #include <netinet/ip_dummynet.h>
 
+#include <sys/jail.h>
+
 #ifdef FAST_IPSEC
 #include <netipsec/ipsec.h>
 #endif /*FAST_IPSEC*/
@@ -488,13 +490,23 @@
 rip_attach(struct socket *so, int proto, struct proc *p)
 {
 	struct inpcb *inp;
+	struct prison *saved = NULL;
 	int error, s;
 
 	inp = sotoinpcb(so);
 	if (inp)
 		panic("rip_attach");
+	if (p && jail_socket_allow_sockraw)
+	{
+		saved = p->p_prison;
+		p->p_prison = NULL;
+	}
 	if (p && (error = suser(p)) != 0)
+	{
+		p->p_prison = saved;
 		return error;
+	}
+	p->p_prison = saved;
 
 	error = soreserve(so, rip_sendspace, rip_recvspace);
 	if (error)
diff -ur sys/sys/jail.h sys-jail-sockraw/sys/jail.h
--- sys/sys/jail.h	Wed Nov  1 17:58:06 2000
+++ sys-jail-sockraw/sys/jail.h	Mon Mar 10 21:23:32 2003
@@ -48,6 +48,7 @@
  */
 extern int	jail_set_hostname_allowed;
 extern int	jail_socket_unixiproute_only;
+extern int	jail_socket_allow_sockraw; /* Jared jared */
 extern int	jail_sysvipc_allowed;
 
 #endif /* !_KERNEL */