svn commit: r186955 - in head/sys: conf netinet
Adrian Chadd
adrian at freebsd.org
Fri Jan 9 12:02:54 PST 2009
I wasn't even aware of the existance of this interface. I'll check it out.
Thing is, this is a socket layer option, rather than what I've
committed which is a netinet layer option.
Anyway, I'll check it out. I'm happy to fiddle with things if others'
would like it.
Adrian
2009/1/9 Attila Nagy <bra at fsn.hu>:
> Hello,
>
> Adrian Chadd wrote:
>>
>> Author: adrian
>> Date: Fri Jan 9 16:02:19 2009
>> New Revision: 186955
>> URL: http://svn.freebsd.org/changeset/base/186955
>>
>> Log:
>> Implement a new IP option (not compiled/enabled by default) to allow
>> applications to specify a non-local IP address when bind()'ing a socket
>> to a local endpoint.
>> This allows applications to spoof the client IP address of connections
>> if (obviously!) they somehow are able to receive the traffic normally
>> destined to said clients.
>> This patch doesn't include any changes to ipfw or the bridging code to
>> redirect the client traffic through the PCB checks so TCP gets a shot
>> at it. The normal behaviour is that packets with a non-local destination
>> IP address are not handled locally. This can be dealth with some IPFW
>> hackery;
>> modifications to IPFW to make this less hacky will occur in subsequent
>> commmits.
>> Thanks to Julian Elischer and others at Ironport. This work was
>> approved
>> and donated before Cisco acquired them.
>> Obtained from: Julian Elischer and others
>> MFC after: 2 weeks
>>
>
> Wouldn't it be better to implement existing interfaces for that?
> OpenBSD has a SO_BINDANY socket option and it seems it's also in BSD/OS:
> http://marc.info/?l=openbsd-cvs&w=2&r=1&s=bindany&q=b
>
>
More information about the svn-src-all
mailing list