svn commit: r186955 - in head/sys: conf netinet

Julian Elischer julian at elischer.org
Fri Jan 9 12:43:10 PST 2009


Attila Nagy wrote:
> Hello,
> 
> Adrian Chadd wrote:
>> Author: adrian
>> Date: Fri Jan  9 16:02:19 2009
>> New Revision: 186955
>> URL: http://svn.freebsd.org/changeset/base/186955
>>
>> Log:
>>   Implement a new IP option (not compiled/enabled by default) to allow
>>   applications to specify a non-local IP address when bind()'ing a socket
>>   to a local endpoint.
>>     This allows applications to spoof the client IP address of 
>> connections
>>   if (obviously!) they somehow are able to receive the traffic normally
>>   destined to said clients.
>>     This patch doesn't include any changes to ipfw or the bridging 
>> code to
>>   redirect the client traffic through the PCB checks so TCP gets a shot
>>   at it. The normal behaviour is that packets with a non-local 
>> destination
>>   IP address are not handled locally. This can be dealth with some 
>> IPFW hackery;
>>   modifications to IPFW to make this less hacky will occur in subsequent
>>   commmits.
>>     Thanks to Julian Elischer and others at Ironport. This work was 
>> approved
>>   and donated before Cisco acquired them.
>>     Obtained from:    Julian Elischer and others
>>   MFC after:    2 weeks
>>   
> Wouldn't it be better to implement existing interfaces for that?
> OpenBSD has a SO_BINDANY socket option and it seems it's also in BSD/OS:
> http://marc.info/?l=openbsd-cvs&w=2&r=1&s=bindany&q=b

good point





More information about the svn-src-all mailing list