svn commit: r186955 - in head/sys: conf netinet
Attila Nagy
bra at fsn.hu
Fri Jan 9 11:42:56 PST 2009
Hello,
Adrian Chadd wrote:
> Author: adrian
> Date: Fri Jan 9 16:02:19 2009
> New Revision: 186955
> URL: http://svn.freebsd.org/changeset/base/186955
>
> Log:
> Implement a new IP option (not compiled/enabled by default) to allow
> applications to specify a non-local IP address when bind()'ing a socket
> to a local endpoint.
>
> This allows applications to spoof the client IP address of connections
> if (obviously!) they somehow are able to receive the traffic normally
> destined to said clients.
>
> This patch doesn't include any changes to ipfw or the bridging code to
> redirect the client traffic through the PCB checks so TCP gets a shot
> at it. The normal behaviour is that packets with a non-local destination
> IP address are not handled locally. This can be dealth with some IPFW hackery;
> modifications to IPFW to make this less hacky will occur in subsequent
> commmits.
>
> Thanks to Julian Elischer and others at Ironport. This work was approved
> and donated before Cisco acquired them.
>
> Obtained from: Julian Elischer and others
> MFC after: 2 weeks
>
Wouldn't it be better to implement existing interfaces for that?
OpenBSD has a SO_BINDANY socket option and it seems it's also in BSD/OS:
http://marc.info/?l=openbsd-cvs&w=2&r=1&s=bindany&q=b
More information about the svn-src-head
mailing list