svn commit: r186955 - in head/sys: conf netinet
julian at elischer.org
Fri Jan 9 20:35:08 PST 2009
Adrian Chadd wrote:
> I wasn't even aware of the existance of this interface. I'll check it out.
> Thing is, this is a socket layer option, rather than what I've
> committed which is a netinet layer option.
> Anyway, I'll check it out. I'm happy to fiddle with things if others'
> would like it.
remember that the behaviour needs to last longer than the socket
does.. once the socket is removed you should still be sending RSTs or
whatever until the fin-wait2 (and other) states have wrapped up.
so that is why I keep the info in teh inp.
> 2009/1/9 Attila Nagy <bra at fsn.hu>:
>> Adrian Chadd wrote:
>>> Author: adrian
>>> Date: Fri Jan 9 16:02:19 2009
>>> New Revision: 186955
>>> URL: http://svn.freebsd.org/changeset/base/186955
>>> Implement a new IP option (not compiled/enabled by default) to allow
>>> applications to specify a non-local IP address when bind()'ing a socket
>>> to a local endpoint.
>>> This allows applications to spoof the client IP address of connections
>>> if (obviously!) they somehow are able to receive the traffic normally
>>> destined to said clients.
>>> This patch doesn't include any changes to ipfw or the bridging code to
>>> redirect the client traffic through the PCB checks so TCP gets a shot
>>> at it. The normal behaviour is that packets with a non-local destination
>>> IP address are not handled locally. This can be dealth with some IPFW
>>> modifications to IPFW to make this less hacky will occur in subsequent
>>> Thanks to Julian Elischer and others at Ironport. This work was
>>> and donated before Cisco acquired them.
>>> Obtained from: Julian Elischer and others
>>> MFC after: 2 weeks
>> Wouldn't it be better to implement existing interfaces for that?
>> OpenBSD has a SO_BINDANY socket option and it seems it's also in BSD/OS:
More information about the svn-src-head