Date: Fri, 09 Jan 2009 12:43:05 -0800 From: Julian Elischer <julian@elischer.org> To: Attila Nagy <bra@fsn.hu> Cc: svn-src-head@freebsd.org, Adrian Chadd <adrian@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org Subject: Re: svn commit: r186955 - in head/sys: conf netinet Message-ID: <4967B6D9.90001@elischer.org> In-Reply-To: <4967A500.30205@fsn.hu> References: <200901091602.n09G2Jj1061164@svn.freebsd.org> <4967A500.30205@fsn.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
Attila Nagy wrote: > Hello, > > Adrian Chadd wrote: >> Author: adrian >> Date: Fri Jan 9 16:02:19 2009 >> New Revision: 186955 >> URL: http://svn.freebsd.org/changeset/base/186955 >> >> Log: >> Implement a new IP option (not compiled/enabled by default) to allow >> applications to specify a non-local IP address when bind()'ing a socket >> to a local endpoint. >> This allows applications to spoof the client IP address of >> connections >> if (obviously!) they somehow are able to receive the traffic normally >> destined to said clients. >> This patch doesn't include any changes to ipfw or the bridging >> code to >> redirect the client traffic through the PCB checks so TCP gets a shot >> at it. The normal behaviour is that packets with a non-local >> destination >> IP address are not handled locally. This can be dealth with some >> IPFW hackery; >> modifications to IPFW to make this less hacky will occur in subsequent >> commmits. >> Thanks to Julian Elischer and others at Ironport. This work was >> approved >> and donated before Cisco acquired them. >> Obtained from: Julian Elischer and others >> MFC after: 2 weeks >> > Wouldn't it be better to implement existing interfaces for that? > OpenBSD has a SO_BINDANY socket option and it seems it's also in BSD/OS: > http://marc.info/?l=openbsd-cvs&w=2&r=1&s=bindany&q=b good point
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4967B6D9.90001>