From owner-svn-src-head@FreeBSD.ORG Sat Jan 10 04:35:07 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A0C4E1065679; Sat, 10 Jan 2009 04:35:07 +0000 (UTC) (envelope-from prvs=julian=254810458@elischer.org) Received: from smtp-outbound.ironport.com (smtp-outbound.ironport.com [63.251.108.112]) by mx1.freebsd.org (Postfix) with ESMTP id 822638FC08; Sat, 10 Jan 2009 04:35:07 +0000 (UTC) (envelope-from prvs=julian=254810458@elischer.org) Received: from unknown (HELO julian-mac.elischer.org) ([10.251.60.87]) by smtp-outbound.ironport.com with ESMTP; 09 Jan 2009 20:06:33 -0800 Message-ID: <49681EC8.2040408@elischer.org> Date: Fri, 09 Jan 2009 20:06:32 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.19 (Macintosh/20081209) MIME-Version: 1.0 To: Adrian Chadd References: <200901091602.n09G2Jj1061164@svn.freebsd.org> <4967A500.30205@fsn.hu> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: svn-src-head@freebsd.org, Attila Nagy , svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r186955 - in head/sys: conf netinet X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Jan 2009 04:35:08 -0000 Adrian Chadd wrote: > I wasn't even aware of the existance of this interface. I'll check it out. > > Thing is, this is a socket layer option, rather than what I've > committed which is a netinet layer option. > > Anyway, I'll check it out. I'm happy to fiddle with things if others' > would like it. > remember that the behaviour needs to last longer than the socket does.. once the socket is removed you should still be sending RSTs or whatever until the fin-wait2 (and other) states have wrapped up. so that is why I keep the info in teh inp. > > > Adrian > > 2009/1/9 Attila Nagy : >> Hello, >> >> Adrian Chadd wrote: >>> Author: adrian >>> Date: Fri Jan 9 16:02:19 2009 >>> New Revision: 186955 >>> URL: http://svn.freebsd.org/changeset/base/186955 >>> >>> Log: >>> Implement a new IP option (not compiled/enabled by default) to allow >>> applications to specify a non-local IP address when bind()'ing a socket >>> to a local endpoint. >>> This allows applications to spoof the client IP address of connections >>> if (obviously!) they somehow are able to receive the traffic normally >>> destined to said clients. >>> This patch doesn't include any changes to ipfw or the bridging code to >>> redirect the client traffic through the PCB checks so TCP gets a shot >>> at it. The normal behaviour is that packets with a non-local destination >>> IP address are not handled locally. This can be dealth with some IPFW >>> hackery; >>> modifications to IPFW to make this less hacky will occur in subsequent >>> commmits. >>> Thanks to Julian Elischer and others at Ironport. This work was >>> approved >>> and donated before Cisco acquired them. >>> Obtained from: Julian Elischer and others >>> MFC after: 2 weeks >>> >> Wouldn't it be better to implement existing interfaces for that? >> OpenBSD has a SO_BINDANY socket option and it seems it's also in BSD/OS: >> http://marc.info/?l=openbsd-cvs&w=2&r=1&s=bindany&q=b >> >>