From owner-svn-src-all@FreeBSD.ORG Fri Jan 9 19:42:56 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 30CE8106566C; Fri, 9 Jan 2009 19:42:56 +0000 (UTC) (envelope-from bra@fsn.hu) Received: from people.fsn.hu (people.fsn.hu [195.228.252.137]) by mx1.freebsd.org (Postfix) with ESMTP id B81108FC0A; Fri, 9 Jan 2009 19:42:54 +0000 (UTC) (envelope-from bra@fsn.hu) Received: from [172.16.129.134] (fw.axelero.hu [195.228.243.120]) by people.fsn.hu (Postfix) with ESMTP id 8D82FA79D6; Fri, 9 Jan 2009 20:26:57 +0100 (CET) Message-ID: <4967A500.30205@fsn.hu> Date: Fri, 09 Jan 2009 20:26:56 +0100 From: Attila Nagy User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: Adrian Chadd References: <200901091602.n09G2Jj1061164@svn.freebsd.org> In-Reply-To: <200901091602.n09G2Jj1061164@svn.freebsd.org> X-Stationery: 0.4.8.12 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1 (people.fsn.hu [0.0.0.0]); Fri, 09 Jan 2009 20:26:57 +0100 (CET) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r186955 - in head/sys: conf netinet X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jan 2009 19:42:56 -0000 Hello, Adrian Chadd wrote: > Author: adrian > Date: Fri Jan 9 16:02:19 2009 > New Revision: 186955 > URL: http://svn.freebsd.org/changeset/base/186955 > > Log: > Implement a new IP option (not compiled/enabled by default) to allow > applications to specify a non-local IP address when bind()'ing a socket > to a local endpoint. > > This allows applications to spoof the client IP address of connections > if (obviously!) they somehow are able to receive the traffic normally > destined to said clients. > > This patch doesn't include any changes to ipfw or the bridging code to > redirect the client traffic through the PCB checks so TCP gets a shot > at it. The normal behaviour is that packets with a non-local destination > IP address are not handled locally. This can be dealth with some IPFW hackery; > modifications to IPFW to make this less hacky will occur in subsequent > commmits. > > Thanks to Julian Elischer and others at Ironport. This work was approved > and donated before Cisco acquired them. > > Obtained from: Julian Elischer and others > MFC after: 2 weeks > Wouldn't it be better to implement existing interfaces for that? OpenBSD has a SO_BINDANY socket option and it seems it's also in BSD/OS: http://marc.info/?l=openbsd-cvs&w=2&r=1&s=bindany&q=b