Date: Fri, 9 Jan 2009 17:11:10 -0500 From: "Adrian Chadd" <adrian@freebsd.org> To: "Attila Nagy" <bra@fsn.hu> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Julian Elischer <julian@elischer.org> Subject: Re: svn commit: r186955 - in head/sys: conf netinet Message-ID: <d763ac660901091411x40eb8084v134f0ab2189afddb@mail.gmail.com> In-Reply-To: <4967C539.2060803@fsn.hu> References: <200901091602.n09G2Jj1061164@svn.freebsd.org> <4967A500.30205@fsn.hu> <4967B6D9.90001@elischer.org> <4967C539.2060803@fsn.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
Well, they can be used mostly interchangably - they socket option is just implemented at a different layer. Porting should be a case of a simple #ifdef. :) I wonder what pf changes are needed.. Adrian 2009/1/9 Attila Nagy <bra@fsn.hu>: > Julian Elischer wrote: >> >> Attila Nagy wrote: >>> >>> Hello, >>> >>> Adrian Chadd wrote: >>>> >>>> Author: adrian >>>> Date: Fri Jan 9 16:02:19 2009 >>>> New Revision: 186955 >>>> URL: http://svn.freebsd.org/changeset/base/186955 >>>> >>>> Log: >>>> Implement a new IP option (not compiled/enabled by default) to allow >>>> applications to specify a non-local IP address when bind()'ing a socket >>>> to a local endpoint. >>>> This allows applications to spoof the client IP address of >>>> connections >>>> if (obviously!) they somehow are able to receive the traffic normally >>>> destined to said clients. >>>> This patch doesn't include any changes to ipfw or the bridging code >>>> to >>>> redirect the client traffic through the PCB checks so TCP gets a shot >>>> at it. The normal behaviour is that packets with a non-local >>>> destination >>>> IP address are not handled locally. This can be dealth with some IPFW >>>> hackery; >>>> modifications to IPFW to make this less hacky will occur in subsequent >>>> commmits. >>>> Thanks to Julian Elischer and others at Ironport. This work was >>>> approved >>>> and donated before Cisco acquired them. >>>> Obtained from: Julian Elischer and others >>>> MFC after: 2 weeks >>>> >>> >>> Wouldn't it be better to implement existing interfaces for that? >>> OpenBSD has a SO_BINDANY socket option and it seems it's also in BSD/OS: >>> http://marc.info/?l=openbsd-cvs&w=2&r=1&s=bindany&q=b >> >> good point > > BTW, it also makes easier to port OpenBSD's relayd (and of course other > applications relying on this). pf has some related changes there too, which > helps programs to use this feature. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d763ac660901091411x40eb8084v134f0ab2189afddb>