From owner-svn-src-all@FreeBSD.ORG Fri Jan 9 22:11:25 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 070031065838; Fri, 9 Jan 2009 22:11:25 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.26]) by mx1.freebsd.org (Postfix) with ESMTP id 0CF758FC0C; Fri, 9 Jan 2009 22:11:10 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: by qw-out-2122.google.com with SMTP id 9so5660550qwb.7 for ; Fri, 09 Jan 2009 14:11:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references :x-google-sender-auth; bh=TJ7x4uFTpR9AehwXscAezm1/I5SqS4MBPENbvFQZABI=; b=PLp4tofNuvBtR3sgXTll/GtKNmkKf282LkzCdq+DQjJEnFnstanL99e3Nh8I0+sSmy P2GAeSiEVfmMwSMO8+3mjfNiFrs0VJEQrngS870TYKISIurQdKo8qGr9XYNB7/VNSdPL MR3kthEx1qRkt0JRTGwvV12ZVSzfGwHAMegvY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references:x-google-sender-auth; b=FN6RX58XatVCCQ6guY4oSVNdAGzAg7eOnP0H0NfgT+RvDTmDGsCwB++sPsF5/Xkfj9 n2ly4iST9hiV8X9BeFq20v5Ulu9xUWUIW6CGBPf5GOyymAbWPMQcNVja/gaE04R7J6Z6 6CdHmt7Ldfb6jCB7BSHzY7XmX34veCdoI6G0I= Received: by 10.215.40.10 with SMTP id s10mr235907qaj.39.1231539070306; Fri, 09 Jan 2009 14:11:10 -0800 (PST) Received: by 10.214.81.13 with HTTP; Fri, 9 Jan 2009 14:11:10 -0800 (PST) Message-ID: Date: Fri, 9 Jan 2009 17:11:10 -0500 From: "Adrian Chadd" Sender: adrian.chadd@gmail.com To: "Attila Nagy" In-Reply-To: <4967C539.2060803@fsn.hu> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200901091602.n09G2Jj1061164@svn.freebsd.org> <4967A500.30205@fsn.hu> <4967B6D9.90001@elischer.org> <4967C539.2060803@fsn.hu> X-Google-Sender-Auth: 1c24ce4daaba03db Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Julian Elischer Subject: Re: svn commit: r186955 - in head/sys: conf netinet X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jan 2009 22:11:28 -0000 Well, they can be used mostly interchangably - they socket option is just implemented at a different layer. Porting should be a case of a simple #ifdef. :) I wonder what pf changes are needed.. Adrian 2009/1/9 Attila Nagy : > Julian Elischer wrote: >> >> Attila Nagy wrote: >>> >>> Hello, >>> >>> Adrian Chadd wrote: >>>> >>>> Author: adrian >>>> Date: Fri Jan 9 16:02:19 2009 >>>> New Revision: 186955 >>>> URL: http://svn.freebsd.org/changeset/base/186955 >>>> >>>> Log: >>>> Implement a new IP option (not compiled/enabled by default) to allow >>>> applications to specify a non-local IP address when bind()'ing a socket >>>> to a local endpoint. >>>> This allows applications to spoof the client IP address of >>>> connections >>>> if (obviously!) they somehow are able to receive the traffic normally >>>> destined to said clients. >>>> This patch doesn't include any changes to ipfw or the bridging code >>>> to >>>> redirect the client traffic through the PCB checks so TCP gets a shot >>>> at it. The normal behaviour is that packets with a non-local >>>> destination >>>> IP address are not handled locally. This can be dealth with some IPFW >>>> hackery; >>>> modifications to IPFW to make this less hacky will occur in subsequent >>>> commmits. >>>> Thanks to Julian Elischer and others at Ironport. This work was >>>> approved >>>> and donated before Cisco acquired them. >>>> Obtained from: Julian Elischer and others >>>> MFC after: 2 weeks >>>> >>> >>> Wouldn't it be better to implement existing interfaces for that? >>> OpenBSD has a SO_BINDANY socket option and it seems it's also in BSD/OS: >>> http://marc.info/?l=openbsd-cvs&w=2&r=1&s=bindany&q=b >> >> good point > > BTW, it also makes easier to port OpenBSD's relayd (and of course other > applications relying on this). pf has some related changes there too, which > helps programs to use this feature. >