From owner-freebsd-hackers@FreeBSD.ORG  Fri Jan  7 12:57:23 2011
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3CC05106564A
	for <freebsd-hackers@freebsd.org>; Fri,  7 Jan 2011 12:57:23 +0000 (UTC)
	(envelope-from joris.dedieu@gmail.com)
Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com
	[209.85.161.54])
	by mx1.freebsd.org (Postfix) with ESMTP id C8EB28FC08
	for <freebsd-hackers@freebsd.org>; Fri,  7 Jan 2011 12:57:22 +0000 (UTC)
Received: by fxm16 with SMTP id 16so16850430fxm.13
	for <freebsd-hackers@freebsd.org>; Fri, 07 Jan 2011 04:57:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:received:date:message-id
	:subject:from:to:content-type;
	bh=jIFj4zYIwpvntCcYPa3thONxi9XN9GkOAr+2p+5hjNo=;
	b=jOttLDSI+IuwTG6ehnRAVQueFbpnxferFMoaUZRViwow/zmUaqQelvD0VbRYKgL6yj
	d6KN3wYE3CcqPjD+2Emo63zcAaiae3DVMckNGhkG4HC8gnSc5/XOqL4TLuBq4B8Gmf9r
	TmvegOx5kDm2onmCaNQitvxlQX7iOKcwkZ+H4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:date:message-id:subject:from:to:content-type;
	b=W1B6D2X6fuGDWnD3bGiyvGdqfdN1JHP5Z56yUHJIbRHyHnuCEQWh+bcYCvDf+fawu9
	8D+VeVST+3DwJr9AnEUWdjW4W+j776gYJ1tsO27wVjL76pDrixgOz1WBWQuqx/2P+lsR
	5nTox6dXrpAfm1r8sglKwn/unggSKAzuL/tw4=
MIME-Version: 1.0
Received: by 10.223.100.5 with SMTP id w5mr9544851fan.20.1294405041622; Fri,
	07 Jan 2011 04:57:21 -0800 (PST)
Received: by 10.223.86.207 with HTTP; Fri, 7 Jan 2011 04:57:21 -0800 (PST)
Date: Fri, 7 Jan 2011 13:57:21 +0100
Message-ID: <AANLkTimJBkTdgs4P=XjHyTCinfCOn0Ku8bEVcR-q=Dzc@mail.gmail.com>
From: joris dedieu <joris.dedieu@gmail.com>
To: freebsd-hackers <freebsd-hackers@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
Subject: binding non local ip.
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jan 2011 12:57:23 -0000

Hi,
I need a to bind non local ips  daemons that don't
implement IP_BINDANY sockopt.

There are several solutions as patching every single daemon
or using carp (You may not want automatic failover), jailing
the process and of course binding INADDR_ANY when possible ...

Has I'm too lazy for this, I wrote a little (maybe ugly as my
kernel knowledges are really low) patch that add a sysctl
entry in net.inet.ip that allow binding non local ips. It's
maybe buggy and insecure but it seems to work.

What do you think about it ?

Thanks
Joris

--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -321,6 +321,9 @@ in_pcbbind(struct inpcb *inp, struct sockaddr
*nam, struct ucred *cred)
  *
  * On error, the values of *laddrp and *lportp are not changed.
  */
+static int     bindany = 0; /* 1 allows to bind a non local ip */
+SYSCTL_INT(_net_inet_ip, OID_AUTO, bindany, CTLFLAG_RW, &bindany, 0,
+    "Allow to bind a non local ip");
 int
 in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp,
     u_short *lportp, struct ucred *cred)
@@ -393,8 +396,12 @@ in_pcbbind_setup(struct inpcb *inp, struct
sockaddr *nam, in_addr_t *laddrp,
                         * to any endpoint address, local or not.
                         */
                        if ((inp->inp_flags & INP_BINDANY) == 0 &&
-                           ifa_ifwithaddr_check((struct sockaddr *)sin) == 0)
-                               return (EADDRNOTAVAIL);
+                           ifa_ifwithaddr_check((struct sockaddr *)sin) == 0) {
+                               if(bindany > 0)
+                                       inp->inp_flags |= INP_BINDANY;
+                               else
+                                       return (EADDRNOTAVAIL);
+                       }
                }
                laddr = sin->sin_addr;
                if (lport) {