Date: Fri, 07 Jan 2011 09:24:46 -0800 From: Julian Elischer <julian@freebsd.org> To: joris dedieu <joris.dedieu@gmail.com> Cc: freebsd-hackers <freebsd-hackers@freebsd.org> Subject: Re: binding non local ip. Message-ID: <4D274C5E.500@freebsd.org> In-Reply-To: <AANLkTimJBkTdgs4P=XjHyTCinfCOn0Ku8bEVcR-q=Dzc@mail.gmail.com> References: <AANLkTimJBkTdgs4P=XjHyTCinfCOn0Ku8bEVcR-q=Dzc@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/7/11 4:57 AM, joris dedieu wrote:
> Hi,
> I need a to bind non local ips daemons that don't
> implement IP_BINDANY sockopt.
I'm not sure you need it
you can use the ipfw 'fwd' command to make a locally bound
socket act and look as if it is bound to a non local address
You need to tell us a little more about what you need to do
for example,
Is the socket just listenning? or is it initiating?
> There are several solutions as patching every single daemon
> or using carp (You may not want automatic failover), jailing
> the process and of course binding INADDR_ANY when possible ...
>
> As I'm too lazy for this, I wrote a little (maybe ugly as my
> kernel knowledges are really low) patch that add a sysctl
> entry in net.inet.ip that allow binding non local ips. It's
> maybe buggy and insecure but it seems to work.
seems ok, but if the daemon is initiating, how does it know to bind to
a non local address?
also. if you have source, a single setsockopt() in each one is not
much of a job..
> What do you think about it ?
>
> Thanks
> Joris
>
> --- a/sys/netinet/in_pcb.c
> +++ b/sys/netinet/in_pcb.c
> @@ -321,6 +321,9 @@ in_pcbbind(struct inpcb *inp, struct sockaddr
> *nam, struct ucred *cred)
> *
> * On error, the values of *laddrp and *lportp are not changed.
> */
> +static int bindany = 0; /* 1 allows to bind a non local ip */
> +SYSCTL_INT(_net_inet_ip, OID_AUTO, bindany, CTLFLAG_RW,&bindany, 0,
> + "Allow to bind a non local ip");
> int
> in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp,
> u_short *lportp, struct ucred *cred)
> @@ -393,8 +396,12 @@ in_pcbbind_setup(struct inpcb *inp, struct
> sockaddr *nam, in_addr_t *laddrp,
> * to any endpoint address, local or not.
> */
> if ((inp->inp_flags& INP_BINDANY) == 0&&
> - ifa_ifwithaddr_check((struct sockaddr *)sin) == 0)
> - return (EADDRNOTAVAIL);
> + ifa_ifwithaddr_check((struct sockaddr *)sin) == 0) {
> + if(bindany> 0)
> + inp->inp_flags |= INP_BINDANY;
> + else
> + return (EADDRNOTAVAIL);
> + }
> }
> laddr = sin->sin_addr;
> if (lport) {
> _______________________________________________
> freebsd-hackers@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D274C5E.500>