From owner-freebsd-hackers@FreeBSD.ORG  Fri Jan  7 17:24:23 2011
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 650FE106564A
	for <freebsd-hackers@freebsd.org>; Fri,  7 Jan 2011 17:24:23 +0000 (UTC)
	(envelope-from julian@freebsd.org)
Received: from out-0.mx.aerioconnect.net (out-0-30.mx.aerioconnect.net
	[216.240.47.90])
	by mx1.freebsd.org (Postfix) with ESMTP id 3536E8FC08
	for <freebsd-hackers@freebsd.org>; Fri,  7 Jan 2011 17:24:22 +0000 (UTC)
Received: from idiom.com (postfix@mx0.idiom.com [216.240.32.160])
	by out-0.mx.aerioconnect.net (8.13.8/8.13.8) with ESMTP id
	p07HOLT5020402; Fri, 7 Jan 2011 09:24:21 -0800
X-Client-Authorized: MaGic Cook1e
X-Client-Authorized: MaGic Cook1e
Received: from julian-mac.elischer.org
	(h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137])
	by idiom.com (Postfix) with ESMTP id 0CEAD2D6012;
	Fri,  7 Jan 2011 09:24:20 -0800 (PST)
Message-ID: <4D274C5E.500@freebsd.org>
Date: Fri, 07 Jan 2011 09:24:46 -0800
From: Julian Elischer <julian@freebsd.org>
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US;
	rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: joris dedieu <joris.dedieu@gmail.com>
References: <AANLkTimJBkTdgs4P=XjHyTCinfCOn0Ku8bEVcR-q=Dzc@mail.gmail.com>
In-Reply-To: <AANLkTimJBkTdgs4P=XjHyTCinfCOn0Ku8bEVcR-q=Dzc@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.67 on 216.240.47.51
Cc: freebsd-hackers <freebsd-hackers@freebsd.org>
Subject: Re: binding non local ip.
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jan 2011 17:24:23 -0000

On 1/7/11 4:57 AM, joris dedieu wrote:
> Hi,
> I need a to bind non local ips  daemons that don't
> implement IP_BINDANY sockopt.

I'm not sure you need it
you can use the ipfw 'fwd' command to make a locally bound
socket act and look as if it is bound to a non local address

You need to tell us a little more about what you need to do

for example,
Is the socket just listenning? or is it initiating?

> There are several solutions as patching every single daemon
> or using carp (You may not want automatic failover), jailing
> the process and of course binding INADDR_ANY when possible ...
>
> As I'm too lazy for this, I wrote a little (maybe ugly as my
> kernel knowledges are really low) patch that add a sysctl
> entry in net.inet.ip that allow binding non local ips. It's
> maybe buggy and insecure but it seems to work.
seems ok, but if the daemon is initiating, how does it know to bind to 
a non local address?
also. if you have source, a single setsockopt() in each one is not 
much of a job..


> What do you think about it ?
>
> Thanks
> Joris
>
> --- a/sys/netinet/in_pcb.c
> +++ b/sys/netinet/in_pcb.c
> @@ -321,6 +321,9 @@ in_pcbbind(struct inpcb *inp, struct sockaddr
> *nam, struct ucred *cred)
>    *
>    * On error, the values of *laddrp and *lportp are not changed.
>    */
> +static int     bindany = 0; /* 1 allows to bind a non local ip */
> +SYSCTL_INT(_net_inet_ip, OID_AUTO, bindany, CTLFLAG_RW,&bindany, 0,
> +    "Allow to bind a non local ip");
>   int
>   in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp,
>       u_short *lportp, struct ucred *cred)
> @@ -393,8 +396,12 @@ in_pcbbind_setup(struct inpcb *inp, struct
> sockaddr *nam, in_addr_t *laddrp,
>                           * to any endpoint address, local or not.
>                           */
>                          if ((inp->inp_flags&  INP_BINDANY) == 0&&
> -                           ifa_ifwithaddr_check((struct sockaddr *)sin) == 0)
> -                               return (EADDRNOTAVAIL);
> +                           ifa_ifwithaddr_check((struct sockaddr *)sin) == 0) {
> +                               if(bindany>  0)
> +                                       inp->inp_flags |= INP_BINDANY;
> +                               else
> +                                       return (EADDRNOTAVAIL);
> +                       }
>                  }
>                  laddr = sin->sin_addr;
>                  if (lport) {
> _______________________________________________
> freebsd-hackers@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
>