From owner-freebsd-arch@FreeBSD.ORG Tue May 26 14:18:54 2009 Return-Path: Delivered-To: freebsd-arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5B6651065678; Tue, 26 May 2009 14:18:54 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (chello087206045082.chello.pl [87.206.45.82]) by mx1.freebsd.org (Postfix) with ESMTP id 8A81E8FC33; Tue, 26 May 2009 14:18:52 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 8759C45CA6; Tue, 26 May 2009 15:55:49 +0200 (CEST) Received: from localhost (pjd.wheel.pl [10.0.1.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 32EB6456B1; Tue, 26 May 2009 15:55:44 +0200 (CEST) Date: Tue, 26 May 2009 15:55:47 +0200 From: Pawel Jakub Dawidek To: freebsd-arch@FreeBSD.org Message-ID: <20090526135547.GE1491@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="0QFb0wBpEddLcDHQ" Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 8.0-CURRENT i386 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-5.9 required=3.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.0.4 Cc: adrian@FreeBSD.org, trasz@FreeBSD.org, julian@elischer.org Subject: IP_NONLOCALOK improvements. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 May 2009 14:18:54 -0000 --0QFb0wBpEddLcDHQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Now that we have IP_NONLOCALOK IP socket option (which is something I need a lot for my company's stuff) I started to hack on it a bit. OpenBSD has SO_BINDANY SOL_SOCKET option for some time now. So first of all I wanted to do the same for FreeBSD. Unfortunately we ran out of space in so_options - it is u_short and all possible values are already taken. As a side note there is SO_NO_DDP option that is used only in cxgb driver and nowhere else. This seems like a waste of very important bit (sonner or later someone will need yet another socket option). All in all I went with rename to make at least similar to OpenBSD's option. I left it as IPPROTO_IP option: IP_BINDANY. I also implemented support for IPv6 and raw IP sockets (based on OpenBSD sources) (IPV6_BINDANY). I added new privilege - PRIV_NETINET_BINDANY, because we do have to check for privilege before allowing to use it. I removed kernel option to enable it, I see to reason not to have it in GENERIC. I also removed sysctl to enable it - we have privilege for limiting its use. The patch is here: http://people.freebsd.org/~pjd/patches/bindany.patch I tested it for AF_INET TCP, UDP and RAW (ICMP) sockets, but I'm not setup to test it for IPv6. If someone could test it for IPv6, it'd be great. SCTP also has to be tested. All you need to do after creating a socket is: int opt =3D 1; /* For IPv4. */ setsockopt(sock, IPPROTO_IP, IP_BINDANY, &opt, sizeof(opt)); /* For IPv6. */ setsockopt(sock, IPPROTO_IPV6, IPV6_BINDANY, &opt, sizeof(opt)); Then you should be able to call bind(2) with any address you want (doesn't have to be bound to any of your interfaces anymore). Once you do that you might want to send a packet to test it and observe incoming packets on connected machine. For UDP/TCP testing I've a small program, which I can provide. For RAW IP socket, I slighty modified ping (just added the above setsockopt() call), so I was able to use -S option with any address. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --0QFb0wBpEddLcDHQ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFKG/TiForvXbEpPzQRAuqJAKCKLolVWC/KdykoqO9z5Im7NzDlSgCgmaWK W/tZK8ldH1NdHmkgBQTxXDU= =pdhY -----END PGP SIGNATURE----- --0QFb0wBpEddLcDHQ--