From owner-freebsd-bugs Fri Jun 26 06:35:49 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA06720 for freebsd-bugs-outgoing; Fri, 26 Jun 1998 06:35:49 -0700 (PDT) (envelope-from owner-freebsd-bugs@FreeBSD.ORG) Received: from brooklyn.slack.net (root@brooklyn.slack.net [206.41.21.102]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA06685; Fri, 26 Jun 1998 06:35:27 -0700 (PDT) (envelope-from andrewr@brooklyn.slack.net) Received: from localhost (andrewr@localhost) by brooklyn.slack.net (8.8.7/8.8.7) with SMTP id JAA05984; Fri, 26 Jun 1998 09:38:34 -0400 (EDT) Date: Fri, 26 Jun 1998 09:38:33 -0400 (EDT) From: andrewr To: Bill Fenner cc: Nate Lawson , nate@elite.net, julian@whistle.com, freebsd-bugs@FreeBSD.ORG, freebsd-net@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: Re: Apparent bug in sendto() with raw sockets In-Reply-To: <98Jun25.155535pdt.177515@crevenia.parc.xerox.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Speaking of IP_HDRINCL, after reading raw_ip.c and noticing the protection against spoofing (can't use IP_HDRINCL in certain situations), I started thinking about actually comparing the user dsupplied ip->ip_src with the actual IP address defined for the outgoing interface. While looking for a quick hack to get the interface ip, I was looking through ip_output.c and saw a neat little algo there. While I have not tested this yet, I will in the next couple of days, I figure it should be a pretty fail safe block against spoofing IF AND ONLY IF the user has not created there own data structure, ie. struct raw_pkt_hdr { struct ip ip; struct udphdr udp; } raw_pkt_hdr; This will be an easy work around for the user to spoof packets. In my opinion, while I don't see how it can be done, I believe there should be a way to test for a user defined data structure containing the IP header, etc.. From my speaking with a few FreeBSD kernel developers/hackers this is not possible, and I fully see why it is not.. but, I am just throwing the idea out into the open for all of you to digest. Andrew ***************************************** AWR XNS, Inc. "Drink beer, it will save your life." On Thu, 25 Jun 1998, Bill Fenner wrote: > In message <199806252220.PAA28609@almond.elite.net> you write: > >I know that 2.0.5R behaved the way that OpenBSD and Linux behave. Were there > >any complaints or problems with it back then? > > It didn't. The code in FreeBSD is almost exactly the same as when > IP_HDRINCL was introduced in 4.3-Reno. The change that caused > more recent versions of FreeBSD to return EINVAL was that it > started checking the validity of the length field and returns > EINVAL if the IP length is longer than the length of the buffer > that was provided. > > I had tossed around the idea of a socket option to switch behaviors, > for both input and output, but decided it would be relatively wasted > effort; if you can conditionally set a socket option you can also > conditionally (fail to) byte-swap the appropriate fields. > > Bill > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-bugs" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message