Date: Tue, 3 Sep 2024 14:55:00 GMT From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 8ae58e0edbfb - stable/14 - netinet: Add a sysctl to allow disabling connections to INADDR_ANY Message-ID: <202409031455.483Et0Dn070577@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=8ae58e0edbfb4c56125fb6d7468ebfea638847b9 commit 8ae58e0edbfb4c56125fb6d7468ebfea638847b9 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2024-08-20 21:31:57 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2024-09-03 14:54:42 +0000 netinet: Add a sysctl to allow disabling connections to INADDR_ANY See the discussion in Bugzilla PR 280705 for context. PR: 280705 MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D46259 (cherry picked from commit 417b35a97b7669eb0bf417b43e97cccbedbce6f9) --- sys/netinet/in_pcb.c | 8 +++++++- sys/netinet6/in6_pcb.c | 12 +++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 0fffd285fb17..897a3ef991d5 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -236,6 +236,12 @@ in_pcbhashseed_init(void) VNET_SYSINIT(in_pcbhashseed_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, in_pcbhashseed_init, 0); +VNET_DEFINE_STATIC(int, connect_inaddr_wild) = 1; +#define V_connect_inaddr_wild VNET(connect_inaddr_wild) +SYSCTL_INT(_net_inet_ip, OID_AUTO, connect_inaddr_wild, + CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(connect_inaddr_wild), 0, + "Allow connecting to INADDR_ANY or INADDR_BROADCAST for connect(2)"); + static void in_pcbremhash(struct inpcb *); /* @@ -1311,7 +1317,7 @@ in_pcbconnect_setup(struct inpcb *inp, struct sockaddr_in *sin, inp->inp_flowtype = hash_type; } #endif - if (!CK_STAILQ_EMPTY(&V_in_ifaddrhead)) { + if (V_connect_inaddr_wild && !CK_STAILQ_EMPTY(&V_in_ifaddrhead)) { /* * If the destination address is INADDR_ANY, * use the primary local address. diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index 90f91eef1daa..8046e0fa530d 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -85,6 +85,7 @@ #include <sys/socket.h> #include <sys/socketvar.h> #include <sys/sockio.h> +#include <sys/sysctl.h> #include <sys/errno.h> #include <sys/time.h> #include <sys/priv.h> @@ -99,6 +100,7 @@ #include <net/if_types.h> #include <net/route.h> #include <net/route/nhop.h> +#include <net/vnet.h> #include <netinet/in.h> #include <netinet/in_var.h> @@ -114,6 +116,14 @@ #include <netinet6/in6_fib.h> #include <netinet6/scope6_var.h> +SYSCTL_DECL(_net_inet6); +SYSCTL_DECL(_net_inet6_ip6); +VNET_DEFINE_STATIC(int, connect_in6addr_wild) = 1; +#define V_connect_in6addr_wild VNET(connect_in6addr_wild) +SYSCTL_INT(_net_inet6_ip6, OID_AUTO, connect_in6addr_wild, + CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(connect_in6addr_wild), 0, + "Allow connecting to the unspecified address for connect(2)"); + int in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred) { @@ -353,7 +363,7 @@ in6_pcbladdr(struct inpcb *inp, struct sockaddr_in6 *sin6, if ((error = sa6_embedscope(sin6, V_ip6_use_defzone)) != 0) return(error); - if (!CK_STAILQ_EMPTY(&V_in6_ifaddrhead)) { + if (V_connect_in6addr_wild && !CK_STAILQ_EMPTY(&V_in6_ifaddrhead)) { /* * If the destination address is UNSPECIFIED addr, * use the loopback addr, e.g ::1.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202409031455.483Et0Dn070577>