Date: Fri, 9 Jan 2009 16:02:19 +0000 (UTC) From: Adrian Chadd <adrian@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/conf NOTES options src/sys/netinet in.h in_pcb.c in_pcb.h ip_output.c Message-ID: <200901091602.n09G2wP0053992@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
adrian 2009-01-09 16:02:19 UTC FreeBSD src repository Modified files: sys/conf NOTES options sys/netinet in.h in_pcb.c in_pcb.h ip_output.c Log: SVN rev 186955 on 2009-01-09 16:02:19Z by adrian Implement a new IP option (not compiled/enabled by default) to allow applications to specify a non-local IP address when bind()'ing a socket to a local endpoint. This allows applications to spoof the client IP address of connections if (obviously!) they somehow are able to receive the traffic normally destined to said clients. This patch doesn't include any changes to ipfw or the bridging code to redirect the client traffic through the PCB checks so TCP gets a shot at it. The normal behaviour is that packets with a non-local destination IP address are not handled locally. This can be dealth with some IPFW hackery; modifications to IPFW to make this less hacky will occur in subsequent commmits. Thanks to Julian Elischer and others at Ironport. This work was approved and donated before Cisco acquired them. Obtained from: Julian Elischer and others MFC after: 2 weeks Revision Changes Path 1.1520 +8 -0 src/sys/conf/NOTES 1.655 +1 -0 src/sys/conf/options 1.105 +1 -0 src/sys/netinet/in.h 1.237 +6 -1 src/sys/netinet/in_pcb.c 1.125 +2 -0 src/sys/netinet/in_pcb.h 1.295 +19 -0 src/sys/netinet/ip_output.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901091602.n09G2wP0053992>