Date: Mon, 25 Nov 2019 20:02:24 +0000 From: Colin Percival <cperciva@tarsnap.com> To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: SOCK_RAW && SO_DONTROUTE doesn't work Message-ID: <0100016ea42871c1-492a3b9f-be05-4e4b-8ab4-8710ea36cdc2-000000@email.amazonses.com>
next in thread | raw e-mail | index | archive | help
Hi networky people, I'm not sure if this was deliberate or if it's a bug. If you create a raw IP socket, turn on IP_HDRINCL and SO_DONTROUTE, and then use sendto(2) to send a packet, the destination address provided to sendto(2) is ignored; instead, the destination is taken from the packet's ip_dst field. It looks like this happens because rip_output calls ip_output with a NULL value for ro, prompting ip_output to look up the destination from the IP packet, rather than the destination passed to sendto (which never made its way out of rip_output). I tripped over this because I was trying to have a userland process which routes (some) packets differently from how the routing tables specify; but my "no really, go out THAT interface" wasn't being respected. :-( (Full background: I want to make a transparent proxy which intercepts outgoing connections to 169.254.169.254, allowing some of them through and redirecting others for special handling. I created a tun which outgoing packets get routed into; but I ran into problems when I wanted to forward some of the packets out of the external interface since they ignored my attempts to route them and came straight back into the tun instead.) -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0100016ea42871c1-492a3b9f-be05-4e4b-8ab4-8710ea36cdc2-000000>