From owner-freebsd-net@freebsd.org  Mon Nov 25 20:02:29 2019
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 922A41B86B2
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Mon, 25 Nov 2019 20:02:29 +0000 (UTC) (envelope-from
 0100016ea42871c1-492a3b9f-be05-4e4b-8ab4-8710ea36cdc2-000000@amazonses.com)
Received: from a8-176.smtp-out.amazonses.com (a8-176.smtp-out.amazonses.com
 [54.240.8.176])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 47MHxv57q5z3NcC
 for <freebsd-net@freebsd.org>; Mon, 25 Nov 2019 20:02:26 +0000 (UTC)
 (envelope-from
 0100016ea42871c1-492a3b9f-be05-4e4b-8ab4-8710ea36cdc2-000000@amazonses.com)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
 s=vnqrkfnvu6csdl6mwgk5t6ix3nnepx57; d=tarsnap.com; t=1574712144;
 h=To:From:Subject:Message-ID:Date:MIME-Version:Content-Type:Content-Transfer-Encoding;
 bh=93F54LlykxUdN3XropVOl8FrxM1PuAo0gnn7Ou26TgY=;
 b=AayeFAEz4FUZFZLjVqb3hXQMgLi5UQ5sFpZjw1P077VrX6oNhCQ0ihE9TdcEsBNs
 F5wQux1dvwPf2qm4/E5LL9rb1lgiOFR/ohlCsZZSJBK6H/WKrWFCZ90uPR9LWXsEJEz
 WebooKqwEUHzdqWoPliXClFKHE4v1zTuxyBzBONQ=
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
 s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1574712144;
 h=To:From:Subject:Message-ID:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:Feedback-ID;
 bh=93F54LlykxUdN3XropVOl8FrxM1PuAo0gnn7Ou26TgY=;
 b=FZ6EHoKffEcO9FZM/lKi3U02nXiBX2YumQ+2dBOjoHhRE8H0sGOJimYHPjrMpi/b
 wof95ABCo0rvPhleof/6PDGfiSCmlGZ7i2o78tzdehdmpSX3Gzyl4PQXikGnCIj/Zud
 UJfd9OQOU2nAd7UIG2XQcNlRkYFSNzek72bS5MV8=
To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
From: Colin Percival <cperciva@tarsnap.com>
Subject: SOCK_RAW && SO_DONTROUTE doesn't work
Autocrypt: addr=cperciva@tarsnap.com; prefer-encrypt=mutual; keydata=
 mQGhBElrAAcRBACDfDys4ZtK+ErCJ1HAzYeteKpm3OEsvT/49AjUTLihkF79HhIKrCQU+1KC
 zv7BwHCMLb6hq30As9L7iFKG7n5QFLFC4Te/VcITUnWHMG/c3ViLOfJGvi+9/nOEHaM1dVJY
 D6tEp5yM1nHmVQpo9932j4KGuGFR0LhOK5IHXOSfGwCgxSFDPdgxe2OEjWxjGgY+oV3EafcD
 +JROXCTjlcQiG/OguQH4Vks3mhHfFnEppLxTkDuYgHZQiUtpcT9ssH5khgqoTyMar05OUdAj
 ZIhNbWDh4LgTj+7ZmvLhXT5Zxw8LX9d7T36aTB8XDQSenDqEtinMWOb0TCBBLbsB8EFG1WTT
 ESbZci9jJS5yhtktuZoY/eM8uXMD/3k4FWFO80VRRkELSp+XSy/VlSQjyi/rhl2nQq/oOA9F
 oJbDaB0yq9VNhxP+uFBzBWSqeIX0t1ZWLtNfVFr4TRP5hihI5ICrg/0OpqgisKsU2NFe9xyO
 hyJLYmfD8ebpDJ/9k30C7Iju9pVrwLm1QgS4S2fqJRcR+U4WbjvP7CgStCVDb2xpbiBQZXJj
 aXZhbCA8Y3BlcmNpdmFAdGFyc25hcC5jb20+iGEEExECACEFAklrALYCGwMHCwkIBwMCAQQV
 AggDBBYCAwECHgECF4AACgkQOM7KaQxqam6/igCgn+z2k3V5ggNppmWrZstt1U2lugsAoL7L
 wS9V9yLtil3oWmHtwpUqYruEuQINBElrAAcQCAD3ZLMIsP4CIDoJORg+YY0lqLVBgcnF7pFb
 4Uy2+KvdWofN+DKH61rZLjgXXkNE9M4EQC1B4lGttBP8IY2gs41y3AUogGdyFbidq99rCBz7
 LTsgARHwFxZoaHmXyiZLEU1QZuMqwPZV1mCviRhN5E3rRqYNXVcrnXAAuhBpvNyj/ntHvcDN
 2/m+ochiuBYueU4kX3lHya7sOj+mTsndcWmQ9soOUyr8O0r/BG088bMn4qqtUw4dl5/pglXk
 jbl7uOOPinKf0WVd2r6M0wLPJCD4NPHrCWRLLLAjwfjrtoSRvXxDbXhCdgGBa72+K8eYLzVs
 hgq7tJOoBWzjVK6XRxR7AAMGB/9Mo3iJ2DxqDecd02KCB5BsFDICbJGhPltU7FwrtbC7djSb
 XUrwsEVLHi4st4cbdGNCWCrp0BRezXZKohKnNAPFOTK++ZfgeKxrV2sJod+Q9RILF86tQ4XF
 7A7Yme5hy92t/WgiU4vc/fWbgP8gV/19f8nunaT2E9NSa70mZFjZNu4iuwThoUUO5CV3Wo0Y
 UISsnRK8XD1+LR3A2qVyLiFRwh/miC1hgLFCTGCQ3GLxZeZzIpYSlGdQJ0L5lixW5ZQD9r1I
 8i/8zhE6qRFAM0upUMI3Gt1Oq2w03DiXrZU0Fu/R8Rm8rlnkQKA+95mRTUq1xL5P5NZIi4gJ
 Z569OPMFiEkEGBECAAkFAklrAAcCGwwACgkQOM7KaQxqam41igCfbaldnFTu5uAdrnrghESv
 EI3CAo8AoLkNMks1pThl2BJNRm4CtTK9xZeH
Message-ID: <0100016ea42871c1-492a3b9f-be05-4e4b-8ab4-8710ea36cdc2-000000@email.amazonses.com>
Date: Mon, 25 Nov 2019 20:02:24 +0000
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101
 Thunderbird/68.2.2
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-SES-Outgoing: 2019.11.25-54.240.8.176
Feedback-ID: 1.us-east-1.Lv9FVjaNvvR5llaqfLoOVbo2VxOELl7cjN0AOyXnPlk=:AmazonSES
X-Rspamd-Queue-Id: 47MHxv57q5z3NcC
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=tarsnap.com header.s=vnqrkfnvu6csdl6mwgk5t6ix3nnepx57
 header.b=AayeFAEz; 
 dkim=pass header.d=amazonses.com header.s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw
 header.b=FZ6EHoKf; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of
 0100016ea42871c1-492a3b9f-be05-4e4b-8ab4-8710ea36cdc2-000000@amazonses.com
 designates 54.240.8.176 as permitted sender)
 smtp.mailfrom=0100016ea42871c1-492a3b9f-be05-4e4b-8ab4-8710ea36cdc2-000000@amazonses.com
X-Spamd-Result: default: False [-1.74 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[tarsnap.com:s=vnqrkfnvu6csdl6mwgk5t6ix3nnepx57,amazonses.com:s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw];
 FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:54.240.0.0/18];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain];
 DMARC_NA(0.00)[tarsnap.com]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 RCPT_COUNT_ONE(0.00)[1];
 DKIM_TRACE(0.00)[tarsnap.com:+,amazonses.com:+];
 RCVD_IN_DNSWL_NONE(0.00)[176.8.240.54.list.dnswl.org : 127.0.15.0];
 TO_DN_EQ_ADDR_ALL(0.00)[];
 FORGED_SENDER(0.30)[cperciva@tarsnap.com,0100016ea42871c1-492a3b9f-be05-4e4b-8ab4-8710ea36cdc2-000000@amazonses.com];
 RCVD_COUNT_ZERO(0.00)[0]; MIME_TRACE(0.00)[0:+];
 IP_SCORE(-2.04)[ip: (-2.42), ipnet: 54.240.8.0/21(-4.61), asn: 14618(-3.13),
 country: US(-0.05)]; 
 ASN(0.00)[asn:14618, ipnet:54.240.8.0/21, country:US];
 FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN(2.50)[];
 FROM_NEQ_ENVFROM(0.00)[cperciva@tarsnap.com,
 0100016ea42871c1-492a3b9f-be05-4e4b-8ab4-8710ea36cdc2-000000@amazonses.com]
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Nov 2019 20:02:29 -0000

Hi networky people,

I'm not sure if this was deliberate or if it's a bug.

If you create a raw IP socket, turn on IP_HDRINCL and SO_DONTROUTE, and
then use sendto(2) to send a packet, the destination address provided to
sendto(2) is ignored; instead, the destination is taken from the packet's
ip_dst field.

It looks like this happens because rip_output calls ip_output with a NULL
value for ro, prompting ip_output to look up the destination from the IP
packet, rather than the destination passed to sendto (which never made its
way out of rip_output).

I tripped over this because I was trying to have a userland process which
routes (some) packets differently from how the routing tables specify; but
my "no really, go out THAT interface" wasn't being respected. :-(

(Full background: I want to make a transparent proxy which intercepts
outgoing connections to 169.254.169.254, allowing some of them through and
redirecting others for special handling.  I created a tun which outgoing
packets get routed into; but I ran into problems when I wanted to forward
some of the packets out of the external interface since they ignored my
attempts to route them and came straight back into the tun instead.)

-- 
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid