Date: Mon, 25 Nov 2019 15:43:55 -0800 From: Julian Elischer <julian@freebsd.org> To: Colin Percival <cperciva@tarsnap.com>, "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: SOCK_RAW && SO_DONTROUTE doesn't work Message-ID: <63cdda3a-8078-7e1a-6a59-614ed6785e88@freebsd.org> In-Reply-To: <0100016ea42871c1-492a3b9f-be05-4e4b-8ab4-8710ea36cdc2-000000@email.amazonses.com>
index | next in thread | previous in thread | raw e-mail
On 11/25/19 12:02 PM, Colin Percival wrote: > Hi networky people, > > I'm not sure if this was deliberate or if it's a bug. > > If you create a raw IP socket, turn on IP_HDRINCL and SO_DONTROUTE, and > then use sendto(2) to send a packet, the destination address provided to > sendto(2) is ignored; instead, the destination is taken from the packet's > ip_dst field. > > It looks like this happens because rip_output calls ip_output with a NULL > value for ro, prompting ip_output to look up the destination from the IP > packet, rather than the destination passed to sendto (which never made its > way out of rip_output). > > I tripped over this because I was trying to have a userland process which > routes (some) packets differently from how the routing tables specify; but > my "no really, go out THAT interface" wasn't being respected. :-( > > (Full background: I want to make a transparent proxy which intercepts > outgoing connections to 169.254.169.254, allowing some of them through and > redirecting others for special handling. I created a tun which outgoing > packets get routed into; but I ran into problems when I wanted to forward > some of the packets out of the external interface since they ignored my > attempts to route them and came straight back into the tun instead.) > I have always achieved this sort of thing using ipfw fwd rules, rather than trying to bend the IP stack to do it.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?63cdda3a-8078-7e1a-6a59-614ed6785e88>
