Adrian Chadd wrote:
I wasn't even aware of the existance of this interface. I'll check it out.
Thing is, this is a socket layer option, rather than what I've
committed which is a netinet layer option.
Anyway, I'll check it out. I'm happy to fiddle with things if others'
would like it.
remember that the behaviour needs to last longer than the socket
does.. once the socket is removed you should still be sending RSTs or
whatever until the fin-wait2 (and other) states have wrapped up.
so that is why I keep the info in teh inp.
Adrian
2009/1/9 Attila Nagy <b...@fsn.hu>:
Hello,
Adrian Chadd wrote:
Author: adrian
Date: Fri Jan 9 16:02:19 2009
New Revision: 186955
URL: http://svn.freebsd.org/changeset/base/186955
Log:
Implement a new IP option (not compiled/enabled by default) to allow
applications to specify a non-local IP address when bind()'ing a socket
to a local endpoint.
This allows applications to spoof the client IP address of connections
if (obviously!) they somehow are able to receive the traffic normally
destined to said clients.
This patch doesn't include any changes to ipfw or the bridging code to
redirect the client traffic through the PCB checks so TCP gets a shot
at it. The normal behaviour is that packets with a non-local destination
IP address are not handled locally. This can be dealth with some IPFW
hackery;
modifications to IPFW to make this less hacky will occur in subsequent
commmits.
Thanks to Julian Elischer and others at Ironport. This work was
approved
and donated before Cisco acquired them.
Obtained from: Julian Elischer and others
MFC after: 2 weeks
Wouldn't it be better to implement existing interfaces for that?
OpenBSD has a SO_BINDANY socket option and it seems it's also in BSD/OS:
http://marc.info/?l=openbsd-cvs&w=2&r=1&s=bindany&q=b
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
