Re: binding non local ip.

[Julian Elischer]

On 1/7/11 4:57 AM, joris dedieu wrote:
Hi,
I need a to bind non local ips  daemons that don't
implement IP_BINDANY sockopt.

I'm not sure you need it
you can use the ipfw 'fwd' command to make a locally bound
socket act and look as if it is bound to a non local address

You need to tell us a little more about what you need to do

for example,
Is the socket just listenning? or is it initiating?

There are several solutions as patching every single daemon
or using carp (You may not want automatic failover), jailing
the process and of course binding INADDR_ANY when possible ...

As I'm too lazy for this, I wrote a little (maybe ugly as my
kernel knowledges are really low) patch that add a sysctl
entry in net.inet.ip that allow binding non local ips. It's
maybe buggy and insecure but it seems to work.
seems ok, but if the daemon is initiating, how does it know to bind to 
a non local address?
also. if you have source, a single setsockopt() in each one is not 
much of a job..


What do you think about it ?

Thanks
Joris

--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -321,6 +321,9 @@ in_pcbbind(struct inpcb *inp, struct sockaddr
*nam, struct ucred *cred)
   *
   * On error, the values of *laddrp and *lportp are not changed.
   */
+static int     bindany = 0; /* 1 allows to bind a non local ip */
+SYSCTL_INT(_net_inet_ip, OID_AUTO, bindany, CTLFLAG_RW,&bindany, 0,
+    "Allow to bind a non local ip");
  int
  in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp,
      u_short *lportp, struct ucred *cred)
@@ -393,8 +396,12 @@ in_pcbbind_setup(struct inpcb *inp, struct
sockaddr *nam, in_addr_t *laddrp,
                          * to any endpoint address, local or not.
                          */
                         if ((inp->inp_flags&  INP_BINDANY) == 0&&
-                           ifa_ifwithaddr_check((struct sockaddr *)sin) == 0)
-                               return (EADDRNOTAVAIL);
+                           ifa_ifwithaddr_check((struct sockaddr *)sin) == 0) {
+                               if(bindany>  0)
+                                       inp->inp_flags |= INP_BINDANY;
+                               else
+                                       return (EADDRNOTAVAIL);
+                       }
                 }
                 laddr = sin->sin_addr;
                 if (lport) {
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"


_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"