binding non local ip.

[joris dedieu]

Hi,
I need a to bind non local ips  daemons that don't
implement IP_BINDANY sockopt.

There are several solutions as patching every single daemon
or using carp (You may not want automatic failover), jailing
the process and of course binding INADDR_ANY when possible ...

Has I'm too lazy for this, I wrote a little (maybe ugly as my
kernel knowledges are really low) patch that add a sysctl
entry in net.inet.ip that allow binding non local ips. It's
maybe buggy and insecure but it seems to work.

What do you think about it ?

Thanks
Joris

--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -321,6 +321,9 @@ in_pcbbind(struct inpcb *inp, struct sockaddr
*nam, struct ucred *cred)
  *
  * On error, the values of *laddrp and *lportp are not changed.
  */
+static int     bindany = 0; /* 1 allows to bind a non local ip */
+SYSCTL_INT(_net_inet_ip, OID_AUTO, bindany, CTLFLAG_RW, &bindany, 0,
+    "Allow to bind a non local ip");
 int
 in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp,
     u_short *lportp, struct ucred *cred)
@@ -393,8 +396,12 @@ in_pcbbind_setup(struct inpcb *inp, struct
sockaddr *nam, in_addr_t *laddrp,
                         * to any endpoint address, local or not.
                         */
                        if ((inp->inp_flags & INP_BINDANY) == 0 &&
-                           ifa_ifwithaddr_check((struct sockaddr *)sin) == 0)
-                               return (EADDRNOTAVAIL);
+                           ifa_ifwithaddr_check((struct sockaddr *)sin) == 0) {
+                               if(bindany > 0)
+                                       inp->inp_flags |= INP_BINDANY;
+                               else
+                                       return (EADDRNOTAVAIL);
+                       }
                }
                laddr = sin->sin_addr;
                if (lport) {