binding non local ip.

Julian Elischer julian at freebsd.org
Fri Jan 7 17:24:23 UTC 2011 

On 1/7/11 4:57 AM, joris dedieu wrote:
> Hi,
> I need a to bind non local ips  daemons that don't
> implement IP_BINDANY sockopt.

I'm not sure you need it
you can use the ipfw 'fwd' command to make a locally bound
socket act and look as if it is bound to a non local address

You need to tell us a little more about what you need to do

for example,
Is the socket just listenning? or is it initiating?

> There are several solutions as patching every single daemon
> or using carp (You may not want automatic failover), jailing
> the process and of course binding INADDR_ANY when possible ...
>
> As I'm too lazy for this, I wrote a little (maybe ugly as my
> kernel knowledges are really low) patch that add a sysctl
> entry in net.inet.ip that allow binding non local ips. It's
> maybe buggy and insecure but it seems to work.
seems ok, but if the daemon is initiating, how does it know to bind to 
a non local address?
also. if you have source, a single setsockopt() in each one is not 
much of a job..


> What do you think about it ?
>
> Thanks
> Joris
>
> --- a/sys/netinet/in_pcb.c
> +++ b/sys/netinet/in_pcb.c
> @@ -321,6 +321,9 @@ in_pcbbind(struct inpcb *inp, struct sockaddr
> *nam, struct ucred *cred)
>    *
>    * On error, the values of *laddrp and *lportp are not changed.
>    */
> +static int     bindany = 0; /* 1 allows to bind a non local ip */
> +SYSCTL_INT(_net_inet_ip, OID_AUTO, bindany, CTLFLAG_RW,&bindany, 0,
> +    "Allow to bind a non local ip");
>   int
>   in_pcbbind_setup(struct inpcb *inp, struct sockaddr *nam, in_addr_t *laddrp,
>       u_short *lportp, struct ucred *cred)
> @@ -393,8 +396,12 @@ in_pcbbind_setup(struct inpcb *inp, struct
> sockaddr *nam, in_addr_t *laddrp,
>                           * to any endpoint address, local or not.
>                           */
>                          if ((inp->inp_flags&  INP_BINDANY) == 0&&
> -                           ifa_ifwithaddr_check((struct sockaddr *)sin) == 0)
> -                               return (EADDRNOTAVAIL);
> +                           ifa_ifwithaddr_check((struct sockaddr *)sin) == 0) {
> +                               if(bindany>  0)
> +                                       inp->inp_flags |= INP_BINDANY;
> +                               else
> +                                       return (EADDRNOTAVAIL);
> +                       }
>                  }
>                  laddr = sin->sin_addr;
>                  if (lport) {
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>

More information about the freebsd-hackers mailing list