SOCK_RAW && SO_DONTROUTE doesn't work

[Colin Percival]

Hi networky people,

I'm not sure if this was deliberate or if it's a bug.

If you create a raw IP socket, turn on IP_HDRINCL and SO_DONTROUTE, and
then use sendto(2) to send a packet, the destination address provided to
sendto(2) is ignored; instead, the destination is taken from the packet's
ip_dst field.

It looks like this happens because rip_output calls ip_output with a NULL
value for ro, prompting ip_output to look up the destination from the IP
packet, rather than the destination passed to sendto (which never made its
way out of rip_output).

I tripped over this because I was trying to have a userland process which
routes (some) packets differently from how the routing tables specify; but
my "no really, go out THAT interface" wasn't being respected. :-(

(Full background: I want to make a transparent proxy which intercepts
outgoing connections to 169.254.169.254, allowing some of them through and
redirecting others for special handling.  I created a tun which outgoing
packets get routed into; but I ran into problems when I wanted to forward
some of the packets out of the external interface since they ignored my
attempts to route them and came straight back into the tun instead.)

-- 
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid