SOCK_RAW && SO_DONTROUTE doesn't work
Julian Elischer
julian at freebsd.org
Mon Nov 25 23:44:09 UTC 2019
On 11/25/19 12:02 PM, Colin Percival wrote:
> Hi networky people,
>
> I'm not sure if this was deliberate or if it's a bug.
>
> If you create a raw IP socket, turn on IP_HDRINCL and SO_DONTROUTE, and
> then use sendto(2) to send a packet, the destination address provided to
> sendto(2) is ignored; instead, the destination is taken from the packet's
> ip_dst field.
>
> It looks like this happens because rip_output calls ip_output with a NULL
> value for ro, prompting ip_output to look up the destination from the IP
> packet, rather than the destination passed to sendto (which never made its
> way out of rip_output).
>
> I tripped over this because I was trying to have a userland process which
> routes (some) packets differently from how the routing tables specify; but
> my "no really, go out THAT interface" wasn't being respected. :-(
>
> (Full background: I want to make a transparent proxy which intercepts
> outgoing connections to 169.254.169.254, allowing some of them through and
> redirecting others for special handling. I created a tun which outgoing
> packets get routed into; but I ran into problems when I wanted to forward
> some of the packets out of the external interface since they ignored my
> attempts to route them and came straight back into the tun instead.)
>
I have always achieved this sort of thing using ipfw fwd rules, rather
than trying to bend the IP stack to do it.
More information about the freebsd-net
mailing list