On Mon, May 14, 2007 at 03:06:25PM -0400, Dylan Taft wrote: > On 5/14/07, Neil Horman <nhorman@xxxxxxxxxxxxx> wrote: > >Why don't you bind to INADDR_ANY, set the IP_PKTINFO socket option on the > >socket > >in question, and filter based on the ipi_ifindex value in the ancillary > >messages > >that come in with each packet? > > > >Regards > >Neil > > > > > > We need to be able to send and recv on specific interfaces. > That will work I think...however...we'll have to keep track of which > ip each socket did a bind() on, since if it attempts to bind to a lan > IP, the code needs to bind it to INADDR_ANY so it can receive > broadcasts on 255.255.255.255....then IP_PKTINFO and sendmsg() could > be used to send a broadcast on that specific interface, and recvmsg() > and IP_PKTINFO to filter...right? > Yeah, that sounds about right to me. > I guess we'll need some way to map the socket id to the source ip we > want to send out from and recv from so it goes over the proper device, > and then fill out a IP_PKTINFO struct in Wine's send() and recv() > function... > I think the bind library call is weakly linked, so you should be able to override it. You can intercept the socket descriptor and the associated sockaddr there if you need to to create that association. > It seems kind of depressing, SO_BINDTODEVICE did _EXACTLY_ what was > needed. I was looking at the kernel source, it checks if there's raw > socket capability for the uid... > It doesn't seem insecure to allow regular users to use > SO_BINDTODEVICE....does it rely on code used for raw sockets, or is > it just a security check? > I'm not 100% sure. All I can see is that it overrides the value of sk_bound_dev_if, which is nominally set by raw sockets, or flows that have passed through the routing code already. I think the CAP_NET_RAW check is there because allowing frames to get forced out of interfaces not directed by the routing table lets you circumvent sysadmin defined network policies (think about an system that has both a secure and insecure network, you don't want just anyone sending to your secure net), but don't quote me on that HTH Neil > I'm gonna have to read up on sendmsg() and recvmsg()... > Thanks. - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
