lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6zegzkvfxv.fsf@southpole.se>
Date:	Fri, 23 May 2014 14:26:52 +0200
From:	nisse@...thpole.se (Niels Möller)
To:	Florian Westphal <fw@...len.de>, Lukas Tribus <luky-37@...mail.com>
Cc:	netdev@...r.kernel.org, Jonas Bonn <jonas@...thpole.se>
Subject: Re: What's the right way to use a *large* number of source addresses?

Florian Westphal <fw@...len.de> writes:

> Niels Möller <nisse@...thpole.se> wrote:

>> 3. Just set the desired local address with the bind call. Currently,
>>    this gives an EADDRNOTAVAIL error, so the first step would be some
>>    option to allow arbitrary source addresses.
>
> See 'Making non-local sockets work' in Documentation/networking/tproxy.txt

Great! Sounds like it should work fine with no additional kernel hacking.

Lukas Tribus <luky-37@...mail.com> writes:

> Yes, its a simple as setting IP_FREEBIND and then binding to the specific
> source IP.
>
> setsockopt(fd, SOL_IP, IP_FREEBIND, &one, sizeof(one))

This sounds even easier, but I'm not sure it works. For my first test, I just tried

  sysctl net.ipv4.ip_nonlocal_bind=1

(which is the global equivalent of IP_FREEBIND). Then bind succeeds, but
connect fails with EINVAL,

  socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
  bind(3, {sa_family=AF_INET, sin_port=htons(8000), sin_addr=inet_addr("10.200.0.1")}, 16) = 0
  connect(3, {sa_family=AF_INET, sin_port=htons(9), sin_addr=inet_addr("10.1.0.2")}, 16) = -1 EINVAL (Invalid argument)

I'll do some more experiments, using IP_TRANSPARENT, and setting up the
suggested iptables rules.

Thanks,
/Niels
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ