Date: Mon, 13 Aug 2001 22:21:45 +0200 From: Pierre Beyssac <pb@fasterix.freenix.org> To: freebsd-security@freebsd.org Subject: [pb@fasterix.freenix.org: bin/29026: fix for traceroute] Message-ID: <20010813222145.A66725@fasterix.frmug.org>
next in thread | raw e-mail | index | archive | help
Hi,
Any advice on this? Ruslan advised me to wait a return from the
traceroute list at LBL, but no news from them since I sent the patch
almost a month ago...
Pierre
----- Forwarded message from Pierre Beyssac <pb@fasterix.freenix.org> -----
Date: Mon, 16 Jul 2001 21:06:37 +0200
From: Pierre Beyssac <pb@fasterix.freenix.org>
To: freebsd-net@FreeBSD.ORG
Cc: traceroute@ee.lbl.gov
Subject: fix for traceroute (bin/29026)
Could anyone check this fix for PR bin/29026 (traceroute -s option)?
It just reenables the bind(2) call checking for the source address
correctness, and moves the IP_HDRINCL after that (once IP_HDRINCL
is enabled on the socket, bind doesn't check this anymore).
It seems to work on my (very outdated) current as well as -stable,
but I'm not able to check it on a recent -current, and although I
have tested it with and without -s I may have missed some side
effects with weird options combinations.
If someone can confirm that this works, I can commit it.
Index: traceroute.c
===================================================================
RCS file: /home/ncvs/src/contrib/traceroute/traceroute.c,v
retrieving revision 1.18
diff -u -r1.18 traceroute.c
--- traceroute.c 2001/06/06 16:12:59 1.18
+++ traceroute.c 2001/07/16 18:53:44
@@ -727,13 +727,6 @@
exit(1);
}
#endif
-#ifdef IP_HDRINCL
- if (setsockopt(sndsock, IPPROTO_IP, IP_HDRINCL, (char *)&on,
- sizeof(on)) < 0) {
- Fprintf(stderr, "%s: IP_HDRINCL: %s\n", prog, strerror(errno));
- exit(1);
- }
-#endif
if (options & SO_DEBUG)
(void)setsockopt(sndsock, SOL_SOCKET, SO_DEBUG, (char *)&on,
sizeof(on));
@@ -744,14 +737,19 @@
if (source != NULL) {
source = savestr(getsin(&from, source));
outip->ip_src = from.sin_addr;
-#ifndef IP_HDRINCL
if (bind(sndsock, (struct sockaddr *)&from, sizeof(from)) < 0) {
Fprintf(stderr, "%s: bind: %s\n",
prog, strerror(errno));
exit (1);
}
-#endif
}
+#ifdef IP_HDRINCL
+ if (setsockopt(sndsock, IPPROTO_IP, IP_HDRINCL, (char *)&on,
+ sizeof(on)) < 0) {
+ Fprintf(stderr, "%s: IP_HDRINCL: %s\n", prog, strerror(errno));
+ exit(1);
+ }
+#endif
#if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
if (setpolicy(sndsock, "in bypass") < 0)
--
Pierre Beyssac pb@fasterix.frmug.org pb@fasterix.freenix.org
Why write portable code when you can write Linux code?
Free domains: http://www.eu.org/ or mail dns-manager@EU.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
----- End forwarded message -----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010813222145.A66725>