From owner-freebsd-bugs  Sat Jun 27 00:18:14 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA27200
          for freebsd-bugs-outgoing; Sat, 27 Jun 1998 00:18:14 -0700 (PDT)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from smtp03.primenet.com (daemon@smtp03.primenet.com [206.165.6.133])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA27115;
          Sat, 27 Jun 1998 00:18:05 -0700 (PDT)
          (envelope-from tlambert@usr08.primenet.com)
Received: (from daemon@localhost)
	by smtp03.primenet.com (8.8.8/8.8.8) id AAA04404;
	Sat, 27 Jun 1998 00:18:04 -0700 (MST)
Received: from usr08.primenet.com(206.165.6.208)
 via SMTP by smtp03.primenet.com, id smtpd004394; Sat Jun 27 00:17:57 1998
Received: (from tlambert@localhost)
	by usr08.primenet.com (8.8.5/8.8.5) id AAA22908;
	Sat, 27 Jun 1998 00:17:47 -0700 (MST)
From: Terry Lambert <tlambert@primenet.com>
Message-Id: <199806270717.AAA22908@usr08.primenet.com>
Subject: Re: Apparent bug in sendto() with raw sockets
To: archie@whistle.com (Archie Cobbs)
Date: Sat, 27 Jun 1998 07:17:47 +0000 (GMT)
Cc: andrewr@slack.net, fenner@parc.xerox.com, nate@almond.elite.net,
        nate@elite.net, julian@whistle.com, freebsd-bugs@FreeBSD.ORG,
        freebsd-net@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG
In-Reply-To: <199806262102.OAA01182@bubba.whistle.com> from "Archie Cobbs" at Jun 26, 98 02:02:44 pm
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> > Speaking of IP_HDRINCL, after reading raw_ip.c and noticing the protection
> > against spoofing (can't use IP_HDRINCL in certain situations), I started
> > thinking about actually comparing the user dsupplied ip->ip_src with the
> > actual IP address defined for the outgoing interface.  While looking for a
> 
> What's wrong with being able to spoof an IP address? If I have root
> access (required to open a raw socket), and I want to do so, the kernel
> shouldn't prevent me. There are legitimate reasons for wanting to send
> spoofed source IP addresses (eg, testing situations).

A number of "netnanny" packages rely on being able to say "host
unreachable" in response to a request before the (actually reachable)
site is able to respond with the information.


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message