Date: Wed, 6 Jan 1999 21:15:12 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: louie@TransSys.COM (Louis A. Mamakos) Cc: dnelson@redwoodsoft.com, lem@cantv.net, freebsd-hackers@FreeBSD.ORG Subject: Re: Source address Message-ID: <199901062115.OAA27539@usr08.primenet.com> In-Reply-To: <199812200103.UAA80379@whizzo.transsys.com> from "Louis A. Mamakos" at Dec 19, 98 08:03:22 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Except that in IOS, the "source-interface" commands cause the application > in question (snmp trap generator, syslog generator, etc), to bind to > a particular interface address on the router, rather than using whatever > interface address is associated with the exit interface on the router. > > It doesn't smash an address in the packet on the way out, and neither > should the FreeBSD kernel. There are a lot of applications that care > about the end point addresses, and zapping something behind their back > is probably going to manifest itself in interesting ways. > > Perhaps this is phrasing problem. If you were to add a sysctl to > bias the operation of the socket code to choose a specified address of > an interface, rather than the address of the outbound interface.. but > then you have to worry about the interface being up and other details. This is a generic problem in the way sockets are bound. Similar fallout from the problem is that, when you change IP addresses on interfaces, you have to restart daemons bound to the IP addresses, etc.. In general, the best possible corrective action would be to allow binding of sockets to interfaces instead of IP addresses. For a complete soloution, you'd want to be able to bind a socket to all interfaces, a specific interface, an IP address regardless of interfaces that have that address, and an interface/IP address pair. For an inetd style soloution, you'd want to add parameters on the end of the protocol field, I believe. Something like: ftp stream tcp:ed0:10.0.0.1 nowait root /usr/libexec/ftpd ftpd -l -d /home/ftp ftp stream tcp:*:141.168.5.12 nowait root /usr/libexec/ftpd ftpd -l -d /home/ftp/external Someone really needs to revisit the idea of sockets before IPV6 is widely deployed. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901062115.OAA27539>