mirror of
https://github.com/opnsense/src.git
synced 2026-06-11 17:51:26 -04:00
netinet: Add a sysctl to allow disabling connections to INADDR_ANY
See the discussion in Bugzilla PR 280705 for context. PR: 280705 MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D46259
This commit is contained in:
Mark Johnston
parent
6bc966987e
commit
417b35a97b
2 changed files with 18 additions and 2 deletions
|
|
@ -234,6 +234,12 @@ in_pcbhashseed_init(void)
|
|||
VNET_SYSINIT(in_pcbhashseed_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST,
|
||||
in_pcbhashseed_init, 0);
|
||||
|
||||
VNET_DEFINE_STATIC(int, connect_inaddr_wild) = 1;
|
||||
#define V_connect_inaddr_wild VNET(connect_inaddr_wild)
|
||||
SYSCTL_INT(_net_inet_ip, OID_AUTO, connect_inaddr_wild,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(connect_inaddr_wild), 0,
|
||||
"Allow connecting to INADDR_ANY or INADDR_BROADCAST for connect(2)");
|
||||
|
||||
static void in_pcbremhash(struct inpcb *);
|
||||
|
||||
/*
|
||||
|
|
@ -1309,7 +1315,7 @@ in_pcbconnect_setup(struct inpcb *inp, struct sockaddr_in *sin,
|
|||
inp->inp_flowtype = hash_type;
|
||||
}
|
||||
#endif
|
||||
if (!CK_STAILQ_EMPTY(&V_in_ifaddrhead)) {
|
||||
if (V_connect_inaddr_wild && !CK_STAILQ_EMPTY(&V_in_ifaddrhead)) {
|
||||
/*
|
||||
* If the destination address is INADDR_ANY,
|
||||
* use the primary local address.
|
||||
|
|
|
|||
|
|
@ -83,6 +83,7 @@
|
|||
#include <sys/socket.h>
|
||||
#include <sys/socketvar.h>
|
||||
#include <sys/sockio.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/errno.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/priv.h>
|
||||
|
|
@ -97,6 +98,7 @@
|
|||
#include <net/if_types.h>
|
||||
#include <net/route.h>
|
||||
#include <net/route/nhop.h>
|
||||
#include <net/vnet.h>
|
||||
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/in_var.h>
|
||||
|
|
@ -112,6 +114,14 @@
|
|||
#include <netinet6/in6_fib.h>
|
||||
#include <netinet6/scope6_var.h>
|
||||
|
||||
SYSCTL_DECL(_net_inet6);
|
||||
SYSCTL_DECL(_net_inet6_ip6);
|
||||
VNET_DEFINE_STATIC(int, connect_in6addr_wild) = 1;
|
||||
#define V_connect_in6addr_wild VNET(connect_in6addr_wild)
|
||||
SYSCTL_INT(_net_inet6_ip6, OID_AUTO, connect_in6addr_wild,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(connect_in6addr_wild), 0,
|
||||
"Allow connecting to the unspecified address for connect(2)");
|
||||
|
||||
int
|
||||
in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred)
|
||||
{
|
||||
|
|
@ -351,7 +361,7 @@ in6_pcbladdr(struct inpcb *inp, struct sockaddr_in6 *sin6,
|
|||
if ((error = sa6_embedscope(sin6, V_ip6_use_defzone)) != 0)
|
||||
return(error);
|
||||
|
||||
if (!CK_STAILQ_EMPTY(&V_in6_ifaddrhead)) {
|
||||
if (V_connect_in6addr_wild && !CK_STAILQ_EMPTY(&V_in6_ifaddrhead)) {
|
||||
/*
|
||||
* If the destination address is UNSPECIFIED addr,
|
||||
* use the loopback addr, e.g ::1.
|
||||
|
|
|
|||
Loading…
Reference in a new issue