upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-11 17:51:26 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

netinet: Disallow connections to INADDR_ANY

Browse source 
Previously connect() or sendto() to INADDR_ANY reached some socket bound
to some host interface address. Although this was intentional it was an
artifact of a different era, and is not desirable now.

In 417b35a97b markj added support to disallow connect() to INADDR_ANY.
Take the next logical step and disable it by default.

PR:		280705
Reviewed by:	markj, jhb, zlei
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47740
This commit is contained in:
Ed Maste 2024-11-25 09:07:11 -05:00
parent ab4edcd552
commit cd240957d7
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sys/netinet/in_pcb.c
View file

@ -235,7 +235,7 @@ VNET_SYSINIT(in_pcbhashseed_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST,
in_pcbhashseed_init, NULL);
#ifdef INET
VNET_DEFINE_STATIC(int, connect_inaddr_wild) = 1;
VNET_DEFINE_STATIC(int, connect_inaddr_wild) = 0;
#define V_connect_inaddr_wild VNET(connect_inaddr_wild)
SYSCTL_INT(_net_inet_ip, OID_AUTO, connect_inaddr_wild,
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(connect_inaddr_wild), 0,