netinet: Disallow connections to INADDR_ANY
Previously connect() or sendto() to INADDR_ANY reached some socket bound
to some host interface address. Although this was intentional it was an
artifact of a different era, and is not desirable now.
In 417b35a97b markj added support to disallow connect() to INADDR_ANY.
Take the next logical step and disable it by default.
PR: 280705
Reviewed by: markj, jhb, zlei
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47740
This commit is contained in:
@@ -235,7 +235,7 @@ VNET_SYSINIT(in_pcbhashseed_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST,
|
||||
in_pcbhashseed_init, NULL);
|
||||
|
||||
#ifdef INET
|
||||
VNET_DEFINE_STATIC(int, connect_inaddr_wild) = 1;
|
||||
VNET_DEFINE_STATIC(int, connect_inaddr_wild) = 0;
|
||||
#define V_connect_inaddr_wild VNET(connect_inaddr_wild)
|
||||
SYSCTL_INT(_net_inet_ip, OID_AUTO, connect_inaddr_wild,
|
||||
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(connect_inaddr_wild), 0,
|
||||
|
||||
Reference in New Issue
Block a user