I using pf firewall on FreeBSD for socket IPV6 IPV6_BINDANY option.
In OpenBSD tested pf, good working. But not working in FreeBSD.
# test.c:
In OpenBSD tested pf, good working. But not working in FreeBSD.
# test.c:
Code:
#include <stdio.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <netinet/in.h>
#include <sys/socket.h>
const char *bind_ip = "2001:7e01:e7e9:da11:f139:683d:6823:13b2"; // Random address
const char *HOST = "2a01:4f8:c0c:bd0a::1";
const int PORT = 80;
int main()
{
int sockfd;
sockfd = socket(AF_INET6, SOCK_STREAM, 0);
if(sockfd == -1) {
perror("Socket error: ");
return 1;
}
int on = 1;
setsockopt(sockfd, IPPROTO_IPV6, IPV6_BINDANY, &on, sizeof(on));
struct sockaddr_in6 sin;
sin.sin6_family = AF_INET6;
sin.sin6_port = htons(0);
if(inet_pton(AF_INET6, bind_ip, &sin.sin6_addr) != 1)
{
fprintf(stderr, "Invalid bind source address.\n");
return 1;
}
struct sockaddr_in6 sa;
sa.sin6_family = AF_INET6;
sa.sin6_port = htons(PORT);
if(inet_pton(AF_INET6, HOST, &sa.sin6_addr) != 1)
{
fprintf(stderr, "Invalid host address.\n");
return 1;
}
if(bind(sockfd, (struct sockaddr *) &sin, sizeof(sin)) == -1)
{
perror("Bind error: ");
return 1;
}
if(connect(sockfd, (struct sockaddr *)&sa, sizeof(sa)) != 0) {
perror("Connect error: ");
return 1;
}
printf("Connection successful!\n");
close(sockfd);
return 0;
}
Code:
# cc test.c && ./a.out
Connect error: Operation timed out
Code:
# pfctl -si
Status: Enabled for 0 days 00:03:22 Debug: Urgent
State Table Total Rate
current entries 2202
searches 18919 93.7/s
inserts 8824 43.7/s
removals 6622 32.8/s
Counters
match 8824 43.7/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 12 0.1/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
map-failed 0 0.0/s
Code:
# pf.conf
set skip on lo
block return # block stateless traffic
pass # establish keep-state