Hi, Currently it's possible to assign *any* IPv6 source address to the datagram sent out by the unprivileged process by supplying a IPV6_PKTINFO control message to the sendmsg(2).
I'm not sure it's a desired behavior and afaik it's not possible to achieve this with IPv4 sockets without the need to be a root. Do we want to change that? The following change restricts it to the locally configured addresses. Is it a way to go? Cheers! Index: in6_src.c =================================================================== RCS file: /home/cvs/src/sys/netinet6/in6_src.c,v retrieving revision 1.25 diff -u -p -u -p -r1.25 in6_src.c --- in6_src.c 7 May 2010 13:33:17 -0000 1.25 +++ in6_src.c 4 Aug 2011 14:19:54 -0000 @@ -113,8 +113,29 @@ in6_selectsrc(struct sockaddr_in6 *dstso * use it. */ if (opts && (pi = opts->ip6po_pktinfo) && - !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) + !IN6_IS_ADDR_UNSPECIFIED(&pi->ipi6_addr)) { + struct ifnet *ifp; + + if (IN6_IS_SCOPE_EMBED(&pi->ipi6_addr)) { + pi->ipi6_addr.s6_addr16[1] = htons(pi->ipi6_ifindex); + if (in6ifa_ifpwithaddr(ifindex2ifnet[pi->ipi6_ifindex], + &pi->ipi6_addr) == NULL) { + *errorp = EADDRNOTAVAIL; + return (NULL); + } + } else { + TAILQ_FOREACH(ifp, &ifnet, if_list) { + if ((ia6 = in6ifa_ifpwithaddr(ifp, + &pi->ipi6_addr)) != NULL) + break; + } + if (!ia6) { + *errorp = EADDRNOTAVAIL; + return (NULL); + } + } return (&pi->ipi6_addr); + } /* * If the source address is not specified but the socket(if any)