On Mon, 14 Apr 2008, Kai Blin wrote:
On Monday 14 April 2008 18:42:26 Paul Chitescu wrote:
Binding to a specific address is the only easy way of detecting which interface an UDP packet was received on since recvfrom() only gives source address, not destination. Listening on 0.0.0.0 would make impossible to tell which interface a packet was received on. Furthermore, a program that explicitely tries to bind to each interface would fail all but the first bind and possibly bail out. Probably many games that use UDP would break.
I'm currently trying to fix apps that fail doing the following (which seems to be a popular way among game developers), in pseudo-code.
hostname = gethostname(); hostent = gethostbyname(hostname); sockaddr->sin_addr = hostent->addr; sock = socket(); bind(sock, sockaddr);
Which, as Christoph noted, cause windows apps to bind to loopback addresses, breaking the networking. This only started to happen recently as recently Linux distros started mapping the machine's hostname to a loopback address. I don't think Wine ever used the registry for anything like that.
Cheers, Kai
-- Kai Blin WorldForge developer http://www.worldforge.org/ Wine developer http://wiki.winehq.org/KaiBlin Samba team member http://www.samba.org/samba/team/ -- Will code for cotton.
Hi, Kai!
Your patch seems quite safe to me as it checks lots of stuff. I disagreed to Christoph Frick's proposal of always binding to 0.0.0.0
As a security enhancement, what about randomly initializing the last 3 octets of magic_loopback_addr at every run instance? This could help fend off potential attacks targeted at buggy applications running in Wine by sending this special address over some other protocol. A remote attacker can convince a local application to listen on all interfaces including Internet attached ones while thinking it (safely) listens only on loopback.
Regards,
Paul Chitescu