Merge pull request #12024 from poettering/bindtoifindex
use SO_BINDTOIFINDEX where appropriate
This commit is contained in:
commit
45ce112002
|
@ -32,6 +32,10 @@ struct sockaddr_vm {
|
||||||
#define SO_PEERGROUPS 59
|
#define SO_PEERGROUPS 59
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifndef SO_BINDTOIFINDEX
|
||||||
|
#define SO_BINDTOIFINDEX 62
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef SOL_NETLINK
|
#ifndef SOL_NETLINK
|
||||||
#define SOL_NETLINK 270
|
#define SOL_NETLINK 270
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -68,9 +68,11 @@ int socket_address_listen(
|
||||||
}
|
}
|
||||||
|
|
||||||
if (IN_SET(socket_address_family(a), AF_INET, AF_INET6)) {
|
if (IN_SET(socket_address_family(a), AF_INET, AF_INET6)) {
|
||||||
if (bind_to_device)
|
if (bind_to_device) {
|
||||||
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, bind_to_device, strlen(bind_to_device)+1) < 0)
|
r = socket_bind_to_ifname(fd, bind_to_device);
|
||||||
return -errno;
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
if (reuse_port) {
|
if (reuse_port) {
|
||||||
r = setsockopt_int(fd, SOL_SOCKET, SO_REUSEPORT, true);
|
r = setsockopt_int(fd, SOL_SOCKET, SO_REUSEPORT, true);
|
||||||
|
|
|
@ -1354,3 +1354,39 @@ int sockaddr_un_set_path(struct sockaddr_un *ret, const char *path) {
|
||||||
return (int) (offsetof(struct sockaddr_un, sun_path) + l + 1); /* include trailing NUL in size */
|
return (int) (offsetof(struct sockaddr_un, sun_path) + l + 1); /* include trailing NUL in size */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int socket_bind_to_ifname(int fd, const char *ifname) {
|
||||||
|
assert(fd >= 0);
|
||||||
|
|
||||||
|
/* Call with NULL to drop binding */
|
||||||
|
|
||||||
|
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen_ptr(ifname)) < 0)
|
||||||
|
return -errno;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
int socket_bind_to_ifindex(int fd, int ifindex) {
|
||||||
|
char ifname[IFNAMSIZ] = "";
|
||||||
|
|
||||||
|
assert(fd >= 0);
|
||||||
|
|
||||||
|
if (ifindex <= 0) {
|
||||||
|
/* Drop binding */
|
||||||
|
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, NULL, 0) < 0)
|
||||||
|
return -errno;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (setsockopt(fd, SOL_SOCKET, SO_BINDTOIFINDEX, &ifindex, sizeof(ifindex)) >= 0)
|
||||||
|
return 0;
|
||||||
|
if (errno != ENOPROTOOPT)
|
||||||
|
return -errno;
|
||||||
|
|
||||||
|
/* Fall back to SO_BINDTODEVICE on kernels < 5.0 which didn't have SO_BINDTOIFINDEX */
|
||||||
|
if (!if_indextoname(ifindex, ifname))
|
||||||
|
return -errno;
|
||||||
|
|
||||||
|
return socket_bind_to_ifname(fd, ifname);
|
||||||
|
}
|
||||||
|
|
|
@ -198,3 +198,6 @@ static inline int setsockopt_int(int fd, int level, int optname, int value) {
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int socket_bind_to_ifname(int fd, const char *ifname);
|
||||||
|
int socket_bind_to_ifindex(int fd, int ifindex);
|
||||||
|
|
|
@ -153,7 +153,6 @@ int dhcp_network_bind_udp_socket(int ifindex, be32_t address, uint16_t port) {
|
||||||
.in.sin_addr.s_addr = address,
|
.in.sin_addr.s_addr = address,
|
||||||
};
|
};
|
||||||
_cleanup_close_ int s = -1;
|
_cleanup_close_ int s = -1;
|
||||||
char ifname[IF_NAMESIZE] = "";
|
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 0);
|
s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 0);
|
||||||
|
@ -169,12 +168,9 @@ int dhcp_network_bind_udp_socket(int ifindex, be32_t address, uint16_t port) {
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
if (ifindex > 0) {
|
if (ifindex > 0) {
|
||||||
if (if_indextoname(ifindex, ifname) == 0)
|
r = socket_bind_to_ifindex(s, ifindex);
|
||||||
return -errno;
|
|
||||||
|
|
||||||
r = setsockopt(s, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen(ifname));
|
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return -errno;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (address == INADDR_ANY) {
|
if (address == INADDR_ANY) {
|
||||||
|
|
|
@ -31,9 +31,8 @@
|
||||||
|
|
||||||
static int icmp6_bind_router_message(const struct icmp6_filter *filter,
|
static int icmp6_bind_router_message(const struct icmp6_filter *filter,
|
||||||
const struct ipv6_mreq *mreq) {
|
const struct ipv6_mreq *mreq) {
|
||||||
int index = mreq->ipv6mr_interface;
|
int ifindex = mreq->ipv6mr_interface;
|
||||||
_cleanup_close_ int s = -1;
|
_cleanup_close_ int s = -1;
|
||||||
char ifname[IF_NAMESIZE] = "";
|
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
s = socket(AF_INET6, SOCK_RAW | SOCK_CLOEXEC | SOCK_NONBLOCK, IPPROTO_ICMPV6);
|
s = socket(AF_INET6, SOCK_RAW | SOCK_CLOEXEC | SOCK_NONBLOCK, IPPROTO_ICMPV6);
|
||||||
|
@ -52,7 +51,7 @@ static int icmp6_bind_router_message(const struct icmp6_filter *filter,
|
||||||
IPV6_PKTINFO socket option also applies for ICMPv6 multicast.
|
IPV6_PKTINFO socket option also applies for ICMPv6 multicast.
|
||||||
Empirical experiments indicates otherwise and therefore an
|
Empirical experiments indicates otherwise and therefore an
|
||||||
IPV6_MULTICAST_IF socket option is used here instead */
|
IPV6_MULTICAST_IF socket option is used here instead */
|
||||||
r = setsockopt_int(s, IPPROTO_IPV6, IPV6_MULTICAST_IF, index);
|
r = setsockopt_int(s, IPPROTO_IPV6, IPV6_MULTICAST_IF, ifindex);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
@ -76,12 +75,9 @@ static int icmp6_bind_router_message(const struct icmp6_filter *filter,
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
if (if_indextoname(index, ifname) == 0)
|
r = socket_bind_to_ifindex(s, ifindex);
|
||||||
return -errno;
|
|
||||||
|
|
||||||
r = setsockopt(s, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen(ifname));
|
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return -errno;
|
return r;
|
||||||
|
|
||||||
return TAKE_FD(s);
|
return TAKE_FD(s);
|
||||||
}
|
}
|
||||||
|
|
|
@ -421,8 +421,9 @@ static int manager_dns_stub_udp_fd(Manager *m) {
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
/* Make sure no traffic from outside the local host can leak to onto this socket */
|
/* Make sure no traffic from outside the local host can leak to onto this socket */
|
||||||
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, "lo", 3) < 0)
|
r = socket_bind_to_ifindex(fd, LOOPBACK_IFINDEX);
|
||||||
return -errno;
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
if (bind(fd, &sa.sa, sizeof(sa.in)) < 0)
|
if (bind(fd, &sa.sa, sizeof(sa.in)) < 0)
|
||||||
return -errno;
|
return -errno;
|
||||||
|
@ -514,8 +515,9 @@ static int manager_dns_stub_tcp_fd(Manager *m) {
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
/* Make sure no traffic from outside the local host can leak to onto this socket */
|
/* Make sure no traffic from outside the local host can leak to onto this socket */
|
||||||
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, "lo", 3) < 0)
|
r = socket_bind_to_ifindex(fd, LOOPBACK_IFINDEX);
|
||||||
return -errno;
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
if (bind(fd, &sa.sa, sizeof(sa.in)) < 0)
|
if (bind(fd, &sa.sa, sizeof(sa.in)) < 0)
|
||||||
return -errno;
|
return -errno;
|
||||||
|
|
Loading…
Reference in a new issue