mirror of
https://github.com/systemd/systemd.git
synced 2024-10-27 10:25:37 +03:00
Merge pull request #12024 from poettering/bindtoifindex
use SO_BINDTOIFINDEX where appropriate
This commit is contained in:
commit
45ce112002
@ -32,6 +32,10 @@ struct sockaddr_vm {
|
||||
#define SO_PEERGROUPS 59
|
||||
#endif
|
||||
|
||||
#ifndef SO_BINDTOIFINDEX
|
||||
#define SO_BINDTOIFINDEX 62
|
||||
#endif
|
||||
|
||||
#ifndef SOL_NETLINK
|
||||
#define SOL_NETLINK 270
|
||||
#endif
|
||||
|
@ -68,9 +68,11 @@ int socket_address_listen(
|
||||
}
|
||||
|
||||
if (IN_SET(socket_address_family(a), AF_INET, AF_INET6)) {
|
||||
if (bind_to_device)
|
||||
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, bind_to_device, strlen(bind_to_device)+1) < 0)
|
||||
return -errno;
|
||||
if (bind_to_device) {
|
||||
r = socket_bind_to_ifname(fd, bind_to_device);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
if (reuse_port) {
|
||||
r = setsockopt_int(fd, SOL_SOCKET, SO_REUSEPORT, true);
|
||||
|
@ -1354,3 +1354,39 @@ int sockaddr_un_set_path(struct sockaddr_un *ret, const char *path) {
|
||||
return (int) (offsetof(struct sockaddr_un, sun_path) + l + 1); /* include trailing NUL in size */
|
||||
}
|
||||
}
|
||||
|
||||
int socket_bind_to_ifname(int fd, const char *ifname) {
|
||||
assert(fd >= 0);
|
||||
|
||||
/* Call with NULL to drop binding */
|
||||
|
||||
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen_ptr(ifname)) < 0)
|
||||
return -errno;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int socket_bind_to_ifindex(int fd, int ifindex) {
|
||||
char ifname[IFNAMSIZ] = "";
|
||||
|
||||
assert(fd >= 0);
|
||||
|
||||
if (ifindex <= 0) {
|
||||
/* Drop binding */
|
||||
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, NULL, 0) < 0)
|
||||
return -errno;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (setsockopt(fd, SOL_SOCKET, SO_BINDTOIFINDEX, &ifindex, sizeof(ifindex)) >= 0)
|
||||
return 0;
|
||||
if (errno != ENOPROTOOPT)
|
||||
return -errno;
|
||||
|
||||
/* Fall back to SO_BINDTODEVICE on kernels < 5.0 which didn't have SO_BINDTOIFINDEX */
|
||||
if (!if_indextoname(ifindex, ifname))
|
||||
return -errno;
|
||||
|
||||
return socket_bind_to_ifname(fd, ifname);
|
||||
}
|
||||
|
@ -198,3 +198,6 @@ static inline int setsockopt_int(int fd, int level, int optname, int value) {
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int socket_bind_to_ifname(int fd, const char *ifname);
|
||||
int socket_bind_to_ifindex(int fd, int ifindex);
|
||||
|
@ -153,7 +153,6 @@ int dhcp_network_bind_udp_socket(int ifindex, be32_t address, uint16_t port) {
|
||||
.in.sin_addr.s_addr = address,
|
||||
};
|
||||
_cleanup_close_ int s = -1;
|
||||
char ifname[IF_NAMESIZE] = "";
|
||||
int r;
|
||||
|
||||
s = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 0);
|
||||
@ -169,12 +168,9 @@ int dhcp_network_bind_udp_socket(int ifindex, be32_t address, uint16_t port) {
|
||||
return r;
|
||||
|
||||
if (ifindex > 0) {
|
||||
if (if_indextoname(ifindex, ifname) == 0)
|
||||
return -errno;
|
||||
|
||||
r = setsockopt(s, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen(ifname));
|
||||
r = socket_bind_to_ifindex(s, ifindex);
|
||||
if (r < 0)
|
||||
return -errno;
|
||||
return r;
|
||||
}
|
||||
|
||||
if (address == INADDR_ANY) {
|
||||
|
@ -31,9 +31,8 @@
|
||||
|
||||
static int icmp6_bind_router_message(const struct icmp6_filter *filter,
|
||||
const struct ipv6_mreq *mreq) {
|
||||
int index = mreq->ipv6mr_interface;
|
||||
int ifindex = mreq->ipv6mr_interface;
|
||||
_cleanup_close_ int s = -1;
|
||||
char ifname[IF_NAMESIZE] = "";
|
||||
int r;
|
||||
|
||||
s = socket(AF_INET6, SOCK_RAW | SOCK_CLOEXEC | SOCK_NONBLOCK, IPPROTO_ICMPV6);
|
||||
@ -52,7 +51,7 @@ static int icmp6_bind_router_message(const struct icmp6_filter *filter,
|
||||
IPV6_PKTINFO socket option also applies for ICMPv6 multicast.
|
||||
Empirical experiments indicates otherwise and therefore an
|
||||
IPV6_MULTICAST_IF socket option is used here instead */
|
||||
r = setsockopt_int(s, IPPROTO_IPV6, IPV6_MULTICAST_IF, index);
|
||||
r = setsockopt_int(s, IPPROTO_IPV6, IPV6_MULTICAST_IF, ifindex);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
@ -76,12 +75,9 @@ static int icmp6_bind_router_message(const struct icmp6_filter *filter,
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (if_indextoname(index, ifname) == 0)
|
||||
return -errno;
|
||||
|
||||
r = setsockopt(s, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen(ifname));
|
||||
r = socket_bind_to_ifindex(s, ifindex);
|
||||
if (r < 0)
|
||||
return -errno;
|
||||
return r;
|
||||
|
||||
return TAKE_FD(s);
|
||||
}
|
||||
|
@ -421,8 +421,9 @@ static int manager_dns_stub_udp_fd(Manager *m) {
|
||||
return r;
|
||||
|
||||
/* Make sure no traffic from outside the local host can leak to onto this socket */
|
||||
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, "lo", 3) < 0)
|
||||
return -errno;
|
||||
r = socket_bind_to_ifindex(fd, LOOPBACK_IFINDEX);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (bind(fd, &sa.sa, sizeof(sa.in)) < 0)
|
||||
return -errno;
|
||||
@ -514,8 +515,9 @@ static int manager_dns_stub_tcp_fd(Manager *m) {
|
||||
return r;
|
||||
|
||||
/* Make sure no traffic from outside the local host can leak to onto this socket */
|
||||
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, "lo", 3) < 0)
|
||||
return -errno;
|
||||
r = socket_bind_to_ifindex(fd, LOOPBACK_IFINDEX);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (bind(fd, &sa.sa, sizeof(sa.in)) < 0)
|
||||
return -errno;
|
||||
|
Loading…
Reference in New Issue
Block a user