On 11/21/2013 10:29 AM, Martin Willi wrote: > Hi Thomas, > >> With this patch the strongswan.conf option >> charon.plugins.dhcp.interface can be used to restrict the DHCP >> communication to a configurable interface. > > Unfortunately, the patch is missing in your mail. > > Best Regards > Martin > > Hi Martin,
that's odd, it's missing in my outbox, too. I've attached the patch to this mail, so it will hopefully succeed this time. Best Regards, Thomas
>From ebd9641452200f5b8b1ad3cb9ae405c095ad8594 Mon Sep 17 00:00:00 2001 From: Thomas Egerer <[email protected]> Date: Mon, 18 Nov 2013 13:15:02 +0100 Subject: [PATCH] dhcp: Allow binding of socket to particular interface In certain situations it is desirable to bind the send/receive sockets for the DHCP address allocation to a particular interface. With this patch the strongswan.conf option charon.plugins.dhcp.interface can be used to restrict the DHCP communication to a configurable interface. Signed-off-by: Thomas Egerer <[email protected]> --- src/libcharon/plugins/dhcp/dhcp_socket.c | 43 ++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c index 044c8a8..dd4e651 100644 --- a/src/libcharon/plugins/dhcp/dhcp_socket.c +++ b/src/libcharon/plugins/dhcp/dhcp_socket.c @@ -643,6 +643,37 @@ METHOD(dhcp_socket_t, destroy, void, } /** + * bind a socket to a particular interface + * + * @param fd socket file descriptor to bind to interface + * @param iface name of the interface to bind socket to + * should be set on socket + * + * @return TRUE if socket was successfully bound to the given + * interface, or iface was NULL + */ +static bool bind_to_device(int fd, char *iface) +{ + struct ifreq ifreq; + + if (strlen(iface) > sizeof(ifreq.ifr_name)) + { + DBG1(DBG_CFG, "name for DHCP interface too long: %s", iface); + return FALSE; + } + + memcpy(ifreq.ifr_name, iface, sizeof(ifreq.ifr_name)); + if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, (const void *)&ifreq, + sizeof(ifreq))) + { + DBG1(DBG_CFG, "settings sockopt bindtodevice failed: %s", + strerror(errno)); + return FALSE; + } + return TRUE; +} + +/** * See header */ dhcp_socket_t *dhcp_socket_create() @@ -655,6 +686,7 @@ dhcp_socket_t *dhcp_socket_create() .s_addr = INADDR_ANY, }, }; + char *iface; int on = 1; struct sock_filter dhcp_filter_code[] = { BPF_STMT(BPF_LD+BPF_B+BPF_ABS, @@ -718,6 +750,8 @@ dhcp_socket_t *dhcp_socket_create() this->dst = host_create_from_string(lib->settings->get_str(lib->settings, "%s.plugins.dhcp.server", "255.255.255.255", charon->name), DHCP_SERVER_PORT); + iface = lib->settings->get_str(lib->settings, "%s.plugins.dhcp.interface", + NULL, charon->name); if (!this->dst) { DBG1(DBG_CFG, "configured DHCP server address invalid"); @@ -766,6 +800,15 @@ dhcp_socket_t *dhcp_socket_create() destroy(this); return NULL; } + if (iface) + { + if (!bind_to_device(this->send, iface) || + !bind_to_device(this->receive, iface)) + { + destroy(this); + return NULL; + } + } lib->watcher->add(lib->watcher, this->receive, WATCHER_READ, (watcher_cb_t)receive_dhcp, this); -- 1.7.11.rc2.5.g68f532f
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
