Re: [Openvpn-devel] [PATCH] Bind only to specified interface

Wed, 09 Mar 2011 12:18:47 +0000 

On 09/03/2011, Gert Doering wrote:
> I can understand why this feature is desirable - there are a couple
> of problems with the implementation, though.  
>  - From a code modularity point of view, socket stuff should not go 
>    to options.c, but to socket.c

I understand that with "socket stuff" you probably mean "socket
operations". Actually, my first implementation of this feature
(attached) was entirely confined to socket.c, amd simply accepted an
interface name as a possible value. The reason I didn't like it was
because because I couldn't easily identify a spot in socket.c that
would confine this behaviour to just the local interface.

>  - your code is likely to work on Linux and *BSD, but will it work
>    "as is" on Solaris and Windows?  I don't expect it to, so
>    additional #ifdef's are needed --> and that's why it should go to
>    one of the more system-dependent (and already #ifdef-filled)
>    source files

I'll need help from people with access to those systems to place the
appropriate #ifdefs...

> In general, I wonder why binding to the interface is really needed
> - what happens if you don't specify "local" at all?  It should pick
> the proper source address automatically.

It does, unless you have more than one interface, and you need
OpenVPN to bind to only one of them.

        Fede

diff -r 66ad68054f67 socket.c
--- a/socket.c	Tue Mar 01 10:21:42 2011 +0100
+++ b/socket.c	Wed Mar 09 08:49:20 2011 -0300
@@ -32,6 +32,7 @@
 #include "ps.h"
 #include "manage.h"
 #include "misc.h"
+#include <net/if.h>
 
 #include "memdbg.h"
 
@@ -129,6 +130,24 @@
 
   status = openvpn_inet_aton (hostname, &ia); /* parse ascii IP address */
 
+  if (status != OIA_IP)		/* Attempt to parse as interface name */
+    {
+      int fd;
+      struct ifreq ifr;
+
+      ifr.ifr_addr.sa_family = AF_INET;
+      strncpy(ifr.ifr_name, hostname, IFNAMSIZ-1);
+      if ((fd = socket(AF_INET, SOCK_DGRAM, 0))>= 0)
+	{
+	  if (ioctl(fd, SIOCGIFADDR, &ifr) >= 0)
+	    {
+	      ia = ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr;
+	      status = OIA_IP;
+	    }
+	  close(fd);
+	}
+    }
+
   if (status != OIA_IP) /* parse as IP address failed? */
     {
       const int fail_wait_interval = 5; /* seconds */

Attachment: signature.asc
Description: PGP signature

Reply via email to