When using isakmpd in conjunction with routing tables / rdomains, you
need to create an isakmpd.conf file telling it to only listen on some
interfaces.
This diff changes isakmpd to only listen on the interfaces within the
same routing table, so the config file is no longer needed.
OK?
Index: virtual.c
===================================================================
RCS file: /cvs/openbsd/src/sbin/isakmpd/virtual.c,v
retrieving revision 1.30
diff -u -p -u -p -r1.30 virtual.c
--- virtual.c 28 Jan 2009 17:57:15 -0000 1.30
+++ virtual.c 25 Jan 2011 10:00:42 -0000
@@ -438,6 +438,22 @@ virtual_bind_if(char *ifname, struct soc
return 0;
}
}
+
+ if (ioctl(s, SIOCGIFRDOMAIN, (caddr_t)&flags_ifr) == -1) {
+ log_error("virtual_bind_if: "
+ "ioctl (%d, SIOCGIFRDOMAIN, ...) failed", s);
+ close(s);
+ return -1;
+ }
+
+ /*
+ * Ignore interfaces outside of our rtable
+ */
+ if (getrtable() != flags_ifr.ifr_rdomainid) {
+ close(s);
+ return 0;
+ }
+
close(s);
/* Set the port number to zero. */
--
George Washington was first in war, first in peace -- and the first to
have his birthday juggled to make a long weekend.
-- Ashley Cooper
