From b675dd11eb6265b4789683cf482b2a82825fa0ff Mon Sep 17 00:00:00 2001 From: Peter Hessler Date: Thu, 3 Feb 2011 08:49:47 +0000 Subject: When binding to addresses, ignore any IP address not in the current routing domain. While here, update comment on what the ioctl is used for (from sthen@). OK mikeb@, sthen@ --- sbin/isakmpd/virtual.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'sbin/isakmpd/virtual.c') diff --git a/sbin/isakmpd/virtual.c b/sbin/isakmpd/virtual.c index 86622fdcf85..734ca801fb0 100644 --- a/sbin/isakmpd/virtual.c +++ b/sbin/isakmpd/virtual.c @@ -1,4 +1,4 @@ -/* $OpenBSD: virtual.c,v 1.30 2009/01/28 17:57:15 hshoexer Exp $ */ +/* $OpenBSD: virtual.c,v 1.31 2011/02/03 08:49:46 phessler Exp $ */ /* * Copyright (c) 2004 Håkan Olsson. All rights reserved. @@ -394,7 +394,8 @@ virtual_bind_if(char *ifname, struct sockaddr *if_addr, void *arg) /* * Don't bother with interfaces that are down. - * Note: This socket is only used to collect the interface status. + * Note: This socket is only used to collect the interface status, + * rtables and inet6 addresses. */ s = socket(if_addr->sa_family, SOCK_DGRAM, 0); if (s == -1) { @@ -438,6 +439,22 @@ virtual_bind_if(char *ifname, struct sockaddr *if_addr, void *arg) return 0; } } + + if (ioctl(s, SIOCGIFRDOMAIN, (caddr_t)&flags_ifr) == -1) { + log_error("virtual_bind_if: " + "ioctl (%d, SIOCGIFRDOMAIN, ...) failed", s); + close(s); + return -1; + } + + /* + * Ignore interfaces outside of our rtable + */ + if (getrtable() != flags_ifr.ifr_rdomainid) { + close(s); + return 0; + } + close(s); /* Set the port number to zero. */ -- cgit v1.2.3