Merge branch 'dhcp-receive'

This fixes a regression introduced with pf_handler_t in 5.9.14.  It also
binds the packet sockets correctly to the configured interface, and adds
an option for the dhcp plugin that allows binding the send and receive
sockets to different interfaces.

conf/plugins/dhcp.opt

@@ -36,3 +36,13 @@ charon.plugins.dhcp.interface
 	Interface name the plugin uses for address allocation. The default is to
 	bind to any (0.0.0.0) and let the system decide which way to route the
 	packets to the DHCP server.
+
+charon.plugins.dhcp.interface_receive = charon.plugins.dhcp.interface
+	Interface name the plugin uses to bind its receive socket.
+
+	Interface name the plugin uses to bind its receive socket. The default is
+	to use the same interface as the send socket. Set it to the empty string
+	to avoid binding the receive socket to any interface while the send socket
+	is bound to one. If the	server runs on the same host and the send socket is
+	bound to an interface, it might be necessary to set this to `lo` or the
+	empty string.

src/libcharon/network/pf_handler.c

@@ -176,7 +176,8 @@ static cached_iface_t *find_interface(private_pf_handler_t *this, int fd,
 
 	if (ioctl(fd, SIOCGIFNAME, &req) == 0 &&
 		ioctl(fd, SIOCGIFHWADDR, &req) == 0 &&
-		req.ifr_hwaddr.sa_family == ARPHRD_ETHER)
+		(req.ifr_hwaddr.sa_family == ARPHRD_ETHER ||
+		 req.ifr_hwaddr.sa_family == ARPHRD_LOOPBACK))
 	{
 		idx = find_least_used_cache_entry(this);
 
@@ -225,6 +226,30 @@ METHOD(pf_handler_t, destroy, void,
 	free(this);
 }
 
+/**
+ * Bind the given packet socket to the a named device
+ */
+static bool bind_packet_socket_to_device(int fd, char *iface)
+{
+	struct sockaddr_ll addr = {
+		.sll_family = AF_PACKET,
+		.sll_ifindex = if_nametoindex(iface),
+	};
+
+	if (!addr.sll_ifindex)
+	{
+		DBG1(DBG_CFG, "unable to bind socket to '%s': not found", iface);
+		return FALSE;
+	}
+	if (bind(fd, (struct sockaddr*)&addr, sizeof(addr)) == -1)
+	{
+		DBG1(DBG_CFG, "binding socket to '%s' failed: %s",
+			 iface, strerror(errno));
+		return FALSE;
+	}
+	return TRUE;
+}
+
 /**
  * Setup capturing via AF_PACKET socket
  */
@@ -247,14 +272,15 @@ static bool setup_internal(private_pf_handler_t *this, char *iface,
 			 this->name, strerror(errno));
 		return FALSE;
 	}
-	if (iface && !bind_to_device(this->receive, iface))
+	if (iface && iface[0] && !bind_packet_socket_to_device(this->receive, iface))
 	{
 		return FALSE;
 	}
 	lib->watcher->add(lib->watcher, this->receive, WATCHER_READ,
 					  receive_packet, this);
-	DBG2(DBG_NET, "listening for %s (protocol=0x%04x) requests on fd=%d",
-		 this->name, protocol, this->receive);
+	DBG2(DBG_NET, "listening for %s (protocol=0x%04x) requests on fd=%d bound "
+		 "to %s", this->name, protocol, this->receive,
+		 iface && iface[0] ? iface : "no interface");
 	return TRUE;
 }
 

src/libcharon/plugins/dhcp/dhcp_socket.c

@@ -716,7 +716,7 @@ dhcp_socket_t *dhcp_socket_create()
 		},
 	};
 	socklen_t addr_len;
-	char *iface;
+	char *iface, *iface_receive;
 	int on = 1, rcvbuf = 0;
 
 #if !defined(__APPLE__) && !defined(__FreeBSD__)
@@ -809,8 +809,11 @@ dhcp_socket_t *dhcp_socket_create()
 	this->dst = host_create_from_string(lib->settings->get_str(lib->settings,
 								"%s.plugins.dhcp.server", "255.255.255.255",
 								lib->ns), DHCP_SERVER_PORT);
-	iface = lib->settings->get_str(lib->settings, "%s.plugins.dhcp.interface",
-								   NULL, lib->ns);
+	iface = lib->settings->get_str(lib->settings,
+								"%s.plugins.dhcp.interface", NULL, lib->ns);
+	iface_receive = lib->settings->get_str(lib->settings,
+								"%s.plugins.dhcp.interface_receive", NULL,
+								lib->ns) ?: iface;
 	if (!this->dst)
 	{
 		DBG1(DBG_CFG, "configured DHCP server address invalid");
@@ -873,8 +876,8 @@ dhcp_socket_t *dhcp_socket_create()
 		return NULL;
 	}
 
-	this->pf_handler = pf_handler_create("DHCP", iface, receive_dhcp, this,
-										 &dhcp_filter);
+	this->pf_handler = pf_handler_create("DHCP", iface_receive, receive_dhcp,
+										 this, &dhcp_filter);
 	if (!this->pf_handler)
 	{
 		destroy(this);