diff --git a/conf/plugins/dhcp.opt b/conf/plugins/dhcp.opt index 7c6d31c879..ecc6537dcd 100644 --- a/conf/plugins/dhcp.opt +++ b/conf/plugins/dhcp.opt @@ -36,3 +36,13 @@ charon.plugins.dhcp.interface Interface name the plugin uses for address allocation. The default is to bind to any (0.0.0.0) and let the system decide which way to route the packets to the DHCP server. + +charon.plugins.dhcp.interface_receive = charon.plugins.dhcp.interface + Interface name the plugin uses to bind its receive socket. + + Interface name the plugin uses to bind its receive socket. The default is + to use the same interface as the send socket. Set it to the empty string + to avoid binding the receive socket to any interface while the send socket + is bound to one. If the server runs on the same host and the send socket is + bound to an interface, it might be necessary to set this to `lo` or the + empty string. diff --git a/src/libcharon/network/pf_handler.c b/src/libcharon/network/pf_handler.c index 43ef432ba6..aaaf7a177f 100644 --- a/src/libcharon/network/pf_handler.c +++ b/src/libcharon/network/pf_handler.c @@ -176,7 +176,8 @@ static cached_iface_t *find_interface(private_pf_handler_t *this, int fd, if (ioctl(fd, SIOCGIFNAME, &req) == 0 && ioctl(fd, SIOCGIFHWADDR, &req) == 0 && - req.ifr_hwaddr.sa_family == ARPHRD_ETHER) + (req.ifr_hwaddr.sa_family == ARPHRD_ETHER || + req.ifr_hwaddr.sa_family == ARPHRD_LOOPBACK)) { idx = find_least_used_cache_entry(this); @@ -225,6 +226,30 @@ METHOD(pf_handler_t, destroy, void, free(this); } +/** + * Bind the given packet socket to the a named device + */ +static bool bind_packet_socket_to_device(int fd, char *iface) +{ + struct sockaddr_ll addr = { + .sll_family = AF_PACKET, + .sll_ifindex = if_nametoindex(iface), + }; + + if (!addr.sll_ifindex) + { + DBG1(DBG_CFG, "unable to bind socket to '%s': not found", iface); + return FALSE; + } + if (bind(fd, (struct sockaddr*)&addr, sizeof(addr)) == -1) + { + DBG1(DBG_CFG, "binding socket to '%s' failed: %s", + iface, strerror(errno)); + return FALSE; + } + return TRUE; +} + /** * Setup capturing via AF_PACKET socket */ @@ -247,14 +272,15 @@ static bool setup_internal(private_pf_handler_t *this, char *iface, this->name, strerror(errno)); return FALSE; } - if (iface && !bind_to_device(this->receive, iface)) + if (iface && iface[0] && !bind_packet_socket_to_device(this->receive, iface)) { return FALSE; } lib->watcher->add(lib->watcher, this->receive, WATCHER_READ, receive_packet, this); - DBG2(DBG_NET, "listening for %s (protocol=0x%04x) requests on fd=%d", - this->name, protocol, this->receive); + DBG2(DBG_NET, "listening for %s (protocol=0x%04x) requests on fd=%d bound " + "to %s", this->name, protocol, this->receive, + iface && iface[0] ? iface : "no interface"); return TRUE; } diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c index d144e27959..ae4952f242 100644 --- a/src/libcharon/plugins/dhcp/dhcp_socket.c +++ b/src/libcharon/plugins/dhcp/dhcp_socket.c @@ -716,7 +716,7 @@ dhcp_socket_t *dhcp_socket_create() }, }; socklen_t addr_len; - char *iface; + char *iface, *iface_receive; int on = 1, rcvbuf = 0; #if !defined(__APPLE__) && !defined(__FreeBSD__) @@ -809,8 +809,11 @@ dhcp_socket_t *dhcp_socket_create() this->dst = host_create_from_string(lib->settings->get_str(lib->settings, "%s.plugins.dhcp.server", "255.255.255.255", lib->ns), DHCP_SERVER_PORT); - iface = lib->settings->get_str(lib->settings, "%s.plugins.dhcp.interface", - NULL, lib->ns); + iface = lib->settings->get_str(lib->settings, + "%s.plugins.dhcp.interface", NULL, lib->ns); + iface_receive = lib->settings->get_str(lib->settings, + "%s.plugins.dhcp.interface_receive", NULL, + lib->ns) ?: iface; if (!this->dst) { DBG1(DBG_CFG, "configured DHCP server address invalid"); @@ -873,8 +876,8 @@ dhcp_socket_t *dhcp_socket_create() return NULL; } - this->pf_handler = pf_handler_create("DHCP", iface, receive_dhcp, this, - &dhcp_filter); + this->pf_handler = pf_handler_create("DHCP", iface_receive, receive_dhcp, + this, &dhcp_filter); if (!this->pf_handler) { destroy(this);