Re: [PATCH] nping: bind to interface on Linux for IPv4 send-ip

Mon, 10 Feb 2025 13:09:49 -0800 

Thanks, Valdik! I reviewed the code and moved the call to
socket_bindtodevice() to ProbeMode::start() so that it will affect all
modes, not just TCP. The change is in r39078.

Dan

On Thu, May 30, 2024 at 12:54 PM David Fifield <da...@bamsoftware.com>
wrote:

> I was going to ask if the same is needed for IPv6, but SO_BINDTODEVICE
> is already being set for IPv6:
>
> https://github.com/nmap/nmap/blob/b6e67f834c8cae6c91a33e13ded0c4936534c3df/nping/ProbeMode.cc#L723
>
> There's a function socket_bindtodevice in Nbase that should perhaps be
> used in both these places:
>
> https://github.com/nmap/nmap/blob/b6e67f834c8cae6c91a33e13ded0c4936534c3df/nbase/nbase_misc.c#L264
>
> https://github.com/nmap/nmap/commit/6ec453e4e8ec5e1d7270d305f5818611fd92431c
>
> On Thu, May 30, 2024 at 07:43:46PM +0300, ValdikSS via dev wrote:
> > Linux RAW sockets need to be bound to interface, if the interface is
> > L3 tunnel (OpenVPN TUN for example).
> > Otherwise the packet goes via default route, regardless of
> > `--interface` or `--source-ip` options.
> > ---
> >  nping/ProbeMode.cc | 11 +++++++++++
> >  1 file changed, 11 insertions(+)
> >
> > diff --git a/nping/ProbeMode.cc b/nping/ProbeMode.cc
> > index 199329b40..ba4c3f82d 100644
> > --- a/nping/ProbeMode.cc
> > +++ b/nping/ProbeMode.cc
> > @@ -807,6 +807,17 @@ int ProbeMode::fillPacketTCP(NpingTarget *target,
> u16 port, u8 *buff, int buffle
> >          }else{
> >              t.setSum();
> >          }
> > +
> > +        /* Bind IPv4 socket to a specific network interface */
> > +        if ( o.issetDevice() )  {
> > +            /* It seems that SO_BINDTODEVICE only work on Linux */
> > +            #ifdef LINUX
> > +            if (setsockopt(rawfd, SOL_SOCKET, SO_BINDTODEVICE,
> o.getDevice(), strlen(o.getDevice())+1) == -1) {
> > +                nping_warning(QT_2, "Error binding IPv4 socket to
> device %s", o.getDevice() );
> > +            }
> > +            #endif
> > +        }
> > +
> >          /* Store result in user supplied buffer */
> >          *filledlen = i.dumpToBinaryBuffer(buff, bufflen);
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at https://seclists.org/nmap-dev/
>

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at https://seclists.org/nmap-dev/

Reply via email to