On 2011/01/25 11:06, Peter Hessler wrote:
> When using isakmpd in conjunction with routing tables / rdomains, you
> need to create an isakmpd.conf file telling it to only listen on some
> interfaces.
>
> This diff changes isakmpd to only listen on the interfaces within the
> same routing table, so the config file is no longer needed.
>
> OK?
Diff is basically ok with me, but the comment above, "Note:
This socket is only used to collect the interface status" is no
longer correct. Maybe something like this?
Index: virtual.c
===================================================================
RCS file: /cvs/src/sbin/isakmpd/virtual.c,v
retrieving revision 1.30
diff -u -p -r1.30 virtual.c
--- virtual.c 28 Jan 2009 17:57:15 -0000 1.30
+++ virtual.c 25 Jan 2011 10:54:02 -0000
@@ -394,7 +394,8 @@ virtual_bind_if(char *ifname, struct soc
/*
* Don't bother with interfaces that are down.
- * Note: This socket is only used to collect the interface status.
+ * Note: This socket is only used to collect the interface status,
+ * rdomain, and inet6 addresses.
*/
s = socket(if_addr->sa_family, SOCK_DGRAM, 0);
if (s == -1) {
@@ -438,6 +439,22 @@ virtual_bind_if(char *ifname, struct soc
return 0;
}
}
+
+ if (ioctl(s, SIOCGIFRDOMAIN, (caddr_t)&flags_ifr) == -1) {
+ log_error("virtual_bind_if: "
+ "ioctl (%d, SIOCGIFRDOMAIN, ...) failed", s);
+ close(s);
+ return -1;
+ }
+
+ /*
+ * Ignore interfaces outside of our rtable
+ */
+ if (getrtable() != flags_ifr.ifr_rdomainid) {
+ close(s);
+ return 0;
+ }
+
close(s);
/* Set the port number to zero. */
