[Bro-Dev] [Bro-Commits-Internal] CompileDebug - Build # 235 - Failure!
Daniel Thayer
dnthayer at illinois.edu
Thu Nov 1 12:02:48 PDT 2012
On 11/01/2012 11:04 AM, Siwek, Jonathan Luke wrote:
>>> From what I can tell, you can just use bind to bind a socket to an address, but there's no way to bind directly to an interface. If we want to continue with specifying interfaces instead of addresses, we'd have to call getifaddrs, and iterate through the interfaces to get the address associated with a specific interface name.
>
> I think this excerpt from [1] has another reason why that might not be the most reliable solution:
>
> "The bind() system call is frequently misunderstood. It is used to bind to a particular IP address. Only packets destined to that IP address will be received, and any transmitted packets will carry that IP address as their source. bind() does not control anything about the routing of transmitted packets. So for example, if you bound to the IP address of eth0 but you send a packet to a destination where the kernel's best route goes out eth1, it will happily send the packet out eth1 with the source IP address of eth0."
>
> And I didn't see alternatives to SO_BINDTODEVICE in my brief search. There was mentions of IP_SENDIF for BSD, but that looked like it might be available only as a patch right now.
>
> So maybe the thing to do for now (if know one else knows how to make it portable) is just make it a Linux-only feature -- add some configure-time checks for platform (if they aren't there already), and then wrap the code in preprocessor directives.
>
> Jon
>
> [1] http://codingrelic.geekhold.com/2009/10/code-snippet-sobindtodevice.html
I also couldn't find an easy non-Linux solution for this, so I
just #ifdef'd the code to make it Linux-only.
-Daniel
More information about the bro-dev
mailing list