[Bro-Commits-Internal] CompileDebug - Build # 235 - Failure!

Sorry about that - I should've done more digging to see if that would work on BSD-type systems.

From what I can tell, you can just use bind to bind a socket to an address, but there's no way to bind directly to an interface. If we want to continue with specifying interfaces instead of addresses, we'd have to call getifaddrs, and iterate through the interfaces to get the address associated with a specific interface name.

This would introduce the limitation that you can only send RSTs out of an interface that has an address associated with it. I don't think that's a particularly troublesome limitation, but just something to keep in mind.

Does this sound like a reasonable way to proceed?

  --Vlad

From what I can tell, you can just use bind to bind a socket to an address, but there's no way to bind directly to an interface. If we want to continue with specifying interfaces instead of addresses, we'd have to call getifaddrs, and iterate through the interfaces to get the address associated with a specific interface name.

I think this excerpt from [1] has another reason why that might not be the most reliable solution:

"The bind() system call is frequently misunderstood. It is used to bind to a particular IP address. Only packets destined to that IP address will be received, and any transmitted packets will carry that IP address as their source. bind() does not control anything about the routing of transmitted packets. So for example, if you bound to the IP address of eth0 but you send a packet to a destination where the kernel's best route goes out eth1, it will happily send the packet out eth1 with the source IP address of eth0."

And I didn't see alternatives to SO_BINDTODEVICE in my brief search. There was mentions of IP_SENDIF for BSD, but that looked like it might be available only as a patch right now.

So maybe the thing to do for now (if know one else knows how to make it portable) is just make it a Linux-only feature -- add some configure-time checks for platform (if they aren't there already), and then wrap the code in preprocessor directives.

    Jon

[1] http://codingrelic.geekhold.com/2009/10/code-snippet-sobindtodevice.html

yeah, I had the same thought.

Robin

I also couldn't find an easy non-Linux solution for this, so I
just #ifdef'd the code to make it Linux-only.

-Daniel