/mandos/trunk : revision 505.2.1

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.c

Committer: teddy at bsnet
Date: 2011-11-10 12:24:37 UTC
mto: (505.2.5 mandos-client-network-hooks)
mto: This revision was merged to the branch mainline in revision 525.
Revision ID: teddy@fukt.bsnet.se-20111110122437-tdq3mvr7rqygfyy2

* plugins.d/mandos-client.c (good_interface): Use SIOCGIFFLAGS instead
of reading
/sys/class/net/*/flags.

files modified:
plugins.d/mandos-client.c

Show diffs side-by-side

added added

removed removed

plugins.d/mandos-client.c

1092

1093

int good_interface(const struct dirent *if_entry){

1094

ssize_t ssret;

1095

char *flagname = NULL;

1095

int ret;

1096

if(if_entry->d_name[0] == '.'){

1097

return 0;

1098

}

1099

int ret = asprintf(&flagname, "%s/%s/flags", sys_class_net,

1100

if_entry->d_name);

1101

if(ret < 0){

1102

perror_plus("asprintf");

1103

return 0;

1104

}

1105

int flags_fd = (int)TEMP_FAILURE_RETRY(open(flagname, O_RDONLY));

1106

if(flags_fd == -1){

1107

perror_plus("open");

1108

free(flagname);

1109

return 0;

1110

}

1111

free(flagname);

1112

typedef short ifreq_flags; /* ifreq.ifr_flags in netdevice(7) */

1113

/* read line from flags_fd */

1114

ssize_t to_read = 2+(sizeof(ifreq_flags)*2)+1; /* "0x1003\n" */

1115

char *flagstring = malloc((size_t)to_read+1); /* +1 for final \0 */

1116

flagstring[(size_t)to_read] = '\0';

1117

if(flagstring == NULL){

1118

perror_plus("malloc");

1119

close(flags_fd);

1120

return 0;

1121

}

1122

while(to_read > 0){

1123

ssret = (ssize_t)TEMP_FAILURE_RETRY(read(flags_fd, flagstring,

1124

(size_t)to_read));

1125

if(ssret == -1){

1126

perror_plus("read");

1127

free(flagstring);

1128

close(flags_fd);

1129

return 0;

1130

}

1131

to_read -= ssret;

1132

if(ssret == 0){

1133

break;

1134

}

1135

}

1136

close(flags_fd);

1137

intmax_t tmpmax;

1138

char *tmp;

1139

errno = 0;

1140

tmpmax = strtoimax(flagstring, &tmp, 0);

1141

if(errno != 0 or tmp == flagstring or (*tmp != '\0'

1142

and not (isspace(*tmp)))

1143

or tmpmax != (ifreq_flags)tmpmax){

1099

int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);

1100

if(s < 0){

1101

perror_plus("socket");

1102

return 0;

1103

}

1104

struct ifreq ifr;

1105

strcpy(ifr.ifr_name, if_entry->d_name);

1106

ret = ioctl(s, SIOCGIFFLAGS, &ifr);

1107

if(ret == -1){

1144

1108

if(debug){

1145

fprintf(stderr, "Invalid flags \"%s\" for interface \"%s\"\n",

1146

flagstring, if_entry->d_name);

1109

perror_plus("ioctl SIOCGIFFLAGS");

1147

1110

}

1148

free(flagstring);

1149

1111

return 0;

1150

1112

}

1151

free(flagstring);

1152

ifreq_flags flags = (ifreq_flags)tmpmax;

1153

1113

/* Reject the loopback device */

1154

if(flags & IFF_LOOPBACK){

1114

if(ifr.ifr_flags & IFF_LOOPBACK){

1155

1115

if(debug){

1156

1116

fprintf(stderr, "Rejecting loopback interface \"%s\"\n",

1157

1117

if_entry->d_name);

1159

1119

return 0;

1160

1120

}

1161

1121

/* Accept point-to-point devices only if connect_to is specified */

1162

if(connect_to != NULL and (flags & IFF_POINTOPOINT)){

1122

if(connect_to != NULL and (ifr.ifr_flags & IFF_POINTOPOINT)){

1163

1123

if(debug){

1164

1124

fprintf(stderr, "Accepting point-to-point interface \"%s\"\n",

1165

1125

if_entry->d_name);

1167

1127

return 1;

1168

1128

}

1169

1129

/* Otherwise, reject non-broadcast-capable devices */

1170

if(not (flags & IFF_BROADCAST)){

1130

if(not (ifr.ifr_flags & IFF_BROADCAST)){

1171

1131

if(debug){

1172

1132

fprintf(stderr, "Rejecting non-broadcast interface \"%s\"\n",

1173

1133

if_entry->d_name);

1175

1135

return 0;

1176

1136

}

1177

1137

/* Reject non-ARP interfaces (including dummy interfaces) */

1178

if(flags & IFF_NOARP){

1138

if(ifr.ifr_flags & IFF_NOARP){

1179

1139

if(debug){

1180

1140

fprintf(stderr, "Rejecting non-ARP interface \"%s\"\n",

1181

1141

if_entry->d_name);

Older »