diff options
author | Christian Grothoff <christian@grothoff.org> | 2013-01-21 15:36:00 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2013-01-21 15:36:00 +0000 |
commit | cfa84463ead2e088299fa3e036c4d8608efa71e6 (patch) | |
tree | 068706b6e266bb40819232a13ca0c44c244380c9 /src/util/connection.c | |
parent | 380495d0981831e5347303c5ecc717f39cdeb474 (diff) | |
download | gnunet-cfa84463ead2e088299fa3e036c4d8608efa71e6.tar.gz gnunet-cfa84463ead2e088299fa3e036c4d8608efa71e6.zip |
-try force binding client socket to loopback/localhost for localhost connections to facilitate access control checks
Diffstat (limited to 'src/util/connection.c')
-rw-r--r-- | src/util/connection.c | 57 |
1 files changed, 49 insertions, 8 deletions
diff --git a/src/util/connection.c b/src/util/connection.c index d7ae12fb3..cb887c412 100644 --- a/src/util/connection.c +++ b/src/util/connection.c | |||
@@ -733,27 +733,68 @@ try_connect_using_address (void *cls, const struct sockaddr *addr, | |||
733 | ap->addrlen = addrlen; | 733 | ap->addrlen = addrlen; |
734 | ap->connection = connection; | 734 | ap->connection = connection; |
735 | 735 | ||
736 | ap->sock = GNUNET_NETWORK_socket_create (ap->addr->sa_family, SOCK_STREAM, 0); | ||
737 | if (NULL == ap->sock) | ||
738 | { | ||
739 | GNUNET_free (ap); | ||
740 | return; /* not supported by OS */ | ||
741 | } | ||
736 | switch (ap->addr->sa_family) | 742 | switch (ap->addr->sa_family) |
737 | { | 743 | { |
738 | case AF_INET: | 744 | case AF_INET: |
739 | ((struct sockaddr_in *) ap->addr)->sin_port = htons (connection->port); | 745 | { |
746 | struct sockaddr_in bnd; | ||
747 | |||
748 | ((struct sockaddr_in *) ap->addr)->sin_port = htons (connection->port); | ||
749 | |||
750 | bnd.sin_family = AF_INET; | ||
751 | bnd.sin_port = htons (0); | ||
752 | bnd.sin_addr.s_addr = htonl(INADDR_LOOPBACK); | ||
753 | #if HAVE_SOCKADDR_IN_SIN_LEN | ||
754 | bnd.sin_len = sizeof (bnd); | ||
755 | #endif | ||
756 | if (0 == memcmp (&bnd.sin_addr.s_addr, | ||
757 | &((struct sockaddr_in *) ap->addr)->sin_addr.s_addr, | ||
758 | sizeof (bnd.sin_addr.s_addr))) | ||
759 | { | ||
760 | /* bind source IP to FORCE it to be loopback */ | ||
761 | (void) GNUNET_NETWORK_socket_bind (ap->sock, | ||
762 | (const struct sockaddr *) &bnd, | ||
763 | sizeof (bnd)); | ||
764 | } | ||
765 | } | ||
740 | break; | 766 | break; |
741 | case AF_INET6: | 767 | case AF_INET6: |
742 | ((struct sockaddr_in6 *) ap->addr)->sin6_port = htons (connection->port); | 768 | { |
769 | struct sockaddr_in6 bnd; | ||
770 | |||
771 | ((struct sockaddr_in6 *) ap->addr)->sin6_port = htons (connection->port); | ||
772 | |||
773 | bnd.sin6_family = AF_INET6; | ||
774 | bnd.sin6_port = htons (0); | ||
775 | bnd.sin6_addr = in6addr_loopback; | ||
776 | #if HAVE_SOCKADDR_IN_SIN_LEN | ||
777 | bnd.sin6_len = sizeof (bnd); | ||
778 | #endif | ||
779 | if (0 == memcmp (&bnd.sin6_addr, | ||
780 | &((struct sockaddr_in6 *) ap->addr)->sin6_addr, | ||
781 | sizeof (bnd.sin6_addr))) | ||
782 | { | ||
783 | /* bind source IP to FORCE it to be loopback */ | ||
784 | (void) GNUNET_NETWORK_socket_bind (ap->sock, | ||
785 | (const struct sockaddr *) &bnd, | ||
786 | sizeof (bnd)); | ||
787 | } | ||
788 | } | ||
743 | break; | 789 | break; |
744 | default: | 790 | default: |
745 | GNUNET_break (0); | 791 | GNUNET_break (0); |
746 | GNUNET_free (ap); | 792 | GNUNET_free (ap); |
747 | return; /* not supported by us */ | 793 | return; /* not supported by us */ |
748 | } | 794 | } |
749 | ap->sock = GNUNET_NETWORK_socket_create (ap->addr->sa_family, SOCK_STREAM, 0); | ||
750 | if (NULL == ap->sock) | ||
751 | { | ||
752 | GNUNET_free (ap); | ||
753 | return; /* not supported by OS */ | ||
754 | } | ||
755 | LOG (GNUNET_ERROR_TYPE_INFO, _("Trying to connect to `%s' (%p)\n"), | 795 | LOG (GNUNET_ERROR_TYPE_INFO, _("Trying to connect to `%s' (%p)\n"), |
756 | GNUNET_a2s (ap->addr, ap->addrlen), connection); | 796 | GNUNET_a2s (ap->addr, ap->addrlen), connection); |
797 | |||
757 | if ((GNUNET_OK != | 798 | if ((GNUNET_OK != |
758 | GNUNET_NETWORK_socket_connect (ap->sock, ap->addr, ap->addrlen)) && | 799 | GNUNET_NETWORK_socket_connect (ap->sock, ap->addr, ap->addrlen)) && |
759 | (EINPROGRESS != errno)) | 800 | (EINPROGRESS != errno)) |