- ip-transparent option for FreeBSD with IP_BINDANY socket option.

git-svn-id: file:///svn/unbound/trunk@3623 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 5248826571aaf4eacd3f26fa403d0647c60eed71..2ad8ae40981182d4426934a66e3abf535723c6fd 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+15 February 2016: Wouter
+       - ip-transparent option for FreeBSD with IP_BINDANY socket option.
+
 9 February 2016: Wouter
        - Test for type OPENPGPKEY.
        - insecure-lan-zones: yesno config option, patch from Dag-Erling

diff --git a/doc/example.conf.in b/doc/example.conf.in
index 0b7752bc777345a3b0a6bbd740656506585d461f..87fd69258ef42aecea70a71b02a43a66726a99e5 100644 (file)
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -90,6 +90,7 @@ server:
 
        # use IP_TRANSPARENT so the interface: addresses can be non-local
        # and you can config non-existing IPs that are going to work later on
+       # (uses IP_BINDANY on FreeBSD).
        # ip-transparent: no
 
        # EDNS reassembly buffer to advertise to UDP peers (the actual buffer

diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index c0be896503ee03b315e7349b633c232d80ec94af..7f122112a2746e8f048be0ee48e1ae3b3c03a8dc 100644 (file)
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -275,7 +275,7 @@ are going to exist later on, with host failover configuration.  This is
 a lot like interface\-automatic, but that one services all interfaces
 and with this option you can select which (future) interfaces unbound
 provides service on.  This option needs unbound to be started with root
-permissions on some systems.
+permissions on some systems.  The option uses IP_BINDANY on FreeBSD systems.
 .TP
 .B rrset\-cache\-size: \fI<number>
 Number of bytes size of the RRset cache. Default is 4 megabytes.

diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c
index 561c0f21af632f56fcacaf690b7c75ff54814a25..e7a14979f130415ea5340b4ff7f49d11454c724a 100644 (file)
--- a/services/listen_dnsport.c
+++ b/services/listen_dnsport.c
@@ -99,7 +99,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
        int rcv, int snd, int listen, int* reuseport, int transparent)
 {
        int s;
-#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_USE_MIN_MTU)  || defined(IP_TRANSPARENT)
+#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_USE_MIN_MTU)  || defined(IP_TRANSPARENT) || defined(IP_BINDANY)
        int on=1;
 #endif
 #ifdef IPV6_MTU
@@ -114,7 +114,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
 #ifndef IPV6_V6ONLY
        (void)v6only;
 #endif
-#ifndef IP_TRANSPARENT
+#if !defined(IP_TRANSPARENT) && !defined(IP_BINDANY)
        (void)transparent;
 #endif
        if((s = socket(family, socktype, 0)) == -1) {
@@ -187,7 +187,14 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
                        log_warn("setsockopt(.. IP_TRANSPARENT ..) failed: %s",
                        strerror(errno));
                }
-#endif /* IP_TRANSPARENT */
+#elif defined(IP_BINDANY)
+               if (transparent &&
+                   setsockopt(s, IPPROTO_IP, IP_BINDANY, (void*)&on,
+                   (socklen_t)sizeof(on)) < 0) {
+                       log_warn("setsockopt(.. IP_BINDANY ..) failed: %s",
+                       strerror(errno));
+               }
+#endif /* IP_TRANSPARENT || IP_BINDANY */
        }
        if(rcv) {
 #ifdef SO_RCVBUF