enable_ipsecmod
enable_ipset
with_libmnl
+enable_explicit_port_randomisation
with_libunbound_only
'
ac_precious_vars='build_alias
--enable-ipsecmod Enable ipsecmod module that facilitates
opportunistic IPsec
--enable-ipset enable ipset module
+ --disable-explicit-port-randomisation
+ disable explicit source port randomisation and rely
+ on the kernel to provide random source ports
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
# nothing
;;
esac
+# Check whether --enable-explicit-port-randomisation was given.
+if test "${enable_explicit_port_randomisation+set}" = set; then :
+ enableval=$enable_explicit_port_randomisation;
+fi
+
+case "$enable_explicit_port_randomisation" in
+ no)
+
+$as_echo "#define DISABLE_EXPLICIT_PORT_RANDOMISATION 1" >>confdefs.h
+
+ ;;
+ yes|*)
+ ;;
+esac
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if ${MAKE:-make} supports $< with implicit rule in scope" >&5
$as_echo_n "checking if ${MAKE:-make} supports $< with implicit rule in scope... " >&6; }
comm_point_close(pc->cp);
pif = pc->pif;
log_assert(pif->inuse > 0);
+#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION
pif->avail_ports[pif->avail_total - pif->inuse] = pc->number;
+#endif
pif->inuse--;
pif->out[pc->index] = pif->out[pif->inuse];
pif->out[pc->index]->index = pc->index;
static int setup_if(struct port_if* pif, const char* addrstr,
int* avail, int numavail, size_t numfd)
{
+#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION
pif->avail_total = numavail;
pif->avail_ports = (int*)memdup(avail, (size_t)numavail*sizeof(int));
if(!pif->avail_ports)
return 0;
+#endif
if(!ipstrtoaddr(addrstr, UNBOUND_DNS_PORT, &pif->addr, &pif->addrlen) &&
!netblockstrtoaddr(addrstr, UNBOUND_DNS_PORT,
&pif->addr, &pif->addrlen, &pif->pfxlen))
comm_point_delete(pc->cp);
free(pc);
}
+#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION
free(outnet->ip4_ifs[i].avail_ports);
+#endif
free(outnet->ip4_ifs[i].out);
}
free(outnet->ip4_ifs);
comm_point_delete(pc->cp);
free(pc);
}
+#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION
free(outnet->ip6_ifs[i].avail_ports);
+#endif
free(outnet->ip6_ifs[i].out);
}
free(outnet->ip6_ifs);
while(1) {
my_if = ub_random_max(outnet->rnd, num_if);
pif = &ifs[my_if];
+#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION
my_port = ub_random_max(outnet->rnd, pif->avail_total);
if(my_port < pif->inuse) {
/* port already open */
/* try to open new port, if fails, loop to try again */
log_assert(pif->inuse < pif->maxout);
portno = pif->avail_ports[my_port - pif->inuse];
+#else
+ my_port = portno = 0;
+#endif
fd = udp_sockport(&pif->addr, pif->addrlen, pif->pfxlen,
portno, &inuse, outnet->rnd);
if(fd == -1 && !inuse) {
/* grab port in interface */
pif->out[pif->inuse] = pend->pc;
+#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION
pif->avail_ports[my_port - pif->inuse] =
pif->avail_ports[pif->avail_total-pif->inuse-1];
+#endif
pif->inuse++;
break;
}
}
addr = &pif->addr;
addrlen = pif->addrlen;
+#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION
pnum = ub_random_max(outnet->rnd, pif->avail_total);
if(pnum < pif->inuse) {
/* port already open */
/* unused ports in start part of array */
port = pif->avail_ports[pnum - pif->inuse];
}
-
+#else
+ pnum = port = 0;
+#endif
if(addr_is_ip6(to_addr, to_addrlen)) {
struct sockaddr_in6 sa = *(struct sockaddr_in6*)addr;
sa.sin6_port = (in_port_t)htons((uint16_t)port);
{
size_t s;
int i;
- s = sizeof(*pif) + sizeof(int)*pif->avail_total +
+ s = sizeof(*pif) +
+#ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION
+ sizeof(int)*pif->avail_total +
+#endif
sizeof(struct port_comm*)*pif->maxout;
for(i=0; i<pif->inuse; i++)
s += sizeof(*pif->out[i]) +