From: Wouter Wijngaards Date: Mon, 15 Feb 2016 08:17:54 +0000 (+0000) Subject: - ip-transparent option for FreeBSD with IP_BINDANY socket option. X-Git-Tag: release-1.5.8~16 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=85de673b6b760e6ba700b5d4d205984eed3dd92d;p=thirdparty%2Funbound.git - ip-transparent option for FreeBSD with IP_BINDANY socket option. git-svn-id: file:///svn/unbound/trunk@3623 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index 524882657..2ad8ae409 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +15 February 2016: Wouter + - ip-transparent option for FreeBSD with IP_BINDANY socket option. + 9 February 2016: Wouter - Test for type OPENPGPKEY. - insecure-lan-zones: yesno config option, patch from Dag-Erling diff --git a/doc/example.conf.in b/doc/example.conf.in index 0b7752bc7..87fd69258 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -90,6 +90,7 @@ server: # use IP_TRANSPARENT so the interface: addresses can be non-local # and you can config non-existing IPs that are going to work later on + # (uses IP_BINDANY on FreeBSD). # ip-transparent: no # EDNS reassembly buffer to advertise to UDP peers (the actual buffer diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index c0be89650..7f122112a 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -275,7 +275,7 @@ are going to exist later on, with host failover configuration. This is a lot like interface\-automatic, but that one services all interfaces and with this option you can select which (future) interfaces unbound provides service on. This option needs unbound to be started with root -permissions on some systems. +permissions on some systems. The option uses IP_BINDANY on FreeBSD systems. .TP .B rrset\-cache\-size: \fI Number of bytes size of the RRset cache. Default is 4 megabytes. diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c index 561c0f21a..e7a14979f 100644 --- a/services/listen_dnsport.c +++ b/services/listen_dnsport.c @@ -99,7 +99,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, int rcv, int snd, int listen, int* reuseport, int transparent) { int s; -#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_USE_MIN_MTU) || defined(IP_TRANSPARENT) +#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_USE_MIN_MTU) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) int on=1; #endif #ifdef IPV6_MTU @@ -114,7 +114,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, #ifndef IPV6_V6ONLY (void)v6only; #endif -#ifndef IP_TRANSPARENT +#if !defined(IP_TRANSPARENT) && !defined(IP_BINDANY) (void)transparent; #endif if((s = socket(family, socktype, 0)) == -1) { @@ -187,7 +187,14 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, log_warn("setsockopt(.. IP_TRANSPARENT ..) failed: %s", strerror(errno)); } -#endif /* IP_TRANSPARENT */ +#elif defined(IP_BINDANY) + if (transparent && + setsockopt(s, IPPROTO_IP, IP_BINDANY, (void*)&on, + (socklen_t)sizeof(on)) < 0) { + log_warn("setsockopt(.. IP_BINDANY ..) failed: %s", + strerror(errno)); + } +#endif /* IP_TRANSPARENT || IP_BINDANY */ } if(rcv) { #ifdef SO_RCVBUF