From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 5 Jan 2023 21:10:46 +0000 (+0100)
Subject: resolved: disable SO_BINDTOIFINDEX hack for localhost IP addresses
X-Git-Tag: v253-rc1~178
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5f9041afec65ce88c8b2a2ca3f6d14802ac01a56;p=thirdparty%2Fsystemd.git

resolved: disable SO_BINDTOIFINDEX hack for localhost IP addresses

Fixes: #23010
---

diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index 7b82ae2b458..c95875ec101 100644
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -474,7 +474,8 @@ static int dns_scope_socket(
                  * host result in EHOSTUNREACH, since Linux won't send the packets out of the specified
                  * interface, but delivers them directly to the local socket. */
                 if (s->link &&
-                    !manager_find_link_address(s->manager, sa.sa.sa_family, sockaddr_in_addr(&sa.sa))) {
+                    !manager_find_link_address(s->manager, sa.sa.sa_family, sockaddr_in_addr(&sa.sa)) &&
+                    in_addr_is_localhost(sa.sa.sa_family, sockaddr_in_addr(&sa.sa)) == 0) {
                         r = socket_bind_to_ifindex(fd, ifindex);
                         if (r < 0)
                                 return r;