Re: [PATCH] nping: bind to interface on Linux for IPv4 send-ip

[David Fifield <david () bamsoftware com>]

I was going to ask if the same is needed for IPv6, but SO_BINDTODEVICE
is already being set for IPv6:
https://github.com/nmap/nmap/blob/b6e67f834c8cae6c91a33e13ded0c4936534c3df/nping/ProbeMode.cc#L723

There's a function socket_bindtodevice in Nbase that should perhaps be
used in both these places:
https://github.com/nmap/nmap/blob/b6e67f834c8cae6c91a33e13ded0c4936534c3df/nbase/nbase_misc.c#L264
https://github.com/nmap/nmap/commit/6ec453e4e8ec5e1d7270d305f5818611fd92431c

On Thu, May 30, 2024 at 07:43:46PM +0300, ValdikSS via dev wrote:
> Linux RAW sockets need to be bound to interface, if the interface is
> L3 tunnel (OpenVPN TUN for example).
> Otherwise the packet goes via default route, regardless of
> `--interface` or `--source-ip` options.
> ---
>  nping/ProbeMode.cc | 11 +++++++++++
>  1 file changed, 11 insertions(+)
>
> diff --git a/nping/ProbeMode.cc b/nping/ProbeMode.cc
> index 199329b40..ba4c3f82d 100644
> --- a/nping/ProbeMode.cc
> +++ b/nping/ProbeMode.cc
> @@ -807,6 +807,17 @@ int ProbeMode::fillPacketTCP(NpingTarget *target, u16 port, u8 *buff, int buffle
>          }else{
>              t.setSum();
>          }
> +
> +        /* Bind IPv4 socket to a specific network interface */
> +        if ( o.issetDevice() )  {
> +            /* It seems that SO_BINDTODEVICE only work on Linux */
> +            #ifdef LINUX
> +            if (setsockopt(rawfd, SOL_SOCKET, SO_BINDTODEVICE, o.getDevice(), strlen(o.getDevice())+1) == -1) {
> +                nping_warning(QT_2, "Error binding IPv4 socket to device %s", o.getDevice() );
> +            }
> +            #endif
> +        }
> +
>          /* Store result in user supplied buffer */
>          *filledlen = i.dumpToBinaryBuffer(buff, bufflen);
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at https://seclists.org/nmap-dev/