[avahi] [PATCH] [RFC] Untested bind to ipaddress (interface)
Lennart Poettering
lennart at poettering.net
Sun May 11 06:06:53 PDT 2008
On Sun, 11.05.08 02:47, Stefan de Konink (avahi at ml.kinkrsoftware.nl) wrote:
Hey!
> The option to disable multicast sounds attractive, but is not
> reliable for me. I started hacking and I come up with an *untested*
> patch, it compiles but I have my question marks with its working.
> My guess is the code in main.c, wide-area.c, core.h, server.c will
> work. (Minor questionmark about "::", but I guess that would be
> valid.)
memset(..., 0, ...) is good too.
Just binding a socket to a specific address wouldn't help much since
Avahi specifies the source address/iface and destination iface for
on each send() call anyway.
The right way to implement what you are asking for is to add some code
to ignore a specific list of interface names when discovering
local interfaces. It's probably just a matter of patching
avahi_interface_is_relevant() in iface.c to do a simple string based
matching against interface names. (Patches always welcome)
Just binding a socket to a specific address gives you a false sense of
security at best. Neither is having a socket bound to 0.0.0.0
necessarily insecure, nor is one bound to a specific IP address secure
-- in regards of receiveing packets form or leaking packets to
unwanted networks.
Also, limiting access to a single iface only doesn't appear such a
good idea to me. Ideally we'd have both a blacklist or a whitelist
of interface names defined in avahi-daemon.conf.
Lennart
--
Lennart Poettering Red Hat, Inc.
lennart [at] poettering [dot] net ICQ# 11060553
http://0pointer.net/lennart/ GnuPG 0x1A015CC4
More information about the avahi
mailing list