Re: Binding the socket to a source IP address before connect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
Thanks Michael. I'll check if your proposal fits my requirement.

Regards,
Sanjaya

On Wed, Jan 10, 2018 at 7:55 PM, Michael Richardson <mcr@xxxxxxxxxxxx> wrote:

Sanjaya Joshi <joshi.sanjaya@xxxxxxxxx> wrote:
    > Is there a BIO family of API that OpenSSL provides to bind to a
    > specific source IP address before creating a socket connection (using
    > for e.g. BIO_new_connect()) ?

I think not... BIO_new_connect() allocates the BIO, and so there isn't any
state to set up before you call that.

I've had to add a place to store the sockaddr to the DGRAM method in order to
make DTLS work the way I want it, and it could be extended to TCP sockets I
think, but not using the flow that you are using.

However, you can provide the FD to the SSL context using BIO_set_fd()
and SSL_set_bio():

    BIO_set_fd(inbio, connectedfd, BIO_NOCLOSE);
    SSL_set_bio(ssl, inbio, outbio);

Then you can set up the connectedfd any way you want, calling bind() before
connect.  That means that you might have to parse the host/IP + port
yourself, but getaddrinfo() can do that for you, and
          int BIO_lookup(const char *host, const char *service,
                         enum BIO_lookup_type lookup_type,
                         int family, int socktype, BIO_ADDRINFO **res);

wraps it all nicely for you.

    > My application does not need to rely on the kernel-provided source IP
    > address and hence the need for this.

Just remember to test with IPv6 Link-Local addresses, because they do
matter, and they are hard to get right from userspace.
(And if you aren't doing IPv6 testing, then you probably shouldn't be
creating new code)

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@xxxxxxxxxxxx  http://www.sandelman.ca/        |   ruby on rails    [


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux