From Ollie Wild: if we're bound to an interface, discard incoming

packets that didn't arrive on that interface, so packets from other
interfaces that get onto the socket queue before we bind the socket to
the interface don't get supplied to the application (binding the socket
doesn't discard incoming packets).

diff --git a/CREDITS b/CREDITS
index c1203360fc3d84e063aa66c08050d8ddfdad06d2..483482d74ea6e50e995c7a16a5490f26308744eb 100644 (file)
--- a/CREDITS
+++ b/CREDITS
@@ -70,6 +70,7 @@ Additional people who have contributed patches:
        Nicolas Dade                    <[email protected]>
        Octavian Cerna                  <[email protected]>
        Olaf Kirch                      <[email protected]>
+       Ollie Wild                      <[email protected]>
        Onno van der Linden             <[email protected]>
        Patrick Marie                   <[email protected]>
        Paul Mundt                      <[email protected]>

diff --git a/pcap-linux.c b/pcap-linux.c
index 3a9503db55c9e85485511646916a4b1d42fc5e6c..274fcb2bdad5d5966bbaf4d6b07773d273b1c9dd 100644 (file)
--- a/pcap-linux.c
+++ b/pcap-linux.c
@@ -27,7 +27,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/pcap-linux.c,v 1.120 2006-02-23 07:35:08 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/pcap-linux.c,v 1.121 2006-04-07 08:02:28 guy Exp $ (LBL)";
 #endif
 
 /*
@@ -526,6 +526,22 @@ pcap_read_packet(pcap_t *handle, pcap_handler callback, u_char *userdata)
 
 #ifdef HAVE_PF_PACKET_SOCKETS
        if (!handle->md.sock_packet) {
+               /*
+                * Unfortunately, there is a window between socket() and
+                * bind() where the kernel may queue packets from any
+                * interface.  If we're bound to a particular interface,
+                * discard packets not from that interface.
+                *
+                * (If socket filters are supported, we could do the
+                * same thing we do when changing the filter; however,
+                * that won't handle packet sockets without socket
+                * filter support, and it's a bit more complicated.
+                * It would save some instructions per packet, however.)
+                */
+               if (handle->md.ifindex != -1 &&
+                   from.sll_ifindex != handle->md.ifindex)
+                       return 0;
+
                /*
                 * Do checks based on packet direction.
                 * We can only do this if we're using PF_PACKET; the