Provide independent control over which interfaces get TFTP.

2025-12-19 18:28:25 +00:00 · 2013-07-29 19:49:07 +01:00
parent edf0bde0c6
commit 2937f8a040
6 changed files with 58 additions and 16 deletions
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -803,7 +803,7 @@ extern struct daemon {
  struct cond_domain *cond_domain, *synth_domains;
  char *runfile; 
  char *lease_change_command;
-  struct iname *if_names, *if_addrs, *if_except, *dhcp_except, *auth_peers;
+  struct iname *if_names, *if_addrs, *if_except, *dhcp_except, *auth_peers, *tftp_interfaces;
  struct bogus_addr *bogus_addr;
  struct server *servers;
  struct ipsets *ipsets;
--- a/src/network.c
+++ b/src/network.c
@@ -359,6 +359,16 @@ static int iface_allowed(struct iface_param *param, int if_index, char *label,
 	}
 #endif
 
+  
+  if (daemon->tftp_interfaces)
+    {
+      /* dedicated tftp interface list */
+      tftp_ok = 0;
+      for (tmp = daemon->tftp_interfaces; tmp; tmp = tmp->next)
+	if (tmp->name && wildcard_match(tmp->name, ifr.ifr_name))
+	  tftp_ok = 1;
+    }
+  
  /* add to list */
  if ((iface = whine_malloc(sizeof(struct irec))))
    {
--- a/src/option.c
+++ b/src/option.c
@@ -208,7 +208,7 @@ static const struct myoption opts[] =
    { "dns-forward-max", 1, 0, '0' },
    { "clear-on-reload", 0, 0, LOPT_RELOAD },
    { "dhcp-ignore-names", 2, 0, LOPT_NO_NAMES },
-    { "enable-tftp", 0, 0, LOPT_TFTP },
+    { "enable-tftp", 2, 0, LOPT_TFTP },
    { "tftp-secure", 0, 0, LOPT_SECURE },
    { "tftp-unique-root", 0, 0, LOPT_APREF },
    { "tftp-root", 1, 0, LOPT_PREFIX },
@@ -368,7 +368,7 @@ static struct {
  { LOPT_RELOAD, OPT_RELOAD, NULL, gettext_noop("Clear DNS cache when reloading %s."), RESOLVFILE },
  { LOPT_NO_NAMES, ARG_DUP, "[=tag:<tag>]...", gettext_noop("Ignore hostnames provided by DHCP clients."), NULL },
  { LOPT_OVERRIDE, OPT_NO_OVERRIDE, NULL, gettext_noop("Do NOT reuse filename and server fields for extra DHCP options."), NULL },
-  { LOPT_TFTP, OPT_TFTP, NULL, gettext_noop("Enable integrated read-only TFTP server."), NULL },
+  { LOPT_TFTP, ARG_DUP, "[=<intr>[,<intr>]]", gettext_noop("Enable integrated read-only TFTP server."), NULL },
  { LOPT_PREFIX, ARG_DUP, "<dir>[,<iface>]", gettext_noop("Export files by TFTP only from the specified subtree."), NULL },
  { LOPT_APREF, OPT_TFTP_APREF, NULL, gettext_noop("Add client IP address to tftp-root."), NULL },
  { LOPT_SECURE, OPT_TFTP_SECURE, NULL, gettext_noop("Allow access only to files owned by the user running dnsmasq."), NULL },
@@ -1904,6 +1904,12 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
      } while (arg);
      break;
      
+    case LOPT_TFTP: /* --enable-tftp */
+      set_option_bool(OPT_TFTP);
+      if (!arg)
+	break;
+      /* fall through */
+
    case 'I':  /* --except-interface */
    case '2':  /* --no-dhcp-interface */
      do {
@@ -1915,6 +1921,11 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
 	    new->next = daemon->if_except;
 	    daemon->if_except = new;
 	  }
+	else if (option == LOPT_TFTP)
+	   {
+	    new->next = daemon->tftp_interfaces;
+	    daemon->tftp_interfaces = new;
+	  }
 	else
 	  {
 	    new->next = daemon->dhcp_except;
--- a/src/tftp.c
+++ b/src/tftp.c
@@ -198,22 +198,36 @@ void tftp_request(struct listener *listen, time_t now)
 	addra.addr.addr6 = addr.in6.sin6_addr;
 #endif

-      if (!iface_check(listen->family, &addra, name, NULL))
+      if (daemon->tftp_interfaces)
 	{
-	  if (!option_bool(OPT_CLEVERBIND))
-	    enumerate_interfaces(0); 
-	  if (!loopback_exception(listen->tftpfd, listen->family, &addra, name) &&
-	      !label_exception(if_index, listen->family, &addra) )
+	  /* dedicated tftp interface list */
+	  for (tmp = daemon->tftp_interfaces; tmp; tmp = tmp->next)
+	    if (tmp->name && wildcard_match(tmp->name, name))
+	      break;
+
+	  if (!tmp)
 	    return;
 	}
-      
+      else
+	{
+	  /* Do the same as DHCP */
+	  if (!iface_check(listen->family, &addra, name, NULL))
+	    {
+	      if (!option_bool(OPT_CLEVERBIND))
+		enumerate_interfaces(0); 
+	      if (!loopback_exception(listen->tftpfd, listen->family, &addra, name) &&
+		  !label_exception(if_index, listen->family, &addra) )
+		return;
+	    }
+	  
 #ifdef HAVE_DHCP      
-      /* allowed interfaces are the same as for DHCP */
-      for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
-	if (tmp->name && wildcard_match(tmp->name, name))
-	  return;
+	  /* allowed interfaces are the same as for DHCP */
+	  for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
+	    if (tmp->name && wildcard_match(tmp->name, name))
+	      return;
 #endif
-      
+	}
+
      strncpy(ifr.ifr_name, name, IF_NAMESIZE);
      if (ioctl(listen->tftpfd, SIOCGIFMTU, &ifr) != -1)
 	mtu = ifr.ifr_mtu;