From 3d6d27368891128a40de6047d38771cea2c90760 Mon Sep 17 00:00:00 2001
From: zsdc <taras@vyos.io>
Date: Tue, 14 Feb 2023 18:26:45 +0200
Subject: misc: T4992: Replaced logic in `is_local_address`

Old logic relied on the ability to bind to a socket on a specified IP address
which does not work when `net.ipv4.ip_nonlocal_bind = 1`.

This implementation uses a `local` IP routing table to see if a route to
an IP address can be resolved using the table.
---
 lib/Vyatta/Misc.pm | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

(limited to 'lib')

diff --git a/lib/Vyatta/Misc.pm b/lib/Vyatta/Misc.pm
index 7d47b3c..baae576 100755
--- a/lib/Vyatta/Misc.pm
+++ b/lib/Vyatta/Misc.pm
@@ -39,6 +39,7 @@ our @EXPORT_OK = qw(generate_dhclient_intf_files
 use Vyatta::Config;
 use Vyatta::Interface;
 use NetAddr::IP;
+use NetAddr::IP::Lite;
 use Socket;
 Socket6->import(qw(inet_pton getaddrinfo));
 
@@ -211,27 +212,32 @@ sub getInterfaces {
 }
 
 # Test if IP address is local to the system.
-# Implemented by doing bind since by default
-# Linux will only allow binding to local addresses
+# Implemented by checking a local route table
 sub is_local_address {
     my $addr = shift;
-    my $ip = new NetAddr::IP $addr;
+    my $ip = new NetAddr::IP::Lite($addr);
     die "$addr: not a valid IP address"
         unless $ip;
 
-    my ($pf, $sockaddr);
+    # prepare an ip command
+    my $iproute_cmd;
     if ($ip->version() == 4) {
-        $pf = PF_INET;
-        $sockaddr = sockaddr_in(0, $ip->aton());
-    } else {
-        $pf = PF_INET6;
-        $sockaddr = sockaddr_in6(0, $ip->aton());
+        $iproute_cmd = "ip -N -4 route show table local match $ip 2> /dev/null";
+    }
+    if ($ip->version() == 6) {
+        $iproute_cmd = "ip -N -6 route show table local match $ip 2> /dev/null";
     }
 
-    socket( my $sock, $pf, SOCK_STREAM, 0)
-        or die "socket failed\n";
+    # execute the command and check output
+    my $iproute_output = qx/$iproute_cmd/;
 
-    return bind($sock, $sockaddr);
+    if ($iproute_output) {
+        # return true if a route exists
+        return 1;
+    } else {
+        # return false if address is not in a local routing table
+        return undef;
+    }
 }
 
 # Test if the given port is currently in use by attempting
-- 
cgit v1.2.3