From b4580a460aeffdd7d1e61788bca04d32e7fd64b1 Mon Sep 17 00:00:00 2001
From: Fabian Mauchle <fabian.mauchle@switch.ch>
Date: Mon, 27 May 2019 07:30:40 +0200
Subject: [PATCH] add per server source for udp

---
 radsecproxy.c | 37 +++++++++++++++++++------------------
 radsecproxy.h |  1 +
 udp.c         | 47 +++++++++++++++++++++++++++++------------------
 3 files changed, 49 insertions(+), 36 deletions(-)

diff --git a/radsecproxy.c b/radsecproxy.c
index 526e5eb..ffc5ded 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -2518,28 +2518,29 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char
     }
 
     if (!getgenericconfig(cf, block,
-			  "type", CONF_STR, &conftype,
-			  "host", CONF_MSTR, &conf->hostsrc,
+            "type", CONF_STR, &conftype,
+            "host", CONF_MSTR, &conf->hostsrc,
                           "IPv4Only", CONF_BLN, &ipv4only,
                           "IPv6Only", CONF_BLN, &ipv6only,
-			  "port", CONF_STR, &conf->portsrc,
-			  "secret", CONF_STR_NOESC, &conf->confsecret,
+            "port", CONF_STR, &conf->portsrc,
+            "source", CONF_MSTR, &conf->source,
+            "secret", CONF_STR_NOESC, &conf->confsecret,
 #if defined(RADPROT_TLS) || defined(RADPROT_DTLS)
-			  "tls", CONF_STR, &conf->tls,
-			  "MatchCertificateAttribute", CONF_STR, &conf->matchcertattr,
-			  "CertificateNameCheck", CONF_BLN, &conf->certnamecheck,
+            "tls", CONF_STR, &conf->tls,
+            "MatchCertificateAttribute", CONF_STR, &conf->matchcertattr,
+            "CertificateNameCheck", CONF_BLN, &conf->certnamecheck,
 #endif
-			  "addTTL", CONF_LINT, &addttl,
-              "tcpKeepalive", CONF_BLN, &conf->keepalive,
-			  "rewrite", CONF_STR, &rewriteinalias,
-			  "rewriteIn", CONF_STR, &conf->confrewritein,
-			  "rewriteOut", CONF_STR, &conf->confrewriteout,
-			  "StatusServer", CONF_STR, &statusserver,
-			  "RetryInterval", CONF_LINT, &retryinterval,
-			  "RetryCount", CONF_LINT, &retrycount,
-			  "DynamicLookupCommand", CONF_STR, &conf->dynamiclookupcommand,
-			  "LoopPrevention", CONF_BLN, &conf->loopprevention,
-			  NULL
+            "addTTL", CONF_LINT, &addttl,
+            "tcpKeepalive", CONF_BLN, &conf->keepalive,
+            "rewrite", CONF_STR, &rewriteinalias,
+            "rewriteIn", CONF_STR, &conf->confrewritein,
+            "rewriteOut", CONF_STR, &conf->confrewriteout,
+            "StatusServer", CONF_STR, &statusserver,
+            "RetryInterval", CONF_LINT, &retryinterval,
+            "RetryCount", CONF_LINT, &retrycount,
+            "DynamicLookupCommand", CONF_STR, &conf->dynamiclookupcommand,
+            "LoopPrevention", CONF_BLN, &conf->loopprevention,
+            NULL
 	    )) {
 	debug(DBG_ERR, "configuration error");
 	goto errexit;
diff --git a/radsecproxy.h b/radsecproxy.h
index a589f77..3082300 100644
--- a/radsecproxy.h
+++ b/radsecproxy.h
@@ -144,6 +144,7 @@ struct clsrvconf {
     int hostaf;
     char *portsrc;
     struct list *hostports;
+    char **source;
     char *confsecret;
     uint8_t *secret;
     int secret_len;
diff --git a/udp.c b/udp.c
index 9637156..b8fd4e1 100644
--- a/udp.c
+++ b/udp.c
@@ -317,27 +317,38 @@ void addclientudp(struct client *client) {
 }
 
 void addserverextraudp(struct clsrvconf *conf) {
+    struct addrinfo *source = NULL;
+ 
     assert(list_first(conf->hostports) != NULL);
+ 
+    if(conf->source) {
+        source = resolvepassiveaddrinfo(conf->source, AF_UNSPEC, NULL, protodefs.socktype);
+        if(!source)
+            debug(DBG_WARN, "addserver: could not resolve source address to bind for server %s, using default", conf->name);
+    }
+
     switch (((struct hostportres *)list_first(conf->hostports)->data)->addrinfo->ai_family) {
-    case AF_INET:
-	if (client4_sock < 0) {
-	    client4_sock = bindtoaddr(srcres, AF_INET, 0);
-	    if (client4_sock < 0)
-		debugx(1, DBG_ERR, "addserver: failed to create client socket for server %s", conf->name);
-	}
-	conf->servers->sock = client4_sock;
-	break;
-    case AF_INET6:
-	if (client6_sock < 0) {
-	    client6_sock = bindtoaddr(srcres, AF_INET6, 0);
-	    if (client6_sock < 0)
-		debugx(1, DBG_ERR, "addserver: failed to create client socket for server %s", conf->name);
-	}
-	conf->servers->sock = client6_sock;
-	break;
-    default:
-	debugx(1, DBG_ERR, "addserver: unsupported address family");
+        case AF_INET:
+            if (client4_sock < 0) {
+                client4_sock = bindtoaddr(source ? source : srcres, AF_INET, 0);
+                if (client4_sock < 0)
+                debugx(1, DBG_ERR, "addserver: failed to create client socket for server %s", conf->name);
+            }
+            conf->servers->sock = client4_sock;
+            break;
+        case AF_INET6:
+            if (client6_sock < 0) {
+                client6_sock = bindtoaddr(source ? source : srcres, AF_INET6, 0);
+                if (client6_sock < 0)
+                debugx(1, DBG_ERR, "addserver: failed to create client socket for server %s", conf->name);
+            }
+            conf->servers->sock = client6_sock;
+            break;
+        default:
+            debugx(1, DBG_ERR, "addserver: unsupported address family");
     }
+    if (source)
+        freeaddrinfo(source);
 }
 
 void initextraudp() {