@@ -117,7 +117,8 @@ int main(int argc, char **argv)

     char *pua_cats = NULL, *pt;

     int ret, tcpsock = 0, localsock = 0, i, min_port, max_port;

     unsigned int sigs = 0;

-    int lsockets[2], nlsockets = 0;

+    int *lsockets=NULL;

+    unsigned int nlsockets = 0;

     unsigned int dboptions = 0;

 #ifdef C_LINUX

     STATBUF sb;

@@ -537,15 +538,48 @@ int main(int argc, char **argv)

         }

         if(tcpsock) {

-            if ((lsockets[nlsockets] = tcpserver(opts)) == -1) {

-                ret = 1;

-                break;

+            int *t;

+

+            opt = optget(opts, "TCPAddr");

+            if (opt->enabled) {

+                int breakout = 0;

+

+                while (opt && opt->strarg) {

+                    char *ipaddr = (!strcmp(opt->strarg, "all") ? NULL : opt->strarg);

+

+                    if (tcpserver(&lsockets, &nlsockets, ipaddr, opts) == -1) {

+                        ret = 1;

+                        breakout = 1;

+                        break;

+                    }

+

+                    opt = opt->nextarg;

+                }

+

+                if (breakout)

+                    break;

+            } else {

+                if (tcpserver(&lsockets, &nlsockets, NULL, opts) == -1) {

+                    ret = 1;

+                    break;

+                }

             }

-            nlsockets++;

         }

 #ifndef _WIN32

         if(localsock) {

+            int *t;

             mode_t sock_mode, umsk = umask(0777); /* socket is created with 000 to avoid races */

+

+            t = realloc(lsockets, sizeof(int) * (nlsockets + 1));

+            if (!(t)) {

+                if ((lsockets))

+                    free(lsockets);

+

+                ret = 1;

+                break;

+            }

+            lsockets = t;

+

             if ((lsockets[nlsockets] = localserver(opts)) == -1) {

                 ret = 1;

                 umask(umsk);

@@ -46,50 +46,77 @@

 #include "server.h"

 #include "tcpserver.h"

-int tcpserver(const struct optstruct *opts)

+int tcpserver(int **lsockets, unsigned int *nlsockets, char *ipaddr, const struct optstruct *opts)

 {

-    struct sockaddr_in server;

+    struct addrinfo hints, *info, *p;

+    int *sockets;

     int sockfd, backlog;

-    char *estr;

-    int true = 1;

+    int *t;

+    char *estr, port[10];

+    int yes = 1;

+    int res;

-    if (cfg_tcpsock(opts, &server, INADDR_ANY) == -1) {

-	logg("!TCP: Couldn't configure socket, check your configuration\n");

-	return -1;

-    }

+    sockets = *lsockets;

-    if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {

-	estr = strerror(errno);

-	logg("!TCP: socket() error: %s\n", estr);

-	return -1;

-    }

+    snprintf(port, sizeof(port), "%lld", optget(opts, "TCPSocket")->numarg);

-    if(setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, (void *) &true, sizeof(true)) == -1) {

-	logg("!TCP: setsocktopt(SO_REUSEADDR) error: %s\n", strerror(errno));

-    }

+    memset(&hints, 0x00, sizeof(struct addrinfo));

+    hints.ai_family = AF_UNSPEC;

+    hints.ai_socktype = SOCK_STREAM;

+    hints.ai_flags = AI_PASSIVE;

-    if(bind(sockfd, (struct sockaddr *) &server, (socklen_t)sizeof(struct sockaddr_in)) == -1) {

-	estr = strerror(errno);

-	logg("!TCP: bind() error: %s\n", estr);

-	closesocket(sockfd);

-	return -1;

-    } else {

-	const struct optstruct *taddr = optget(opts, "TCPAddr");

-	if(taddr->enabled)

-	    logg("#TCP: Bound to address %s on port %u\n", taddr->strarg, (unsigned int) optget(opts, "TCPSocket")->numarg);

-	else

-	    logg("#TCP: Bound to port %u\n", (unsigned int) optget(opts, "TCPSocket")->numarg);

+    if ((res = getaddrinfo(ipaddr, port, &hints, &info))) {

+        logg("!TCP: getaddrinfo: %s\n", gai_strerror(res));

+        return -1;

     }

-    backlog = optget(opts, "MaxConnectionQueueLength")->numarg;

-    logg("#TCP: Setting connection queue length to %d\n", backlog);

+    for (p = info; p != NULL; p = p->ai_next) {

+        t = realloc(sockets, sizeof(int) * (*nlsockets + 1));

+        if (!(t)) {

+            return -1;

+        }

+        sockets = t;

+

+        if ((sockfd = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) == -1) {

+            estr = strerror(errno);

+            logg("!TCP: socket() error: %s\n", estr);

+            continue;

+        }

+

+        if(setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, (void *) &yes, sizeof(yes)) == -1) {

+            logg("!TCP: setsocktopt(SO_REUSEADDR) error: %s\n", strerror(errno));

+        }

+

+        if(bind(sockfd, p->ai_addr, p->ai_addrlen) == -1) {

+            estr = strerror(errno);

+            logg("!TCP: bind() error when trying to listen on [%s]:%s: %s\n", ipaddr, port, estr);

+            closesocket(sockfd);

-    if(listen(sockfd, backlog) == -1) {

-	estr = strerror(errno);

-	logg("!TCP: listen() error: %s\n", estr);

-	closesocket(sockfd);

-	return -1;

+            continue;

+        } else {

+            if((ipaddr))

+                logg("#TCP: Bound to address %s on port %u\n", ipaddr, (unsigned int) optget(opts, "TCPSocket")->numarg);

+            else

+                logg("#TCP: Bound to port %u\n", (unsigned int) optget(opts, "TCPSocket")->numarg);

+        }

+

+        backlog = optget(opts, "MaxConnectionQueueLength")->numarg;

+        logg("#TCP: Setting connection queue length to %d\n", backlog);

+

+        if(listen(sockfd, backlog) == -1) {

+            estr = strerror(errno);

+            logg("!TCP: listen() error: %s\n", estr);

+            closesocket(sockfd);

+

+            continue;

+        }

+

+        sockets[*nlsockets] = sockfd;

+        (*nlsockets)++;

     }

-    return sockfd;

+    freeaddrinfo(info);

+    *lsockets = sockets;

+

+    return 0;

 }

@@ -23,6 +23,6 @@

 #include "shared/optparser.h"

-int tcpserver(const struct optstruct *opts);

+int tcpserver(int **lsockets, unsigned int *nlsockets, char *ipaddr, const struct optstruct *opts);

 #endif

@@ -83,38 +83,50 @@ static int isremote(const struct optstruct *opts) {

     int s, ret;

     const struct optstruct *opt;

     static struct sockaddr_in testsock;

+    char *ipaddr;

 #ifndef _WIN32

     if((opt = optget(clamdopts, "LocalSocket"))->enabled) {

-	memset((void *)&nixsock, 0, sizeof(nixsock));

-	nixsock.sun_family = AF_UNIX;

-	strncpy(nixsock.sun_path, opt->strarg, sizeof(nixsock.sun_path));

-	nixsock.sun_path[sizeof(nixsock.sun_path)-1]='\0';

-	mainsa = (struct sockaddr *)&nixsock;

-	mainsasz = sizeof(nixsock);

-	return 0;

+        memset((void *)&nixsock, 0, sizeof(nixsock));

+        nixsock.sun_family = AF_UNIX;

+        strncpy(nixsock.sun_path, opt->strarg, sizeof(nixsock.sun_path));

+        nixsock.sun_path[sizeof(nixsock.sun_path)-1]='\0';

+        mainsa = (struct sockaddr *)&nixsock;

+        mainsasz = sizeof(nixsock);

+        return 0;

     }

 #endif

     if(!(opt = optget(clamdopts, "TCPSocket"))->enabled)

-	return 0;

+        return 0;

     mainsa = (struct sockaddr *)&tcpsock;

     mainsasz = sizeof(tcpsock);

-    if (cfg_tcpsock(clamdopts, &tcpsock, INADDR_LOOPBACK) == -1) {

-	logg("!Can't lookup clamd hostname: %s.\n", strerror(errno));

-	mainsa = NULL;

-	return 0;

-    }

-    memcpy((void *)&testsock, (void *)&tcpsock, sizeof(testsock));

-    testsock.sin_port = htons(INADDR_ANY);

-    if((s = socket(testsock.sin_family, SOCK_STREAM, 0)) < 0) {

-      logg("isremote: socket() returning: %s.\n", strerror(errno));

-      mainsa = NULL;

-      return 0;

+    opt = optget(clamdopts, "TCPAddr");

+    while (opt) {

+        ipaddr = (!strcmp(opt->strarg, "any") ? NULL : opt->strarg);

+

+        if (cfg_tcpsock(ipaddr, clamdopts, &tcpsock, INADDR_LOOPBACK) == -1) {

+            logg("!Can't lookup clamd hostname: %s.\n", strerror(errno));

+            mainsa = NULL;

+            return 0;

+        }

+

+        memcpy((void *)&testsock, (void *)&tcpsock, sizeof(testsock));

+        testsock.sin_port = htons(INADDR_ANY);

+        if((s = socket(testsock.sin_family, SOCK_STREAM, 0)) < 0) {

+            logg("isremote: socket() returning: %s.\n", strerror(errno));

+            mainsa = NULL;

+            return 0;

+        }

+

+        ret = (bind(s, (struct sockaddr *)&testsock, (socklen_t)sizeof(testsock)) != 0);

+        closesocket(s);

+        if (ret)

+            return ret;

+

+        opt = opt->nextarg;

     }

-    ret = (bind(s, (struct sockaddr *)&testsock, (socklen_t)sizeof(testsock)) != 0);

-    closesocket(s);

     return ret;

 }

@@ -319,25 +319,28 @@ int match_regex(const char *filename, const char *pattern)

 	return match;

 }

-int cfg_tcpsock(const struct optstruct *opts, struct sockaddr_in *tcpsock, in_addr_t defaultbind)

+int cfg_tcpsock(char *ipaddr, const struct optstruct *opts, struct sockaddr_in *tcpsock, in_addr_t defaultbind)

 {

     struct hostent *he;

     const struct optstruct *opt = optget(opts, "TCPSocket");

     if(opt->numarg > 65535)

-	return -1;

+        return -1;

     memset(tcpsock, 0, sizeof(*tcpsock));

     tcpsock->sin_family = AF_INET;

     tcpsock->sin_port = htons(opt->numarg);

-    if(!(opt = optget(opts, "TCPAddr"))->enabled) {

-	tcpsock->sin_addr.s_addr = htonl(defaultbind);

-	return 0;

+    if(!(ipaddr)) {

+        tcpsock->sin_addr.s_addr = htonl(defaultbind);

+        return 0;

+    }

+

+    he = gethostbyname(ipaddr);

+    if(!he) {

+        cli_errmsg("gethostbyname: %s\n", strerror(errno));

+        return -1;

     }

-    he = gethostbyname(opt->strarg);

-    if(!he)

-	return -1;

     tcpsock->sin_addr = *(struct in_addr *) he->h_addr_list[0];

     return 0;

@@ -51,7 +51,7 @@ int filecopy(const char *src, const char *dest);

 int daemonize(void);

 const char *get_version(void);

 int match_regex(const char *filename, const char *pattern);

-int cfg_tcpsock(const struct optstruct *opts, struct sockaddr_in *server, in_addr_t defaultbind);

+int cfg_tcpsock(char *ipaddr, const struct optstruct *opts, struct sockaddr_in *server, in_addr_t defaultbind);

 int cli_is_abspath(const char *path);

 unsigned int countlines(const char *filename);

@@ -217,7 +217,7 @@ const struct clam_option __clam_options[] = {

     { "TCPSocket", NULL, 0, TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD, "A TCP port number the daemon will listen on.", "3310" },

     /* FIXME: add a regex for IP addr */

-    { "TCPAddr", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "By default clamd binds to INADDR_ANY.\nThis option allows you to restrict the TCP address and provide\nsome degree of protection from the outside world.", "127.0.0.1" },

+    { "TCPAddr", NULL, 0, TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD, "By default clamd binds to INADDR_ANY.\nThis option allows you to restrict the TCP address and provide\nsome degree of protection from the outside world.", "127.0.0.1" },

     { "MaxConnectionQueueLength", NULL, 0, TYPE_NUMBER, MATCH_NUMBER, 200, NULL, 0, OPT_CLAMD, "Maximum length the queue of pending connections may grow to.", "30" },