=== modified file 'plugins.d/mandos-client.c'
--- plugins.d/mandos-client.c	2011-11-10 12:24:37 +0000
+++ plugins.d/mandos-client.c	2011-11-11 09:07:09 +0000
@@ -1085,67 +1085,84 @@
   errno = old_errno;
 }
 
-/* 
- * This function determines if a directory entry in /sys/class/net
- * corresponds to an acceptable network device.
- * (This function is passed to scandir(3) as a filter function.)
- */
-int good_interface(const struct dirent *if_entry){
-  ssize_t ssret;
+bool get_flags(const char *ifname, struct ifreq *ifr){
   int ret;
-  if(if_entry->d_name[0] == '.'){
-    return 0;
-  }
+  
   int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
   if(s < 0){
     perror_plus("socket");
-    return 0;
+    return false;
   }
-  struct ifreq ifr;
-  strcpy(ifr.ifr_name, if_entry->d_name);
-  ret = ioctl(s, SIOCGIFFLAGS, &ifr);
+  strcpy(ifr->ifr_name, ifname);
+  ret = ioctl(s, SIOCGIFFLAGS, ifr);
   if(ret == -1){
     if(debug){
       perror_plus("ioctl SIOCGIFFLAGS");
     }
-    return 0;
+    return false;
   }
+  return true;
+}
+
+bool good_flags(const char *ifname, const struct ifreq *ifr){
+  
   /* Reject the loopback device */
-  if(ifr.ifr_flags & IFF_LOOPBACK){
+  if(ifr->ifr_flags & IFF_LOOPBACK){
     if(debug){
       fprintf(stderr, "Rejecting loopback interface \"%s\"\n",
-	      if_entry->d_name);
+	      ifname);
     }
-    return 0;
+    return false;
   }
   /* Accept point-to-point devices only if connect_to is specified */
-  if(connect_to != NULL and (ifr.ifr_flags & IFF_POINTOPOINT)){
+  if(connect_to != NULL and (ifr->ifr_flags & IFF_POINTOPOINT)){
     if(debug){
       fprintf(stderr, "Accepting point-to-point interface \"%s\"\n",
-	      if_entry->d_name);
+	      ifname);
     }
-    return 1;
+    return true;
   }
   /* Otherwise, reject non-broadcast-capable devices */
-  if(not (ifr.ifr_flags & IFF_BROADCAST)){
+  if(not (ifr->ifr_flags & IFF_BROADCAST)){
     if(debug){
       fprintf(stderr, "Rejecting non-broadcast interface \"%s\"\n",
-	      if_entry->d_name);
+	      ifname);
     }
-    return 0;
+    return false;
   }
   /* Reject non-ARP interfaces (including dummy interfaces) */
-  if(ifr.ifr_flags & IFF_NOARP){
+  if(ifr->ifr_flags & IFF_NOARP){
     if(debug){
-      fprintf(stderr, "Rejecting non-ARP interface \"%s\"\n",
-	      if_entry->d_name);
+      fprintf(stderr, "Rejecting non-ARP interface \"%s\"\n", ifname);
     }
-    return 0;
+    return false;
   }
+  
   /* Accept this device */
   if(debug){
-    fprintf(stderr, "Interface \"%s\" is acceptable\n",
-	    if_entry->d_name);
+    fprintf(stderr, "Interface \"%s\" is good\n", ifname);
+  }
+  return true;
+}
+
+/* 
+ * This function determines if a directory entry in /sys/class/net
+ * corresponds to an acceptable network device.
+ * (This function is passed to scandir(3) as a filter function.)
+ */
+int good_interface(const struct dirent *if_entry){
+  int ret;
+  if(if_entry->d_name[0] == '.'){
+    return 0;
+  }
+  struct ifreq ifr;
+
+  if(not get_flags(if_entry->d_name, &ifr)){
+    return 0;
+  }
+  
+  if(not good_flags(if_entry->d_name, &ifr)){
+    return 0;
   }
   return 1;
 }