[Openvpn-devel] [PATCH applied] Re: Add --bind-dev option.

Mon, 29 Jun 2020 04:33:02 -0700 

Acked-by: Gert Doering <g...@greenie.muc.de>

Your patch has been applied to the master branch.

I have stared at the code (looks reasonable) and run t_client tests on
Linux and FreeBSD (pass, no major surprise).

I have not actually tested the functionality, because I do not have a test 
rig with VRF (or multiple ethernet links) around.  From what I found so far,
what SO_BINDTODEVICE does is "ensure that packets sent via that socket go
out via the specified interface, and only that interface" and "packets
coming in have been received on that interface".   Besides "a network
interface" you can also specify the name of a "VRF device" (which seems
to be a Linux abstraction to group together "Interfaces and Routes" 
under one umbrella).

So you can use this for VRFs ("--bind-dev outer-vrf") or to select one
particular interface (*and* routes) inside "global" or "VRF".

I have tested the latter ("--bind-to lo") which makes connection setup
*fail* - obviously.  Trying to bind to nonexistant devices gives a proper
error message in v2 now

   2020-06-29 13:27:03 WARN: setsockopt 
SO_BINDTODEVICE=MyTunnelIsLongerThanYours failed: No such device (errno=19)


Googling for SO_BINDTODEVICE shows lots of confusion on how this is used
and what it does, but I consider the kernel documentation to be authoritative
(Documentation/networking/vrf.txt) and that says "what you do is correct":

   Applications
   ------------
   Applications that are to work within a VRF need to bind their socket to the
   VRF device:

       setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, dev, strlen(dev)+1);

(note the "strlen(dev)+1" part, and "not a struct ifreq")


Your patch has been applied to the master branch.

commit 19d3c602e7a3881cf7c2244b7c40b9958c0b7ebc
Author: Maximilian Wilhelm
Date:   Mon Jun 29 12:49:07 2020 +0200

     Add --bind-dev option.

     Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>
     Acked-by: Gert Doering <g...@greenie.muc.de>
     Message-Id: <1593427748-29801-2-git-send-email-...@rfc2324.org>
     URL: 
https://www.mail-archive.com/search?l=mid&q=1593427748-29801-2-git-send-email-...@rfc2324.org
     Signed-off-by: Gert Doering <g...@greenie.muc.de>


--
kind regards,

Gert Doering



_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to