On Wed, Aug 10, 2016 at 7:44 AM, YOSHIFUJI Hideaki
<[email protected]> wrote:
>
> >> I could see a point of view that says when bound_if is in play sending
> >> to destinations on/via other interfaces--by any mechanism--should
> >> effectively get ENETUNREACH (or something).
> >
> > VRF uses this capability to send on an enslaved interface. ie., socket is
> > bound to VRF device to limit packets to that L3 domain and then uses
> > PKTINFO to force a packet out a particular interface.
>
> We could extend our code to allow enslave devices, maybe.
So something like this, then?
static inline bool inet_check_bound_oif(const struct sock *sk, int oif)
{
if (!oif || !sk->sk_bound_dev_if || oif == sk->sk_bound_dev_if)
return true;
#ifdef CONFIG_NET_L3_MASTER_DEV
return l3mdev_master_ifindex_by_index(sock_net(sk), oif) ==
sk->sk_bound_dev_if;
#endif
return false;
}
and then in the various sendmsg functions:
if (!inet_check_bound_oif(sk, oif))
return -EINVAL;
