On 2/16/18 2:43 PM, David Miller wrote:
> From: David Ahern <dsah...@gmail.com>
> Date: Fri, 16 Feb 2018 11:03:03 -0800
> 
>> Only allow ifindex from IP_PKTINFO to override SO_BINDTODEVICE settings
>> if the index is actually set in the message.
>>
>> Signed-off-by: David Ahern <dsah...@gmail.com>
> 
> Ok, this behavior meets reasonable expectations, applied, thanks.
> 
> None of the documation is clear about this relationship between
> ip_pktinfo's ifindex and settings made by SO_BINDTODEVICE.
> 

It is my understanding that SO_BINDTODEVICE is the strongest -- it
requires admin to set. From there IP_PKTINFO and IP_UNICAST_IF are
non-root options and hence weaker. If that is the proper expectation,
then the right thing to do is probably to error out if ipc.oif is
already set. I was concerned that would break existing apps, so this
seemed to be a compromise.

Reply via email to