On 2/16/18 2:43 PM, David Miller wrote: > From: David Ahern <dsah...@gmail.com> > Date: Fri, 16 Feb 2018 11:03:03 -0800 > >> Only allow ifindex from IP_PKTINFO to override SO_BINDTODEVICE settings >> if the index is actually set in the message. >> >> Signed-off-by: David Ahern <dsah...@gmail.com> > > Ok, this behavior meets reasonable expectations, applied, thanks. > > None of the documation is clear about this relationship between > ip_pktinfo's ifindex and settings made by SO_BINDTODEVICE. >
It is my understanding that SO_BINDTODEVICE is the strongest -- it requires admin to set. From there IP_PKTINFO and IP_UNICAST_IF are non-root options and hence weaker. If that is the proper expectation, then the right thing to do is probably to error out if ipc.oif is already set. I was concerned that would break existing apps, so this seemed to be a compromise.
