On 5/7/18 6:41 AM, Paolo Abeni wrote: > Hi, > On Mon, 2018-05-07 at 13:19 +0300, Damir Mansurov wrote: >> After successful call of the setsockopt(SO_BINDTODEVICE) function to set >> data reception from only one interface, the data is still received from >> all interfaces. Function setsockopt() returns 0 but then recv() receives >> data from all available network interfaces. >> >> The problem is reproducible on linux kernels 4.14 - 4.16, but it does >> not on linux kernels 4.4, 4.13. > > I think that the cause is commit: > > commit fb74c27735f0a34e76dbf1972084e984ad2ea145 > Author: David Ahern <dsah...@gmail.com> > Date: Mon Aug 7 08:44:16 2017 -0700 > > net: ipv4: add second dif to udp socket lookups > > Something like the following should fix, but I'm unsure it preserves > the intended semathics for 'sdif'. David, can you please have a look? > Thanks! > > Paolo > --- > diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c > index dd3102a37ef9..0d593d5c33cf 100644 > --- a/net/ipv4/udp.c > +++ b/net/ipv4/udp.c > @@ -401,9 +401,9 @@ static int compute_score(struct sock *sk, struct net *net, > bool dev_match = (sk->sk_bound_dev_if == dif || > sk->sk_bound_dev_if == sdif); > > - if (exact_dif && !dev_match) > + if (!dev_match) > return -1; > - if (sk->sk_bound_dev_if && dev_match) > + if (sk->sk_bound_dev_if) > score += 4; > } > >
yes, that does look like a mistake -- no match on sk_bound_dev_if should fail the lookup. Let me apply the diff and run my vrf tests to make sure they still work.
