From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Ahern <dsahern@gmail.com>
Subject: Re: [PATCH net-next] net: Only honor ifindex in IP_PKTINFO if non-0
Date: Fri, 16 Feb 2018 15:12:08 -0700
Message-ID: <351e22cd-2a8c-497f-584f-cef88e522ab2@gmail.com>
References: <20180216190303.30769-1-dsahern@gmail.com>
 <20180216.164316.1601719296881855600.davem@davemloft.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Cc: netdev@vger.kernel.org
To: David Miller <davem@davemloft.net>
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail-pg0-f67.google.com ([74.125.83.67]:45754 "EHLO
        mail-pg0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751106AbeBPWML (ORCPT
        <rfc822;netdev@vger.kernel.org>); Fri, 16 Feb 2018 17:12:11 -0500
Received: by mail-pg0-f67.google.com with SMTP id e11so3452658pgq.12
        for <netdev@vger.kernel.org>; Fri, 16 Feb 2018 14:12:11 -0800 (PST)
In-Reply-To: <20180216.164316.1601719296881855600.davem@davemloft.net>
Content-Language: en-US
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

On 2/16/18 2:43 PM, David Miller wrote:
> From: David Ahern <dsahern@gmail.com>
> Date: Fri, 16 Feb 2018 11:03:03 -0800
> 
>> Only allow ifindex from IP_PKTINFO to override SO_BINDTODEVICE settings
>> if the index is actually set in the message.
>>
>> Signed-off-by: David Ahern <dsahern@gmail.com>
> 
> Ok, this behavior meets reasonable expectations, applied, thanks.
> 
> None of the documation is clear about this relationship between
> ip_pktinfo's ifindex and settings made by SO_BINDTODEVICE.
> 

It is my understanding that SO_BINDTODEVICE is the strongest -- it
requires admin to set. From there IP_PKTINFO and IP_UNICAST_IF are
non-root options and hence weaker. If that is the proper expectation,
then the right thing to do is probably to error out if ipc.oif is
already set. I was concerned that would break existing apps, so this
seemed to be a compromise.