[PATCH net-next v4 0/4] net: add local address bind support to vxlan and geneve

[PATCH net-next v4 0/4] net: add local address bind support to vxlan and geneve

[Richard Gobert]

This series adds local address bind support to both vxlan
and geneve sockets.

v3 -> v4:
  - Fix a problem where vxlan socket is bound before its outgoing interface is up
  - v3: https://lore.kernel.org/netdev/20240711131411.10439-1-richardbgobert@gmail.com/

v2 -> v3:
  - Fix typo and nit problem (Simon)
  - v2: https://lore.kernel.org/netdev/20240708111103.9742-1-richardbgobert@gmail.com/

v1 -> v2:
  - Change runtime checking of CONFIG_IPV6 to compile time in geneve
  - Change {geneve,vxlan}_find_sock to check listening address
  - Fix incorrect usage of IFLA_VXLAN_LOCAL6 in geneve
  - Use NLA_POLICY_EXACT_LEN instead of changing strict_start_type in geneve
  - v1: https://lore.kernel.org/netdev/df300a49-7811-4126-a56a-a77100c8841b@gmail.com/

Richard Gobert (4):
  net: udp: add freebind option to udp_sock_create
  net: vxlan: add netlink option to bind vxlan sockets to local
    addresses
  net: vxlan: bind vxlan sockets to their local address
  net: geneve: enable binding geneve sockets to local addresses

 drivers/net/geneve.c               | 80 ++++++++++++++++++++++++++---
 drivers/net/vxlan/vxlan_core.c     | 81 ++++++++++++++++++++++++------
 include/net/geneve.h               |  6 +++
 include/net/udp_tunnel.h           |  3 +-
 include/net/vxlan.h                |  1 +
 include/uapi/linux/if_link.h       |  3 ++
 net/ipv4/udp_tunnel_core.c         |  1 +
 net/ipv6/ip6_udp_tunnel.c          |  1 +
 tools/include/uapi/linux/if_link.h |  3 ++
 9 files changed, 156 insertions(+), 23 deletions(-)

-- 
2.36.1

[PATCH net-next v4 1/4] net: udp: add freebind option to udp_sock_create

[Richard Gobert]

udp_sock_create creates a UDP socket and binds it according to
udp_port_cfg.

Add a freebind option to udp_port_cfg that allows a socket to be bound
as though IP_FREEBIND is set.

This change is required for binding vxlan sockets to their local address
when the outgoing interface is down.

Signed-off-by: Richard Gobert <richardbgobert@gmail.com>
---
 include/net/udp_tunnel.h   | 3 ++-
 net/ipv4/udp_tunnel_core.c | 1 +
 net/ipv6/ip6_udp_tunnel.c  | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/net/udp_tunnel.h b/include/net/udp_tunnel.h
index 9acef2fbd2fd..6c1362aa3576 100644
--- a/include/net/udp_tunnel.h
+++ b/include/net/udp_tunnel.h
@@ -34,7 +34,8 @@ struct udp_port_cfg {
 	unsigned int		use_udp_checksums:1,
 				use_udp6_tx_checksums:1,
 				use_udp6_rx_checksums:1,
-				ipv6_v6only:1;
+				ipv6_v6only:1,
+				freebind:1;
 };
 
 int udp_sock_create4(struct net *net, struct udp_port_cfg *cfg,
diff --git a/net/ipv4/udp_tunnel_core.c b/net/ipv4/udp_tunnel_core.c
index fce945f23069..147fd8ff4f49 100644
--- a/net/ipv4/udp_tunnel_core.c
+++ b/net/ipv4/udp_tunnel_core.c
@@ -28,6 +28,7 @@ int udp_sock_create4(struct net *net, struct udp_port_cfg *cfg,
 	udp_addr.sin_family = AF_INET;
 	udp_addr.sin_addr = cfg->local_ip;
 	udp_addr.sin_port = cfg->local_udp_port;
+	inet_assign_bit(FREEBIND, sock->sk, cfg->freebind);
 	err = kernel_bind(sock, (struct sockaddr *)&udp_addr,
 			  sizeof(udp_addr));
 	if (err < 0)
diff --git a/net/ipv6/ip6_udp_tunnel.c b/net/ipv6/ip6_udp_tunnel.c
index 0ff547a4bff7..65ff44c274b8 100644
--- a/net/ipv6/ip6_udp_tunnel.c
+++ b/net/ipv6/ip6_udp_tunnel.c
@@ -40,6 +40,7 @@ int udp_sock_create6(struct net *net, struct udp_port_cfg *cfg,
 	memcpy(&udp6_addr.sin6_addr, &cfg->local_ip6,
 	       sizeof(udp6_addr.sin6_addr));
 	udp6_addr.sin6_port = cfg->local_udp_port;
+	inet_assign_bit(FREEBIND, sock->sk, cfg->freebind);
 	err = kernel_bind(sock, (struct sockaddr *)&udp6_addr,
 			  sizeof(udp6_addr));
 	if (err < 0)
-- 
2.36.1

[PATCH net-next v4 2/4] net: vxlan: add netlink option to bind vxlan sockets to local addresses

[Richard Gobert]

Currently, VXLAN sockets always bind to 0.0.0.0, even when a local
address is defined. This commit changes this behavior.

If two VXLAN endpoints are connected through two separate subnets,
they are each able to receive traffic through both subnets, regardless
of the local address. This commit breaks this behavior.

Add a netlink option to configure the new behavior. Since the scenario
described above is unrealistic, default to binding the socket to the
local address.

It is highly unlikely this change will break any networks.

Signed-off-by: Richard Gobert <richardbgobert@gmail.com>
---
 drivers/net/vxlan/vxlan_core.c     | 23 ++++++++++++++++++++++-
 include/net/vxlan.h                |  1 +
 include/uapi/linux/if_link.h       |  1 +
 tools/include/uapi/linux/if_link.h |  1 +
 4 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/drivers/net/vxlan/vxlan_core.c b/drivers/net/vxlan/vxlan_core.c
index bcde95cb2a2e..667ff17c4569 100644
--- a/drivers/net/vxlan/vxlan_core.c
+++ b/drivers/net/vxlan/vxlan_core.c
@@ -3406,6 +3406,7 @@ static const struct nla_policy vxlan_policy[IFLA_VXLAN_MAX + 1] = {
 	[IFLA_VXLAN_LABEL_POLICY]       = NLA_POLICY_MAX(NLA_U32, VXLAN_LABEL_MAX),
 	[IFLA_VXLAN_RESERVED_BITS] = NLA_POLICY_EXACT_LEN(sizeof(struct vxlanhdr)),
 	[IFLA_VXLAN_MC_ROUTE]		= NLA_POLICY_MAX(NLA_U8, 1),
+	[IFLA_VXLAN_LOCALBIND]	= { .type = NLA_U8 },
 };
 
 static int vxlan_validate(struct nlattr *tb[], struct nlattr *data[],
@@ -4071,6 +4072,9 @@ static int vxlan_nl2conf(struct nlattr *tb[], struct nlattr *data[],
 		if (changelink && (conf->saddr.sa.sa_family != AF_INET)) {
 			NL_SET_ERR_MSG_ATTR(extack, tb[IFLA_VXLAN_LOCAL], "New local address family does not match old");
 			return -EOPNOTSUPP;
+		} else if (changelink && (conf->flags & VXLAN_F_LOCALBIND)) {
+			NL_SET_ERR_MSG_ATTR(extack, tb[IFLA_VXLAN_LOCAL], "Cannot change local address when bound locally");
+			return -EOPNOTSUPP;
 		}
 
 		conf->saddr.sin.sin_addr.s_addr = nla_get_in_addr(data[IFLA_VXLAN_LOCAL]);
@@ -4084,6 +4088,9 @@ static int vxlan_nl2conf(struct nlattr *tb[], struct nlattr *data[],
 		if (changelink && (conf->saddr.sa.sa_family != AF_INET6)) {
 			NL_SET_ERR_MSG_ATTR(extack, tb[IFLA_VXLAN_LOCAL6], "New local address family does not match old");
 			return -EOPNOTSUPP;
+		} else if (changelink && (conf->flags & VXLAN_F_LOCALBIND)) {
+			NL_SET_ERR_MSG_ATTR(extack, tb[IFLA_VXLAN_LOCAL6], "Cannot change local address when bound locally");
+			return -EOPNOTSUPP;
 		}
 
 		/* TODO: respect scope id */
@@ -4354,6 +4361,17 @@ static int vxlan_nl2conf(struct nlattr *tb[], struct nlattr *data[],
 		}
 	}
 
+	if (data[IFLA_VXLAN_LOCALBIND]) {
+		err = vxlan_nl2flag(conf, data, IFLA_VXLAN_LOCALBIND,
+				    VXLAN_F_LOCALBIND, changelink,
+				    false, extack);
+		if (err)
+			return err;
+	} else {
+		/* default to bind to the local address on a new device */
+		conf->flags |= VXLAN_F_LOCALBIND;
+	}
+
 	return 0;
 }
 
@@ -4517,6 +4535,7 @@ static size_t vxlan_get_size(const struct net_device *dev)
 		nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_VNIFILTER */
 		/* IFLA_VXLAN_RESERVED_BITS */
 		nla_total_size(sizeof(struct vxlanhdr)) +
+		nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_LOCALBIND */
 		0;
 }
 
@@ -4596,7 +4615,9 @@ static int vxlan_fill_info(struct sk_buff *skb, const struct net_device *dev)
 	    nla_put_u8(skb, IFLA_VXLAN_REMCSUM_RX,
 		       !!(vxlan->cfg.flags & VXLAN_F_REMCSUM_RX)) ||
 	    nla_put_u8(skb, IFLA_VXLAN_LOCALBYPASS,
-		       !!(vxlan->cfg.flags & VXLAN_F_LOCALBYPASS)))
+		       !!(vxlan->cfg.flags & VXLAN_F_LOCALBYPASS)) ||
+		nla_put_u8(skb, IFLA_VXLAN_LOCALBIND,
+			   !!(vxlan->cfg.flags & VXLAN_F_LOCALBIND)))
 		goto nla_put_failure;
 
 	if (nla_put(skb, IFLA_VXLAN_PORT_RANGE, sizeof(ports), &ports))
diff --git a/include/net/vxlan.h b/include/net/vxlan.h
index 0ee50785f4f1..e356b5294535 100644
--- a/include/net/vxlan.h
+++ b/include/net/vxlan.h
@@ -333,6 +333,7 @@ struct vxlan_dev {
 #define VXLAN_F_MDB			0x40000
 #define VXLAN_F_LOCALBYPASS		0x80000
 #define VXLAN_F_MC_ROUTE		0x100000
+#define VXLAN_F_LOCALBIND		0x200000
 
 /* Flags that are used in the receive path. These flags must match in
  * order for a socket to be shareable
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index 784ace3a519c..7350129b1444 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -1399,6 +1399,7 @@ enum {
 	IFLA_VXLAN_LABEL_POLICY, /* IPv6 flow label policy; ifla_vxlan_label_policy */
 	IFLA_VXLAN_RESERVED_BITS,
 	IFLA_VXLAN_MC_ROUTE,
+	IFLA_VXLAN_LOCALBIND,
 	__IFLA_VXLAN_MAX
 };
 #define IFLA_VXLAN_MAX	(__IFLA_VXLAN_MAX - 1)
diff --git a/tools/include/uapi/linux/if_link.h b/tools/include/uapi/linux/if_link.h
index 7e46ca4cd31b..eee934cc2cf4 100644
--- a/tools/include/uapi/linux/if_link.h
+++ b/tools/include/uapi/linux/if_link.h
@@ -1396,6 +1396,7 @@ enum {
 	IFLA_VXLAN_VNIFILTER, /* only applicable with COLLECT_METADATA mode */
 	IFLA_VXLAN_LOCALBYPASS,
 	IFLA_VXLAN_LABEL_POLICY, /* IPv6 flow label policy; ifla_vxlan_label_policy */
+	IFLA_VXLAN_LOCALBIND,
 	__IFLA_VXLAN_MAX
 };
 #define IFLA_VXLAN_MAX	(__IFLA_VXLAN_MAX - 1)
-- 
2.36.1

[PATCH net-next v4 3/4] net: vxlan: bind vxlan sockets to their local address

[Richard Gobert]

Bind VXLAN sockets to the local addresses if the IFLA_VXLAN_LOCALBIND
option is set. This is the new default.

Change vxlan_find_sock to search for the socket using the listening
address.

This is implemented by copying the VXLAN local address to the udp_port_cfg
passed to udp_sock_create. The freebind option is set because VXLAN
interfaces may be UP before their outgoing interface is.

This fixes multiple VXLAN selftests that fail because of that race.

Signed-off-by: Richard Gobert <richardbgobert@gmail.com>
---
 drivers/net/vxlan/vxlan_core.c | 58 ++++++++++++++++++++++++++--------
 1 file changed, 45 insertions(+), 13 deletions(-)

diff --git a/drivers/net/vxlan/vxlan_core.c b/drivers/net/vxlan/vxlan_core.c
index 667ff17c4569..cc22844fcc4c 100644
--- a/drivers/net/vxlan/vxlan_core.c
+++ b/drivers/net/vxlan/vxlan_core.c
@@ -78,18 +78,33 @@ static inline bool vxlan_collect_metadata(struct vxlan_sock *vs)
 }
 
 /* Find VXLAN socket based on network namespace, address family, UDP port,
- * enabled unshareable flags and socket device binding (see l3mdev with
- * non-default VRF).
+ * bound address, enabled unshareable flags and socket device binding
+ * (see l3mdev with non-default VRF).
  */
 static struct vxlan_sock *vxlan_find_sock(struct net *net, sa_family_t family,
-					  __be16 port, u32 flags, int ifindex)
+					  __be16 port, u32 flags, int ifindex,
+					  union vxlan_addr *saddr)
 {
 	struct vxlan_sock *vs;
 
 	flags &= VXLAN_F_RCV_FLAGS;
 
 	hlist_for_each_entry_rcu(vs, vs_head(net, port), hlist) {
-		if (inet_sk(vs->sock->sk)->inet_sport == port &&
+		struct sock *sk = vs->sock->sk;
+		struct inet_sock *inet = inet_sk(sk);
+
+		if (flags & VXLAN_F_LOCALBIND) {
+			if (family == AF_INET &&
+			    inet->inet_rcv_saddr != saddr->sin.sin_addr.s_addr)
+				continue;
+#if IS_ENABLED(CONFIG_IPV6)
+			else if (ipv6_addr_cmp(&sk->sk_v6_rcv_saddr,
+					       &saddr->sin6.sin6_addr) != 0)
+				continue;
+#endif
+		}
+
+		if (inet->inet_sport == port &&
 		    vxlan_get_sk_family(vs) == family &&
 		    vs->flags == flags &&
 		    vs->sock->sk->sk_bound_dev_if == ifindex)
@@ -141,11 +156,12 @@ static struct vxlan_dev *vxlan_vs_find_vni(struct vxlan_sock *vs,
 /* Look up VNI in a per net namespace table */
 static struct vxlan_dev *vxlan_find_vni(struct net *net, int ifindex,
 					__be32 vni, sa_family_t family,
-					__be16 port, u32 flags)
+					__be16 port, u32 flags,
+					union vxlan_addr *saddr)
 {
 	struct vxlan_sock *vs;
 
-	vs = vxlan_find_sock(net, family, port, flags, ifindex);
+	vs = vxlan_find_sock(net, family, port, flags, ifindex, saddr);
 	if (!vs)
 		return NULL;
 
@@ -2309,7 +2325,7 @@ static int encap_bypass_if_local(struct sk_buff *skb, struct net_device *dev,
 		dst_release(dst);
 		dst_vxlan = vxlan_find_vni(vxlan->net, dst_ifindex, vni,
 					   addr_family, dst_port,
-					   vxlan->cfg.flags);
+					   vxlan->cfg.flags, &vxlan->cfg.saddr);
 		if (!dst_vxlan) {
 			DEV_STATS_INC(dev, tx_errors);
 			vxlan_vnifilter_count(vxlan, vni, NULL,
@@ -3508,8 +3524,9 @@ static const struct ethtool_ops vxlan_ethtool_ops = {
 	.get_link_ksettings	= vxlan_get_link_ksettings,
 };
 
-static struct socket *vxlan_create_sock(struct net *net, bool ipv6,
-					__be16 port, u32 flags, int ifindex)
+static struct socket *vxlan_create_sock(struct net *net, bool ipv6, __be16 port,
+					u32 flags, int ifindex,
+					union vxlan_addr *addr)
 {
 	struct socket *sock;
 	struct udp_port_cfg udp_conf;
@@ -3526,6 +3543,20 @@ static struct socket *vxlan_create_sock(struct net *net, bool ipv6,
 		udp_conf.family = AF_INET;
 	}
 
+	if (flags & VXLAN_F_LOCALBIND) {
+		if (ipv6) {
+#if IS_ENABLED(CONFIG_IPV6)
+			memcpy(&udp_conf.local_ip6.s6_addr32,
+			       &addr->sin6.sin6_addr.s6_addr32,
+			       sizeof(addr->sin6.sin6_addr.s6_addr32));
+#endif
+		} else {
+			udp_conf.local_ip.s_addr = addr->sin.sin_addr.s_addr;
+		}
+
+		udp_conf.freebind = 1;
+	}
+
 	udp_conf.local_udp_port = port;
 	udp_conf.bind_ifindex = ifindex;
 
@@ -3541,7 +3572,8 @@ static struct socket *vxlan_create_sock(struct net *net, bool ipv6,
 /* Create new listen socket if needed */
 static struct vxlan_sock *vxlan_socket_create(struct net *net, bool ipv6,
 					      __be16 port, u32 flags,
-					      int ifindex)
+					      int ifindex,
+					      union vxlan_addr *addr)
 {
 	struct vxlan_sock *vs;
 	struct socket *sock;
@@ -3557,7 +3589,7 @@ static struct vxlan_sock *vxlan_socket_create(struct net *net, bool ipv6,
 	for (h = 0; h < VNI_HASH_SIZE; ++h)
 		INIT_HLIST_HEAD(&vs->vni_list[h]);
 
-	sock = vxlan_create_sock(net, ipv6, port, flags, ifindex);
+	sock = vxlan_create_sock(net, ipv6, port, flags, ifindex, addr);
 	if (IS_ERR(sock)) {
 		kfree(vs);
 		return ERR_CAST(sock);
@@ -3610,7 +3642,7 @@ static int __vxlan_sock_add(struct vxlan_dev *vxlan, bool ipv6)
 		rcu_read_lock();
 		vs = vxlan_find_sock(vxlan->net, ipv6 ? AF_INET6 : AF_INET,
 				     vxlan->cfg.dst_port, vxlan->cfg.flags,
-				     l3mdev_index);
+				     l3mdev_index, &vxlan->cfg.saddr);
 		if (vs && !refcount_inc_not_zero(&vs->refcnt)) {
 			rcu_read_unlock();
 			return -EBUSY;
@@ -3620,7 +3652,7 @@ static int __vxlan_sock_add(struct vxlan_dev *vxlan, bool ipv6)
 	if (!vs)
 		vs = vxlan_socket_create(vxlan->net, ipv6,
 					 vxlan->cfg.dst_port, vxlan->cfg.flags,
-					 l3mdev_index);
+					 l3mdev_index, &vxlan->cfg.saddr);
 	if (IS_ERR(vs))
 		return PTR_ERR(vs);
 #if IS_ENABLED(CONFIG_IPV6)
-- 
2.36.1

[PATCH net-next v4 4/4] net: geneve: enable binding geneve sockets to local addresses

[Richard Gobert]

Allow binding geneve sockets to local addresses, similar to
the VXLAN "local" option. Add a netlink option to configure
the local address.

Like VXLAN, Geneve sockets can be bound to non-local addresses,
meaning they may be UP before their outgoing interfaces.

Signed-off-by: Richard Gobert <richardbgobert@gmail.com>
---
 drivers/net/geneve.c               | 80 +++++++++++++++++++++++++++---
 include/net/geneve.h               |  6 +++
 include/uapi/linux/if_link.h       |  2 +
 tools/include/uapi/linux/if_link.h |  2 +
 4 files changed, 82 insertions(+), 8 deletions(-)

diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c
index 54384f9b3872..bc88b9a52410 100644
--- a/drivers/net/geneve.c
+++ b/drivers/net/geneve.c
@@ -61,6 +61,7 @@ struct geneve_config {
 	bool			inner_proto_inherit;
 	u16			port_min;
 	u16			port_max;
+	union geneve_addr	saddr;
 };
 
 /* Pseudo network device */
@@ -465,7 +466,8 @@ static int geneve_udp_encap_err_lookup(struct sock *sk, struct sk_buff *skb)
 }
 
 static struct socket *geneve_create_sock(struct net *net, bool ipv6,
-					 __be16 port, bool ipv6_rx_csum)
+					 __be16 port, bool ipv6_rx_csum,
+					 union geneve_addr *local_addr)
 {
 	struct socket *sock;
 	struct udp_port_cfg udp_conf;
@@ -477,11 +479,20 @@ static struct socket *geneve_create_sock(struct net *net, bool ipv6,
 		udp_conf.family = AF_INET6;
 		udp_conf.ipv6_v6only = 1;
 		udp_conf.use_udp6_rx_checksums = ipv6_rx_csum;
+#if IS_ENABLED(CONFIG_IPV6)
+		memcpy(&udp_conf.local_ip6,
+		       &local_addr->sin6.sin6_addr,
+		       sizeof(local_addr->sin6.sin6_addr));
+#endif
 	} else {
 		udp_conf.family = AF_INET;
 		udp_conf.local_ip.s_addr = htonl(INADDR_ANY);
+		memcpy(&udp_conf.local_ip,
+		       &local_addr->sin.sin_addr,
+		       sizeof(local_addr->sin.sin_addr));
 	}
 
+	udp_conf.freebind = 1;
 	udp_conf.local_udp_port = port;
 
 	/* Open UDP socket */
@@ -586,7 +597,8 @@ static int geneve_gro_complete(struct sock *sk, struct sk_buff *skb,
 
 /* Create new listen socket if needed */
 static struct geneve_sock *geneve_socket_create(struct net *net, __be16 port,
-						bool ipv6, bool ipv6_rx_csum)
+						bool ipv6, bool ipv6_rx_csum,
+						union geneve_addr *local_addr)
 {
 	struct geneve_net *gn = net_generic(net, geneve_net_id);
 	struct geneve_sock *gs;
@@ -598,7 +610,7 @@ static struct geneve_sock *geneve_socket_create(struct net *net, __be16 port,
 	if (!gs)
 		return ERR_PTR(-ENOMEM);
 
-	sock = geneve_create_sock(net, ipv6, port, ipv6_rx_csum);
+	sock = geneve_create_sock(net, ipv6, port, ipv6_rx_csum, local_addr);
 	if (IS_ERR(sock)) {
 		kfree(gs);
 		return ERR_CAST(sock);
@@ -657,12 +669,24 @@ static void geneve_sock_release(struct geneve_dev *geneve)
 
 static struct geneve_sock *geneve_find_sock(struct geneve_net *gn,
 					    sa_family_t family,
-					    __be16 dst_port)
+					    __be16 dst_port,
+						union geneve_addr *saddr)
 {
 	struct geneve_sock *gs;
 
 	list_for_each_entry(gs, &gn->sock_list, list) {
-		if (inet_sk(gs->sock->sk)->inet_sport == dst_port &&
+		struct sock *sk = gs->sock->sk;
+		struct inet_sock *inet = inet_sk(sk);
+
+		if (family == AF_INET &&
+		    inet->inet_rcv_saddr != saddr->sin.sin_addr.s_addr)
+			continue;
+
+		else if (ipv6_addr_cmp(&sk->sk_v6_rcv_saddr,
+				       &saddr->sin6.sin6_addr) != 0)
+			continue;
+
+		if (inet->inet_sport == dst_port &&
 		    geneve_get_sk_family(gs) == family) {
 			return gs;
 		}
@@ -679,14 +703,16 @@ static int geneve_sock_add(struct geneve_dev *geneve, bool ipv6)
 	__u8 vni[3];
 	__u32 hash;
 
-	gs = geneve_find_sock(gn, ipv6 ? AF_INET6 : AF_INET, geneve->cfg.info.key.tp_dst);
+	gs = geneve_find_sock(gn, ipv6 ? AF_INET6 : AF_INET,
+			      geneve->cfg.info.key.tp_dst, &geneve->cfg.saddr);
 	if (gs) {
 		gs->refcnt++;
 		goto out;
 	}
 
 	gs = geneve_socket_create(net, geneve->cfg.info.key.tp_dst, ipv6,
-				  geneve->cfg.use_udp6_rx_checksums);
+				  geneve->cfg.use_udp6_rx_checksums,
+				  &geneve->cfg.saddr);
 	if (IS_ERR(gs))
 		return PTR_ERR(gs);
 
@@ -1246,6 +1272,8 @@ static const struct nla_policy geneve_policy[IFLA_GENEVE_MAX + 1] = {
 	[IFLA_GENEVE_DF]		= { .type = NLA_U8 },
 	[IFLA_GENEVE_INNER_PROTO_INHERIT]	= { .type = NLA_FLAG },
 	[IFLA_GENEVE_PORT_RANGE]	= NLA_POLICY_EXACT_LEN(sizeof(struct ifla_geneve_port_range)),
+	[IFLA_GENEVE_LOCAL]	= NLA_POLICY_EXACT_LEN(sizeof_field(struct iphdr, saddr)),
+	[IFLA_GENEVE_LOCAL6]	= NLA_POLICY_EXACT_LEN(sizeof(struct in6_addr)),
 };
 
 static int geneve_validate(struct nlattr *tb[], struct nlattr *data[],
@@ -1596,6 +1624,32 @@ static int geneve_nl2info(struct nlattr *tb[], struct nlattr *data[],
 		cfg->inner_proto_inherit = true;
 	}
 
+	if (data[IFLA_GENEVE_LOCAL]) {
+		if (changelink && (ip_tunnel_info_af(info) != AF_INET)) {
+			attrtype = IFLA_GENEVE_LOCAL;
+			goto change_notsup;
+		}
+
+		cfg->saddr.sin.sin_addr.s_addr = nla_get_in_addr(data[IFLA_GENEVE_LOCAL]);
+		cfg->saddr.sa.sa_family = AF_INET;
+	}
+
+	if (data[IFLA_GENEVE_LOCAL6]) {
+#if IS_ENABLED(CONFIG_IPV6)
+		if (changelink && (ip_tunnel_info_af(info) != AF_INET6)) {
+			attrtype = IFLA_GENEVE_LOCAL6;
+			goto change_notsup;
+		}
+
+		cfg->saddr.sin6.sin6_addr = nla_get_in6_addr(data[IFLA_GENEVE_LOCAL6]);
+		cfg->saddr.sa.sa_family = AF_INET6;
+#else
+		NL_SET_ERR_MSG_ATTR(extack, data[IFLA_GENEVE_LOCAL6],
+				    "IPv6 support not enabled in the kernel");
+		return -EPFNOSUPPORT;
+#endif
+	}
+
 	return 0;
 change_notsup:
 	NL_SET_ERR_MSG_ATTR(extack, data[attrtype],
@@ -1782,6 +1836,7 @@ static size_t geneve_get_size(const struct net_device *dev)
 		nla_total_size(sizeof(__u8)) + /* IFLA_GENEVE_TTL_INHERIT */
 		nla_total_size(0) +	 /* IFLA_GENEVE_INNER_PROTO_INHERIT */
 		nla_total_size(sizeof(struct ifla_geneve_port_range)) + /* IFLA_GENEVE_PORT_RANGE */
+		nla_total_size(sizeof(struct in6_addr)) + /* IFLA_GENEVE_LOCAL{6} */
 		0;
 }
 
@@ -1807,16 +1862,25 @@ static int geneve_fill_info(struct sk_buff *skb, const struct net_device *dev)
 		if (nla_put_in_addr(skb, IFLA_GENEVE_REMOTE,
 				    info->key.u.ipv4.dst))
 			goto nla_put_failure;
+
+		if (nla_put_in_addr(skb, IFLA_GENEVE_LOCAL,
+				    info->key.u.ipv4.src))
+			goto nla_put_failure;
+
 		if (nla_put_u8(skb, IFLA_GENEVE_UDP_CSUM,
 			       test_bit(IP_TUNNEL_CSUM_BIT,
 					info->key.tun_flags)))
 			goto nla_put_failure;
-
 #if IS_ENABLED(CONFIG_IPV6)
 	} else if (!metadata) {
 		if (nla_put_in6_addr(skb, IFLA_GENEVE_REMOTE6,
 				     &info->key.u.ipv6.dst))
 			goto nla_put_failure;
+
+		if (nla_put_in6_addr(skb, IFLA_GENEVE_LOCAL6,
+				     &info->key.u.ipv6.src))
+			goto nla_put_failure;
+
 		if (nla_put_u8(skb, IFLA_GENEVE_UDP_ZERO_CSUM6_TX,
 			       !test_bit(IP_TUNNEL_CSUM_BIT,
 					 info->key.tun_flags)))
diff --git a/include/net/geneve.h b/include/net/geneve.h
index 5c96827a487e..7b12c70db11f 100644
--- a/include/net/geneve.h
+++ b/include/net/geneve.h
@@ -62,6 +62,12 @@ struct genevehdr {
 	u8 options[];
 };
 
+union geneve_addr {
+	struct sockaddr_in sin;
+	struct sockaddr_in6 sin6;
+	struct sockaddr sa;
+};
+
 static inline bool netif_is_geneve(const struct net_device *dev)
 {
 	return dev->rtnl_link_ops &&
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index 7350129b1444..ff362d76a0d4 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -1442,6 +1442,8 @@ enum {
 	IFLA_GENEVE_DF,
 	IFLA_GENEVE_INNER_PROTO_INHERIT,
 	IFLA_GENEVE_PORT_RANGE,
+	IFLA_GENEVE_LOCAL,
+	IFLA_GENEVE_LOCAL6,
 	__IFLA_GENEVE_MAX
 };
 #define IFLA_GENEVE_MAX	(__IFLA_GENEVE_MAX - 1)
diff --git a/tools/include/uapi/linux/if_link.h b/tools/include/uapi/linux/if_link.h
index eee934cc2cf4..894a1aa91133 100644
--- a/tools/include/uapi/linux/if_link.h
+++ b/tools/include/uapi/linux/if_link.h
@@ -1438,6 +1438,8 @@ enum {
 	IFLA_GENEVE_TTL_INHERIT,
 	IFLA_GENEVE_DF,
 	IFLA_GENEVE_INNER_PROTO_INHERIT,
+	IFLA_GENEVE_LOCAL,
+	IFLA_GENEVE_LOCAL6,
 	__IFLA_GENEVE_MAX
 };
 #define IFLA_GENEVE_MAX	(__IFLA_GENEVE_MAX - 1)
-- 
2.36.1

Re: [PATCH net-next v4 4/4] net: geneve: enable binding geneve sockets to local addresses

[Simon Horman]

On Thu, Jul 17, 2025 at 01:54:12PM +0200, Richard Gobert wrote:

...

> diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c

...

>  static struct geneve_sock *geneve_find_sock(struct geneve_net *gn,
>  					    sa_family_t family,
> -					    __be16 dst_port)
> +					    __be16 dst_port,
> +						union geneve_addr *saddr)
>  {
>  	struct geneve_sock *gs;
>  
>  	list_for_each_entry(gs, &gn->sock_list, list) {
> -		if (inet_sk(gs->sock->sk)->inet_sport == dst_port &&
> +		struct sock *sk = gs->sock->sk;
> +		struct inet_sock *inet = inet_sk(sk);
> +
> +		if (family == AF_INET &&
> +		    inet->inet_rcv_saddr != saddr->sin.sin_addr.s_addr)
> +			continue;
> +
> +		else if (ipv6_addr_cmp(&sk->sk_v6_rcv_saddr,
> +				       &saddr->sin6.sin6_addr) != 0)
> +			continue;

Hi Richard,

Unfortunately this fails to build when CONFIG_IPV6 is not set.

  .../geneve.c:685:31: error: no member named 'skc_v6_rcv_saddr' in 'struct sock_common'; did you mean 'skc_rcv_saddr'?
    685 |                 else if (ipv6_addr_cmp(&sk->sk_v6_rcv_saddr,
        |                                             ^
  ./include/net/sock.h:385:37: note: expanded from macro 'sk_v6_rcv_saddr'
    385 | #define sk_v6_rcv_saddr __sk_common.skc_v6_rcv_saddr
        |                                     ^
  ./include/net/sock.h:155:11: note: 'skc_rcv_saddr' declared here
    155 |                         __be32  skc_rcv_saddr;
        |                                 ^

> +
> +		if (inet->inet_sport == dst_port &&
>  		    geneve_get_sk_family(gs) == family) {
>  			return gs;
>  		}

...

-- 
pw-bot: changes-requested

Re: [PATCH net-next v4 2/4] net: vxlan: add netlink option to bind vxlan sockets to local addresses

[Simon Horman]

On Thu, Jul 17, 2025 at 01:54:10PM +0200, Richard Gobert wrote:

...

> @@ -4596,7 +4615,9 @@ static int vxlan_fill_info(struct sk_buff *skb, const struct net_device *dev)
>  	    nla_put_u8(skb, IFLA_VXLAN_REMCSUM_RX,
>  		       !!(vxlan->cfg.flags & VXLAN_F_REMCSUM_RX)) ||
>  	    nla_put_u8(skb, IFLA_VXLAN_LOCALBYPASS,
> -		       !!(vxlan->cfg.flags & VXLAN_F_LOCALBYPASS)))
> +		       !!(vxlan->cfg.flags & VXLAN_F_LOCALBYPASS)) ||
> +		nla_put_u8(skb, IFLA_VXLAN_LOCALBIND,
> +			   !!(vxlan->cfg.flags & VXLAN_F_LOCALBIND)))

nit: the indentation of the above two lines seems inconsistent with those
     above them - I think it should be a tab and four spaces, rather than
     two tabs.

>  		goto nla_put_failure;
>  
>  	if (nla_put(skb, IFLA_VXLAN_PORT_RANGE, sizeof(ports), &ports))

...

Re: [PATCH net-next v4 4/4] net: geneve: enable binding geneve sockets to local addresses

[Simon Horman]

On Fri, Jul 18, 2025 at 08:31:41AM +0100, Simon Horman wrote:
> On Thu, Jul 17, 2025 at 01:54:12PM +0200, Richard Gobert wrote:
> 
> ...
> 
> > diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c
> 
> ...
> 
> >  static struct geneve_sock *geneve_find_sock(struct geneve_net *gn,
> >  					    sa_family_t family,
> > -					    __be16 dst_port)
> > +					    __be16 dst_port,
> > +						union geneve_addr *saddr)

Sorry, one more minor thing: the indentatoin on the line above looks off.

...

Re: [PATCH net-next v4 4/4] net: geneve: enable binding geneve sockets to local addresses

[kernel test robot]

Hi Richard,

kernel test robot noticed the following build errors:

[auto build test ERROR on net-next/main]

url:    https://github.com/intel-lab-lkp/linux/commits/Richard-Gobert/net-udp-add-freebind-option-to-udp_sock_create/20250717-200233
base:   net-next/main
patch link:    https://lore.kernel.org/r/20250717115412.11424-5-richardbgobert%40gmail.com
patch subject: [PATCH net-next v4 4/4] net: geneve: enable binding geneve sockets to local addresses
config: arm-randconfig-001-20250718 (https://download.01.org/0day-ci/archive/20250718/202507181610.vgBNLLYf-lkp@intel.com/config)
compiler: arm-linux-gnueabi-gcc (GCC) 8.5.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250718/202507181610.vgBNLLYf-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202507181610.vgBNLLYf-lkp@intel.com/

All errors (new ones prefixed by >>):

   In file included from include/net/ipv6_stubs.h:11,
                    from drivers/net/geneve.c:15:
   drivers/net/geneve.c: In function 'geneve_find_sock':
>> include/net/sock.h:385:37: error: 'struct sock_common' has no member named 'skc_v6_rcv_saddr'; did you mean 'skc_rcv_saddr'?
    #define sk_v6_rcv_saddr __sk_common.skc_v6_rcv_saddr
                                        ^~~~~~~~~~~~~~~~
   drivers/net/geneve.c:685:31: note: in expansion of macro 'sk_v6_rcv_saddr'
      else if (ipv6_addr_cmp(&sk->sk_v6_rcv_saddr,
                                  ^~~~~~~~~~~~~~~
--
   In file included from include/net/ipv6_stubs.h:11,
                    from geneve.c:15:
   geneve.c: In function 'geneve_find_sock':
>> include/net/sock.h:385:37: error: 'struct sock_common' has no member named 'skc_v6_rcv_saddr'; did you mean 'skc_rcv_saddr'?
    #define sk_v6_rcv_saddr __sk_common.skc_v6_rcv_saddr
                                        ^~~~~~~~~~~~~~~~
   geneve.c:685:31: note: in expansion of macro 'sk_v6_rcv_saddr'
      else if (ipv6_addr_cmp(&sk->sk_v6_rcv_saddr,
                                  ^~~~~~~~~~~~~~~


vim +385 include/net/sock.h

4dc6dc7162c08b Eric Dumazet             2009-07-15  364  
68835aba4d9b74 Eric Dumazet             2010-11-30  365  #define sk_dontcopy_begin	__sk_common.skc_dontcopy_begin
68835aba4d9b74 Eric Dumazet             2010-11-30  366  #define sk_dontcopy_end		__sk_common.skc_dontcopy_end
4dc6dc7162c08b Eric Dumazet             2009-07-15  367  #define sk_hash			__sk_common.skc_hash
5080546682bae3 Eric Dumazet             2013-10-02  368  #define sk_portpair		__sk_common.skc_portpair
05dbc7b59481ca Eric Dumazet             2013-10-03  369  #define sk_num			__sk_common.skc_num
05dbc7b59481ca Eric Dumazet             2013-10-03  370  #define sk_dport		__sk_common.skc_dport
5080546682bae3 Eric Dumazet             2013-10-02  371  #define sk_addrpair		__sk_common.skc_addrpair
5080546682bae3 Eric Dumazet             2013-10-02  372  #define sk_daddr		__sk_common.skc_daddr
5080546682bae3 Eric Dumazet             2013-10-02  373  #define sk_rcv_saddr		__sk_common.skc_rcv_saddr
^1da177e4c3f41 Linus Torvalds           2005-04-16  374  #define sk_family		__sk_common.skc_family
^1da177e4c3f41 Linus Torvalds           2005-04-16  375  #define sk_state		__sk_common.skc_state
^1da177e4c3f41 Linus Torvalds           2005-04-16  376  #define sk_reuse		__sk_common.skc_reuse
055dc21a1d1d21 Tom Herbert              2013-01-22  377  #define sk_reuseport		__sk_common.skc_reuseport
9fe516ba3fb29b Eric Dumazet             2014-06-27  378  #define sk_ipv6only		__sk_common.skc_ipv6only
26abe14379f8e2 Eric W. Biederman        2015-05-08  379  #define sk_net_refcnt		__sk_common.skc_net_refcnt
^1da177e4c3f41 Linus Torvalds           2005-04-16  380  #define sk_bound_dev_if		__sk_common.skc_bound_dev_if
^1da177e4c3f41 Linus Torvalds           2005-04-16  381  #define sk_bind_node		__sk_common.skc_bind_node
8feaf0c0a5488b Arnaldo Carvalho de Melo 2005-08-09  382  #define sk_prot			__sk_common.skc_prot
07feaebfcc10cd Eric W. Biederman        2007-09-12  383  #define sk_net			__sk_common.skc_net
efe4208f47f907 Eric Dumazet             2013-10-03  384  #define sk_v6_daddr		__sk_common.skc_v6_daddr
efe4208f47f907 Eric Dumazet             2013-10-03 @385  #define sk_v6_rcv_saddr	__sk_common.skc_v6_rcv_saddr
33cf7c90fe2f97 Eric Dumazet             2015-03-11  386  #define sk_cookie		__sk_common.skc_cookie
70da268b569d32 Eric Dumazet             2015-10-08  387  #define sk_incoming_cpu		__sk_common.skc_incoming_cpu
8e5eb54d303b7c Eric Dumazet             2015-10-08  388  #define sk_flags		__sk_common.skc_flags
ed53d0ab761f5c Eric Dumazet             2015-10-08  389  #define sk_rxhash		__sk_common.skc_rxhash
efe4208f47f907 Eric Dumazet             2013-10-03  390  
5d4cc87414c5d1 Eric Dumazet             2024-02-16  391  	__cacheline_group_begin(sock_write_rx);
43f51df4172955 Eric Dumazet             2021-11-15  392  
9115e8cd2a0c6e Eric Dumazet             2016-12-03  393  	atomic_t		sk_drops;
5d4cc87414c5d1 Eric Dumazet             2024-02-16  394  	__s32			sk_peek_off;
9115e8cd2a0c6e Eric Dumazet             2016-12-03  395  	struct sk_buff_head	sk_error_queue;
b178bb3dfc30d9 Eric Dumazet             2010-11-16  396  	struct sk_buff_head	sk_receive_queue;
fa438ccfdfd3f6 Eric Dumazet             2007-03-04  397  	/*
fa438ccfdfd3f6 Eric Dumazet             2007-03-04  398  	 * The backlog queue is special, it is always used with
fa438ccfdfd3f6 Eric Dumazet             2007-03-04  399  	 * the per-socket spinlock held and requires low latency
fa438ccfdfd3f6 Eric Dumazet             2007-03-04  400  	 * access. Therefore we special case it's implementation.
b178bb3dfc30d9 Eric Dumazet             2010-11-16  401  	 * Note : rmem_alloc is in this structure to fill a hole
b178bb3dfc30d9 Eric Dumazet             2010-11-16  402  	 * on 64bit arches, not because its logically part of
b178bb3dfc30d9 Eric Dumazet             2010-11-16  403  	 * backlog.
fa438ccfdfd3f6 Eric Dumazet             2007-03-04  404  	 */
fa438ccfdfd3f6 Eric Dumazet             2007-03-04  405  	struct {
b178bb3dfc30d9 Eric Dumazet             2010-11-16  406  		atomic_t	rmem_alloc;
b178bb3dfc30d9 Eric Dumazet             2010-11-16  407  		int		len;
fa438ccfdfd3f6 Eric Dumazet             2007-03-04  408  		struct sk_buff	*head;
fa438ccfdfd3f6 Eric Dumazet             2007-03-04  409  		struct sk_buff	*tail;
fa438ccfdfd3f6 Eric Dumazet             2007-03-04  410  	} sk_backlog;
b178bb3dfc30d9 Eric Dumazet             2010-11-16  411  #define sk_rmem_alloc sk_backlog.rmem_alloc
2c8c56e15df3d4 Eric Dumazet             2014-11-11  412  
5d4cc87414c5d1 Eric Dumazet             2024-02-16  413  	__cacheline_group_end(sock_write_rx);
5d4cc87414c5d1 Eric Dumazet             2024-02-16  414  
5d4cc87414c5d1 Eric Dumazet             2024-02-16  415  	__cacheline_group_begin(sock_read_rx);
5d4cc87414c5d1 Eric Dumazet             2024-02-16  416  	/* early demux fields */
5d4cc87414c5d1 Eric Dumazet             2024-02-16  417  	struct dst_entry __rcu	*sk_rx_dst;
5d4cc87414c5d1 Eric Dumazet             2024-02-16  418  	int			sk_rx_dst_ifindex;
5d4cc87414c5d1 Eric Dumazet             2024-02-16  419  	u32			sk_rx_dst_cookie;
5d4cc87414c5d1 Eric Dumazet             2024-02-16  420  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: [PATCH net-next v4 0/4] net: add local address bind support to vxlan and geneve

[Ido Schimmel]

On Thu, Jul 17, 2025 at 01:54:08PM +0200, Richard Gobert wrote:
> This series adds local address bind support to both vxlan
> and geneve sockets.

A few comments:

1. Binding the VXLAN socket to the local address does break
functionality. Run the VXLAN selftests in tools/testing/selftests/net/
and you will see failures. IOW, you cannot change the default behavior.
You might not need the first patch if the new behavior is opt-in rather
than opt-out.

2. Please add a selftest for the new functionality. See the existing
VXLAN selftests for reference. There is no need to wait for the iproute2
patch to be accepted. You can have a check to skip the test if iproute2
does not have the required functionality.

3. The cover letter should explain the motivation for these patches.
Currently it only explains what the patches do.

Re: [PATCH net-next v4 2/4] net: vxlan: add netlink option to bind vxlan sockets to local addresses

[Ido Schimmel]

On Thu, Jul 17, 2025 at 01:54:10PM +0200, Richard Gobert wrote:
> diff --git a/drivers/net/vxlan/vxlan_core.c b/drivers/net/vxlan/vxlan_core.c
> index bcde95cb2a2e..667ff17c4569 100644
> --- a/drivers/net/vxlan/vxlan_core.c
> +++ b/drivers/net/vxlan/vxlan_core.c
> @@ -3406,6 +3406,7 @@ static const struct nla_policy vxlan_policy[IFLA_VXLAN_MAX + 1] = {
>  	[IFLA_VXLAN_LABEL_POLICY]       = NLA_POLICY_MAX(NLA_U32, VXLAN_LABEL_MAX),
>  	[IFLA_VXLAN_RESERVED_BITS] = NLA_POLICY_EXACT_LEN(sizeof(struct vxlanhdr)),
>  	[IFLA_VXLAN_MC_ROUTE]		= NLA_POLICY_MAX(NLA_U8, 1),
> +	[IFLA_VXLAN_LOCALBIND]	= { .type = NLA_U8 },

NLA_POLICY_MAX(NLA_U8, 1) is more future proof in the unlikely case that
we would want to assign different meanings to values greater than 1.

>  };

Re: [PATCH net-next v4 4/4] net: geneve: enable binding geneve sockets to local addresses

[Ido Schimmel]

On Thu, Jul 17, 2025 at 01:54:12PM +0200, Richard Gobert wrote:
> @@ -1246,6 +1272,8 @@ static const struct nla_policy geneve_policy[IFLA_GENEVE_MAX + 1] = {
>  	[IFLA_GENEVE_DF]		= { .type = NLA_U8 },
>  	[IFLA_GENEVE_INNER_PROTO_INHERIT]	= { .type = NLA_FLAG },
>  	[IFLA_GENEVE_PORT_RANGE]	= NLA_POLICY_EXACT_LEN(sizeof(struct ifla_geneve_port_range)),
> +	[IFLA_GENEVE_LOCAL]	= NLA_POLICY_EXACT_LEN(sizeof_field(struct iphdr, saddr)),
> +	[IFLA_GENEVE_LOCAL6]	= NLA_POLICY_EXACT_LEN(sizeof(struct in6_addr)),
>  };

Please update rt_link.yaml as well. See for example:
https://lore.kernel.org/all/20250226182030.89440-2-daniel@iogearbox.net/

Re: [PATCH net-next v4 0/4] net: add local address bind support to vxlan and geneve

[Richard Gobert]

Ido Schimmel wrote:
> On Thu, Jul 17, 2025 at 01:54:08PM +0200, Richard Gobert wrote:
>> This series adds local address bind support to both vxlan
>> and geneve sockets.
> 
> A few comments:
> 
> 1. Binding the VXLAN socket to the local address does break
> functionality. Run the VXLAN selftests in tools/testing/selftests/net/
> and you will see failures. IOW, you cannot change the default behavior.
Missed the failing tests. Will be fixed in the next revision.

> You might not need the first patch if the new behavior is opt-in rather
> than opt-out.
This patch allows the localbind option to be set while the outgoing
interface is down. IMO, it is desirable.

> 
> 2. Please add a selftest for the new functionality. See the existing
> VXLAN selftests for reference. There is no need to wait for the iproute2
> patch to be accepted. You can have a check to skip the test if iproute2
> does not have the required functionality.
Do you think adding a new test that verifies that the localbind option
works would be sufficient?

> 
> 3. The cover letter should explain the motivation for these patches.
> Currently it only explains what the patches do.
Noted. Will write a better cover letter once all other issues are resolved.

Re: [PATCH net-next v4 0/4] net: add local address bind support to vxlan and geneve

[Ido Schimmel]

On Thu, Jul 31, 2025 at 02:05:06PM +0200, Richard Gobert wrote:
> Do you think adding a new test that verifies that the localbind option
> works would be sufficient?

Yes. My request was to add a selftest that verifies that the new option
works as expected. I usually test both good and bad flows (flows that I
expect to fail) and both control path and data path operations.