From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Ahern Subject: Re: [PATCH net-next v5 1/9] net: allow binding socket in a VRF when there's an unbound socket Date: Wed, 7 Nov 2018 12:06:24 -0700 Message-ID: References: <20181107153610.7526-1-mmanning@vyatta.att-mail.com> <20181107153610.7526-2-mmanning@vyatta.att-mail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Cc: Robert Shearman To: Mike Manning , netdev@vger.kernel.org Return-path: Received: from mail-pg1-f193.google.com ([209.85.215.193]:36540 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726453AbeKHEiI (ORCPT ); Wed, 7 Nov 2018 23:38:08 -0500 Received: by mail-pg1-f193.google.com with SMTP id z17-v6so7716699pgv.3 for ; Wed, 07 Nov 2018 11:06:27 -0800 (PST) In-Reply-To: <20181107153610.7526-2-mmanning@vyatta.att-mail.com> Content-Language: en-US Sender: netdev-owner@vger.kernel.org List-ID: On 11/7/18 8:36 AM, Mike Manning wrote: > From: Robert Shearman > > Change the inet socket lookup to avoid packets arriving on a device > enslaved to an l3mdev from matching unbound sockets by removing the > wildcard for non sk_bound_dev_if and instead relying on check against > the secondary device index, which will be 0 when the input device is > not enslaved to an l3mdev and so match against an unbound socket and > not match when the input device is enslaved. > > Change the socket binding to take the l3mdev into account to allow an > unbound socket to not conflict sockets bound to an l3mdev given the > datapath isolation now guaranteed. > > Signed-off-by: Robert Shearman > Signed-off-by: Mike Manning > --- > Documentation/networking/vrf.txt | 9 +++++---- > include/net/inet6_hashtables.h | 5 ++--- > include/net/inet_hashtables.h | 13 ++++++------- > include/net/inet_sock.h | 13 +++++++++++++ > net/ipv4/inet_connection_sock.c | 13 ++++++++++--- > net/ipv4/inet_hashtables.c | 20 +++++++++++++++----- > 6 files changed, 51 insertions(+), 22 deletions(-) Reviewed-by: David Ahern Tested-by: David Ahern