[PATCH 0/3] More graceful handling of kernels without SO_BINDTODEVICE
Kernels before v5.7 don't allow unprivileged processes to use the SO_BINDTODEVICE socket option, which is how we implement per-device listening (e.g. "-t ""%eth0/80"). Currently we detect this error quite late, and don't produce a particularly helpful error message. Improve error messages in this case by explicitly probing for support of the option early. More importantly this will allow me to implement fallback handling for older kernels in upcoming socket binding cleanups. Note: this series applies directly on the current main branch, I'm going to rebase my socket binding series on top of this, instead of the other way around. David Gibson (3): util: Correct error message on SO_BINDTODEVICE failure util: Extend sock_probe_mem() to sock_probe_features() conf: More useful errors for kernels without SO_BINDTODEVICE conf.c | 6 ++++++ passt.c | 2 +- passt.h | 1 + util.c | 26 +++++++++++++++++++++----- util.h | 2 +- 5 files changed, 30 insertions(+), 7 deletions(-) -- 2.51.1
The warning message we print of SO_BINDTODEVICE fails is incorrect: we
include EPOLL_TYPE_STR(proto), but the proto variable is not an epoll type
so this will generate misleading garbage. This has been wrong ever since
340164445 but the message is rare enough that we never noticed.
Correct that, and reword the message a bit for clarity while we're
there.
Fixes: 340164445341 ("epoll: Generalize epoll_ref to cover things other than sockets")
Signed-off-by: David Gibson
Before 5.7, the kernel didn't allow SO_BINDTODEVICE to be called
unprivileged. That means for earlier kernels, we can't implement binding
listening sockets to a specific interface (e.g. -t %eth0/80).
Currently we'll generate an error on this at the point we actually attempt
the SO_BINDTODEVICE setsockopt(), at which point the connection to the
command line option might not be entirely clear.
Use the fact we now probe for SO_BINDTODEVICE support to make a clearer
error message at the time we parse the forwarding option.
Signed-off-by: David Gibson
participants (1)
-
David Gibson