| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 18 Mar 2017 02:59:57 +0100
From: Daniele Orlandi <daniele@...andi.com>
To: netdev@...r.kernel.org
Subject: SO_BINDTODEVICE in VRFs not working?
Hello,
I'm writing an application that should listen on a TCP port bound to an
inteface in a VRF.
The bind/listen sequence is the following:
int s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
char *ifname = "eth1";
setsockopt(s, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen(ifname)+1);
struct sockaddr_in addr;
memset(&addr, 0, sizeof addr);
addr.sin_family = AF_INET;
addr.sin_port = htons(555);
addr.sin_addr.s_addr = inet_addr("0.0.0.0");
bind(s, (struct sockaddr *)&addr, sizeof(addr));
listen(s, 5);
The application is confirmed to be bound to the correct interface via "ss":
Netid State Local Address:Port Peer Address:Port
tcp LISTEN *%eth1:555 *:*
I can ping the interface address finely, however I get an RST whenever I
try to connect from a remote host:
$ ping 10.10.10.10
PING 10.10.10.10 (10.10.10.10) 56(84) bytes of data.
64 bytes from 10.10.10.10: icmp_seq=1 ttl=64 time=0.758 ms
64 bytes from 10.10.10.10: icmp_seq=2 ttl=64 time=0.350 ms
$ telnet 10.10.10.10 555
Trying 10.10.10.10...
telnet: Unable to connect to remote host: Connection refused
A similar piece of code without setsockopt run via "ip vrf exec" does
however work!
What am I doing wrong?!?!
Thank you!
--
Daniele Orlandi
Powered by blists - more mailing lists