lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 18 Mar 2017 02:59:57 +0100
From:   Daniele Orlandi <daniele@...andi.com>
To:     netdev@...r.kernel.org
Subject: SO_BINDTODEVICE in VRFs not working?


Hello,

I'm writing an application that should listen on a TCP port bound to an 
inteface in a VRF.

The bind/listen sequence is the following:

   int s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);

   char *ifname = "eth1";
   setsockopt(s, SOL_SOCKET, SO_BINDTODEVICE, ifname, strlen(ifname)+1);

   struct sockaddr_in addr;
   memset(&addr, 0, sizeof addr);
   addr.sin_family = AF_INET;
   addr.sin_port = htons(555);
   addr.sin_addr.s_addr = inet_addr("0.0.0.0");

   bind(s, (struct sockaddr *)&addr, sizeof(addr));

   listen(s, 5);

The application is confirmed to be bound to the correct interface via "ss":

Netid State    Local Address:Port     Peer Address:Port
tcp   LISTEN   *%eth1:555             *:*

I can ping the interface address finely, however I get an RST whenever I 
try to connect from a remote host:

$ ping 10.10.10.10
PING 10.10.10.10 (10.10.10.10) 56(84) bytes of data.
64 bytes from 10.10.10.10: icmp_seq=1 ttl=64 time=0.758 ms
64 bytes from 10.10.10.10: icmp_seq=2 ttl=64 time=0.350 ms

$ telnet 10.10.10.10 555
Trying 10.10.10.10...
telnet: Unable to connect to remote host: Connection refused

A similar piece of code without setsockopt run via "ip vrf exec" does 
however work!


What am I doing wrong?!?!

Thank you!

-- 
   Daniele Orlandi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ