Vincent Gross <[email protected]> writes: > On Sun, 12 Jun 2016 15:29:32 +0200 (CEST) > Mark Kettenis <[email protected]> wrote: > >> > Date: Sun, 12 Jun 2016 14:59:55 +0200 >> > From: Vincent Gross <[email protected]> >> > >> > This diff adds support for IP_SENDSRCADDR cmsg on UDP sockets. As >> > for udp6_output(), we check that the source address+port is >> > available only if inp_laddr != * >> > >> > Ok ? >> >> Why do we need this? cmsg stuff is fragile, so we want the to keep it >> as simple as possible.
cmsg may be fragile, there are no alternatives for that kind of stuff. > In iked.conf(5), you can specify the local and remote addresses to use > for IKEv2 handshake. Let's say I have 192.0.2.1/25 on em0, and > 192.0.2.129/25 on em1, and that I have a single udp socket bound to > 0.0.0.0. I receive an IKEv2 message on em0, with 192.0.2.129 as > destination address, and a source address reachable only via em0. > If I reply with the receiving socket, in_selectsrc() will pick 192.0.2.1 > as the reply source address, and the handshake will abort. > > isakmpd(8) work around this by opening one socket per local address. > This means that we must either watch for RTM_NEWADDR and RTM_DELADDR, > or poll using getifaddrs(3), if we want to catch all changes. > > This is one example, I remember other developers saying how they > would benefit from this, but I can't find the conversations back :P Similarly, DNS requires that the server replies using the destination address of the query packet. This lead software like named to implement a workaround like the one present in isakmpd, when a much easier solution is to specify the source address. IPv6 already provides IPV6_PKTINFO. IP_SENDSRCADDR (iiuc from FreeBSD) can be used by unbound in base and at least dnsmasq and powerdns in ports (powerdns kinda requires it). A long overdue addition, IMO. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
