[PATCH] Allow address scopes for non-link-local addresses

Ondrej Zajicek santiago at crfreenet.org
Sat Mar 11 17:13:13 CET 2017


On Tue, Mar 07, 2017 at 04:50:34PM +0000, Fritz Grimpen wrote:
> Hi.
> 
> Here is a small patch which allows non-zero address scopes on
> non-link-local addresses. This is required to create connections inside
> a VRF domain, as the Linux kernel documentation states.

Hi

I would accept the patch, but i have some comments / questions.

1) I suppose the iface used as argument is the real iface, not the VRF
iface.

2) IMHO the patch will work just for outgoing single hop connections.
Incoming connections are still dispatched regardless of iface option.
It also does not work for multihop sessions (IBGP). Fixing incoming
connections would be easy, fixing multihop not so.

3) The patch comment says 'while for connecting sockets setting the
SO_BINDTODEVICE sockopt is neccessary', but that is irrelevant to how the
patch works. It only restrict neigh_find2() to the specified iface, which
could help if there are multple ifaces with the same prefix, but the
SO_BINDTODEVICE is used even if iface is not specified (based on iface
from the neighbor entry).

4) The code in bgp_check_config() still should enforce iface if
link-local address is used.

I will fix the incoming connections and the check and merge the patch.
Note that specifying the iface is just a workaround. We would like to
have a proper VRF support in the future.

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20170311/3b1b73b0/attachment.asc>


More information about the Bird-users mailing list