On Tue, Mar 07, 2017 at 04:50:34PM +0000, Fritz Grimpen wrote:

Hi.

Here is a small patch which allows non-zero address scopes on non-link-local addresses. This is required to create connections inside a VRF domain, as the Linux kernel documentation states.

Hi I would accept the patch, but i have some comments / questions. 1) I suppose the iface used as argument is the real iface, not the VRF iface. 2) IMHO the patch will work just for outgoing single hop connections. Incoming connections are still dispatched regardless of iface option. It also does not work for multihop sessions (IBGP). Fixing incoming connections would be easy, fixing multihop not so. 3) The patch comment says 'while for connecting sockets setting the SO_BINDTODEVICE sockopt is neccessary', but that is irrelevant to how the patch works. It only restrict neigh_find2() to the specified iface, which could help if there are multple ifaces with the same prefix, but the SO_BINDTODEVICE is used even if iface is not specified (based on iface from the neighbor entry). 4) The code in bgp_check_config() still should enforce iface if link-local address is used. I will fix the incoming connections and the check and merge the patch. Note that specifying the iface is just a workaround. We would like to have a proper VRF support in the future. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."