From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com
Authentication-Results: passt.top;
	dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=YJlgIYn0;
	dkim-atps=neutral
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	by passt.top (Postfix) with ESMTPS id 901FC5A0271
	for <passt-dev@passt.top>; Sun, 11 Jan 2026 00:33:21 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1768088000;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=vq/atNlXEdDFoS3fk+PDBoW+MTXLGDX4TTElhKhcNrU=;
	b=YJlgIYn0OML4gmL5sOX6GEjPe2TBRbW1dOZ7d3wAOMJKi4hszqpOwoyuoTL2aNjFlhLZBC
	hRJwfTSlr4jJRELbVT7FDlEkq5vDUkqwFnPl3nYn7tQGqsIpJP4udpPg19bZ+w2OBhHWmo
	X9AXBqbCfEVoIC1AOjCvnQVzBTDtnQ8=
Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com
 [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-650-PMkz-4iJM1GkOW44NbpAvg-1; Sat, 10 Jan 2026 18:33:19 -0500
X-MC-Unique: PMkz-4iJM1GkOW44NbpAvg-1
X-Mimecast-MFC-AGG-ID: PMkz-4iJM1GkOW44NbpAvg_1768087998
Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-477b8a667bcso62230095e9.2
        for <passt-dev@passt.top>; Sat, 10 Jan 2026 15:33:19 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768087997; x=1768692797;
        h=content-transfer-encoding:mime-version:organization:references
         :in-reply-to:message-id:subject:cc:to:from:date:x-gm-gg
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=vq/atNlXEdDFoS3fk+PDBoW+MTXLGDX4TTElhKhcNrU=;
        b=WlBvYbzHcwOEKcfIkVGHv7/+dmWeiUmFb9/CVc0YD07uYlL5JlB84B01bkX0X3MC1i
         W8PkiSog8wO3AAyH1m9KFPJNndvDC9PPYa/Uzd0XF9By97io1uoko9S9PCgKiJc3T6sc
         0MrGzl1ymG4kvbnaGaTkPkfvY7OE6xC80Mme9hKe4DUDyUsSQAfp6ILcABoRSw1y9x8V
         c/onk1Aty0LhoplhfK/LF//k4yRLXrMXDnm62zxMAYpuapR8XmQ0EN6ncA8AJf2WoxW0
         9W1Le14jfcnxuM4Q4wUQp9T+AnXUEsSqJhGJx2JcKViYSNW5+0lN6t1EbmgU0DtCcz/R
         Uujg==
X-Gm-Message-State: AOJu0YzDBGyTPOB0C6Xn3YpiFPky/NX7oNh6j5gmat5lvX2vhxBhvVPo
	+HDM7lbK3IDGfWdhx4qyHV+n7hyUL+i+lalmGhoyF9+nMSsiUODqp/tJVatUgnujBcjQvLHeO/Q
	X+PF7vMac5559Y40UyNw0toyIuuOcOevQbi9hzGsjyVznahjYiExW5RNA/iP1Jw==
X-Gm-Gg: AY/fxX56H6IL9Kb4bWeMHOnPAjAL1OCq46kioaazi1Jw+osVpLSynxqN+nH3LBK882U
	P75gVHgDofZ1jvSAcnNZlhIWyHQb3GdwRlSn0cB4Um/EbDnF+/YPb3admFDhv7zbKvvOm6evi6u
	UMqwkjQoaniwaJ633+ud1fbMrts5+s0BiMsfQSXoPNGbMnCYlJiLmcqlxM0aiGI3JfUoa0C8NCg
	wFkT/Hcx/clu9rosY5ez3Kt7gBLz7GLfEw8Ciha+Fqt12jAYF0gDeBbnAEqRK+o11CxXaUHBY0j
	1AlbDG911N84oOVGMTg3XG6JUP2FZ0r14jQCwQIBCQHY4g8Y2RnddMIrPFAGp4+M2gDay3bXdLX
	NvA91ebJknDXPcUPbBQlAl5zqtDa7TpjJ8qkOKQ==
X-Received: by 2002:a05:600c:474f:b0:475:e067:f23d with SMTP id 5b1f17b1804b1-47d84b41294mr150177905e9.25.1768087997120;
        Sat, 10 Jan 2026 15:33:17 -0800 (PST)
X-Google-Smtp-Source: AGHT+IF43hJb197Ug+4bYErvG0DKurssYrQRpqslwktbZzfixebeNS92w5XwS/+S54VImVEcpXAqAQ==
X-Received: by 2002:a05:600c:474f:b0:475:e067:f23d with SMTP id 5b1f17b1804b1-47d84b41294mr150177805e9.25.1768087996677;
        Sat, 10 Jan 2026 15:33:16 -0800 (PST)
Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [176.103.220.4])
        by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-432d286cdecsm16256449f8f.7.2026.01.10.15.33.15
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 10 Jan 2026 15:33:15 -0800 (PST)
Date: Sun, 11 Jan 2026 00:33:14 +0100
From: Stefano Brivio <sbrivio@redhat.com>
To: David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [PATCH 1/3] conf: Introduce --no-bindtodevice option for
 testing
Message-ID: <20260111003314.2e24f648@elisabeth>
In-Reply-To: <20260105082850.1985300-2-david@gibson.dropbear.id.au>
References: <20260105082850.1985300-1-david@gibson.dropbear.id.au>
	<20260105082850.1985300-2-david@gibson.dropbear.id.au>
Organization: Red Hat
X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu)
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: O32ojaOmiH0tL1oHPpywANndFAngu3i73_LymRfyyJo_1768087998
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID-Hash: NL4YXWR4NNH754TQGF76Q2LHBH73DPOP
X-Message-ID-Hash: NL4YXWR4NNH754TQGF76Q2LHBH73DPOP
X-MailFrom: sbrivio@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20260111003314.2e24f648@elisabeth/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/NL4YXWR4NNH754TQGF76Q2LHBH73DPOP/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

On Mon,  5 Jan 2026 19:28:48 +1100
David Gibson <david@gibson.dropbear.id.au> wrote:

> We need to support (as best we can) older kernels which don't allow
> unprivilieged processes to use the SO_BINDTODEVICE socket option.

Nit: unprivileged

> Fallcaks for that case are controlled by the c->no_bindtodevice variable.

Fallbacks

> Currently testing behaviour of those fallbacks requires setting up a test
> system with a kernel that doesn't support the option, which is pretty
> awkward.  We can test it almost as well and much more easily by adding a
> command line option to explicitly disable use of SO_BINDTODEVICE.

It's kind of hard to understand if this patch entirely does that, I
think.

We still have a separate, implicit probing of SO_BINDTODEVICE in
sock_l4_(), which is perhaps excluded by c->no_bindtodevice (but then
the comment is misleading?).

> Like --no-splice this is envisaged as something for developers' and
> testers' convenience, not a supported option for end users.  The man page
> text reflects that.

I never really understood the point of --no-splice, as there was no
user request whatsoever behind it, but fine, the argument was that it
added some needed functionality, even though I couldn't quite grasp
which one it was.

However, with this, the question is where we draw the line. There are
probably other options we could use to make debugging or testing
slightly simpler, but if they don't offer actual functionality, we
always kept them out so far.

That's because we already have a long list of options and making it
unnecessarily longer is a disservice to users, I think.

Would using something like this:

  sed -i 's/(\(setsockopt([a-z]*, SOL_SOCKET, SO_BINDTODEVICE\)/((errno = EPERM) || \1/g' *.c

be totally outrageous, for testing purposes?

It has the advantage of making it easier to verify if we're really
disabling the usage of SO_BINDTODEVICE on all the paths (together with
grep / git / editors), and not introducing additional command line
options.

Another trick I use sometimes to selectively disable or enable kernel
features is to handle system calls via seitan, in this case the
(simple) recipe would something like:

[
  {
    "match": [
      { "setsockopt": { "level": socket", "name": "bindtodevice" } }
    ],
    "return": { "value": "EPERM", "error": -1 }
  }
]

but I haven't implemented setsockopt() yet. :(

> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> ---
>  conf.c  | 2 ++
>  passt.1 | 6 ++++++
>  2 files changed, 8 insertions(+)
> 
> diff --git a/conf.c b/conf.c
> index ceb9aa55..70ea168c 100644
> --- a/conf.c
> +++ b/conf.c
> @@ -962,6 +962,7 @@ static void usage(const char *name, FILE *f, int status)
>  		"  --no-ndp		Disable NDP responses\n"
>  		"  --no-dhcpv6		Disable DHCPv6 server\n"
>  		"  --no-ra		Disable router advertisements\n"
> +		"  --no-bindtodevice	Disable SO_BINDTODEVICE\n"
>  		"  --freebind		Bind to any address for forwarding\n"
>  		"  --no-map-gw		Don't map gateway address to host\n"
>  		"  -4, --ipv4-only	Enable IPv4 operation only\n"
> @@ -1454,6 +1455,7 @@ void conf(struct ctx *c, int argc, char **argv)
>  		{"no-dhcpv6",	no_argument,		&c->no_dhcpv6,	1 },
>  		{"no-ndp",	no_argument,		&c->no_ndp,	1 },
>  		{"no-ra",	no_argument,		&c->no_ra,	1 },
> +		{"no-bindtodevice", no_argument,	&c->no_bindtodevice, 1},
>  		{"no-splice",	no_argument,		&c->no_splice,	1 },
>  		{"freebind",	no_argument,		&c->freebind,	1 },
>  		{"no-map-gw",	no_argument,		&no_map_gw,	1 },
> diff --git a/passt.1 b/passt.1
> index db0d6620..4859d9e5 100644
> --- a/passt.1
> +++ b/passt.1
> @@ -348,6 +348,12 @@ namespace will be silently dropped.
>  Disable Router Advertisements. Router Solicitations coming from guest or target
>  namespace will be ignored.
>  
> +.TP
> +.BR \-\-no-bindtodevice
> +Development/testing option, do not use.  Disables use of
> +SO_BINDTODEVICE socket option.  Implicitly enabled on older kernels
> +which don't permit unprivileged use of SO_BINDTODEVICE.
> +
>  .TP
>  .BR \-\-freebind
>  Allow any binding address to be specified for \fB-t\fR and \fB-u\fR

The change looks otherwise good to me... I just hope we can avoid it
somehow, but if not, so be it.

-- 
Stefano