[PATCH] IP_SENDIF option; rework ip_output() source selection logic

Bruce M Simpson bms at incunabulum.net
Sun Mar 4 22:25:07 UTC 2007


Thanks to andre making a start on this, I have managed to get the 
IP_SENDIF option implemented today in p4 bms_netdev. Here's a patch 
against -CURRENT:

For those who are new to this work:
   IP_SENDIF is broadly an analogue of the Linux socket option 
SO_BINDTODEVICE. It is used to bypass the traditional BSD source 
interface selection logic. It is a sledgehammer hack used to output 
datagrams on a specific interface which may not yet have an address, 
e.g. for DHCP. Judicious use of this option, together with IP_ONESBCAST, 
will make it possible for dhclient to run without BPF support in the 
base system.

There are a few remaining issues around this code which need to be dealt 
with. These are:

 * Fix IP_SENDIF and IP_SENDSRCADDR for unbound sockets.
This goes without saying. For these options to be useful the socket 
should not have to be bound anywhere. The fact that IP_SENDSRCADDR is 
currently broken contradicts both our documentation and UNIX Network 
Programming Vol 1 3rd Edition.

 * Allow IP_SENDIF to be used from the raw IP output path.
Some people might want to do this.

 * Add a specific privilege level for IP_SENDIF.
Currently it requires the 'open raw socket' privilege, as it is Not 
Normal Behaviour.

 * Disable hardware checksums on output, if we have to do that.
My testing with msk(4) suggests this might not be needed.

When/if we adopt NetBSD's source selection policy concept (e.g. for 
fully supporting link-local IPv4) this code will most likely have to be 
updated, and/or when/if we adopt equal-cost multipath.

The hack IP_ONESBCAST itself may eventually be eliminated by doing 
things slightly differently in the forwarding trie i.e. using interface 
preference and/or IP_SENDIF and populating the trie with 


More information about the freebsd-net mailing list