Re: multicast packet delivery: filtered by interface?

From: Jon McAllister
Date: Mon Nov 24 2008 - 11:17:04 EST


Thank you, David, for the explanation.

I have found that I cannot set the SO_BINDTODEVICE socket option,
apparently because I do not have the CAP_NET_RAW capability. Can
anyone explain why the kernel requires the CAP_NET_RAW capability in
order to set the SO_BINDTODEVICE option? All documentation for the
CAP_NET_RAW capability indicates that it is intended to restrict the
use of RAW and PACKET sockets. It makes sense that use of RAW and
PACKET sockets would be restricted by a capability. But it seems like
it should be possible to bind a UDP socket to a device, regardless of
capabilities. If the intention of CAP_NET_RAW is to restrict use of
RAW and PACKET sockets, wouldn't it be adequate to check the
capability at the time a socket is created, and remove the capability
check from SO_BINDTODEVICE?

Thanks,
Jon
--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html