Re: [PATCH net-next 2/2] net: geneve: enable local address bind for geneve sockets
From: Richard Gobert
Date: Tue Feb 27 2024 - 04:04:01 EST
Eyal Birger wrote:
> Hi,
>
> On Thu, Feb 22, 2024 at 12:54 PM Richard Gobert
> <richardbgobert@xxxxxxxxx> wrote:
>>
>> This patch adds support for binding to a local address in geneve sockets.
>
> Thanks for adding this.
>
>> It achieves this by adding a geneve_addr union to represent local address
>> to bind to, and copying it to udp_port_cfg in geneve_create_sock.
>
> AFICT in geneve_sock_add(), geneve_socket_create() is only called if there's
> no existing open socket with the GENEVE destination port. As such, wouldn't
> this bind work only for the first socket in the namespace?
>
> If that is the case, then perhaps binding the socket isn't the right
> approach, and instead geneve_lookup() should search for the tunnel based on
> both the source and destination IPs.
>
> Am I missing something?
>
> Eyal
You are right, I missed it.
Binding the socket is the main reason for the patch, to prevent exposing
the geneve port on all interfaces.
I think it should be searched in geneve{6}_lookup and in geneve_find_sock:
static struct geneve_sock *geneve_find_sock(struct geneve_net *gn,
sa_family_t family,
union geneve_addr *saddr)
{
struct geneve_sock *gs;
list_for_each_entry(gs, &gn->sock_list, list) {
struct inet_sock *inet = inet_sk(gs->sock->sk);
if (inet->inet_sport == dst_port && geneve_get_sk_family(gs) == family) {
if (family == AF_INET && inet->inet_rcv_saddr == saddr->sin.sin_addr.s_addr)
return gs;
...
This is also true for VXLAN
What do you think?
Thanks