• David Herrmann's avatar
    net: introduce SO_BINDTOIFINDEX sockopt · f5dd3d0c
    David Herrmann authored
    This introduces a new generic SOL_SOCKET-level socket option called
    SO_BINDTOIFINDEX. It behaves similar to SO_BINDTODEVICE, but takes a
    network interface index as argument, rather than the network interface
    name.
    
    User-space often refers to network-interfaces via their index, but has
    to temporarily resolve it to a name for a call into SO_BINDTODEVICE.
    This might pose problems when the network-device is renamed
    asynchronously by other parts of the system. When this happens, the
    SO_BINDTODEVICE might either fail, or worse, it might bind to the wrong
    device.
    
    In most cases user-space only ever operates on devices which they
    either manage themselves, or otherwise have a guarantee that the device
    name will not change (e.g., devices that are UP cannot be renamed).
    However, particularly in libraries this guarantee is non-obvious and it
    would be nice if that race-condition would simply not exist. It would
    make it easier for those libraries to operate even in situations where
    the device-name might change under the hood.
    
    A real use-case that we recently hit is trying to start the network
    stack early in the initrd but make it survive into the real system.
    Existing distributions rename network-interfaces during the transition
    from initrd into the real system. This, obviously, cannot affect
    devices that are up and running (unless you also consider moving them
    between network-namespaces). However, the network manager now has to
    make sure its management engine for dormant devices will not run in
    parallel to these renames. Particularly, when you offload operations
    like DHCP into separate processes, these might setup their sockets
    early, and thus have to resolve the device-name possibly running into
    this race-condition.
    
    By avoiding a call to resolve the device-name, we no longer depend on
    the name and can run network setup of dormant devices in parallel to
    the transition off the initrd. The SO_BINDTOIFINDEX ioctl plugs this
    race.
    Reviewed-by: default avatarTom Gundersen <teg@jklm.no>
    Signed-off-by: default avatarDavid Herrmann <dh.herrmann@gmail.com>
    Acked-by: default avatarWillem de Bruijn <willemb@google.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    f5dd3d0c
socket.h 2.52 KB