[Bug 2784] Add native support for routing domains / VRF
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Mon Oct 23 15:07:52 AEDT 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2784
--- Comment #17 from Damien Miller <djm at mindrot.org> ---
Right now there are no use cases, these patches add them for the first
time.
The functionality in question here is:
1. Being able to tell sshd to listen in an explicit rdomain/VRF. This
is the first patch, implementing
ListenAddress addr[:port] [rdomain domain]
This seems like SO_BINDTODEVICE will work fine.
2. Being able to set the rdomain/VRF for sshd, so the user session as
well as any sockets created for forwardings end up in an rdomain. This
is the second patch, implementing
RDomain domain
I can't see how SO_BINDTODEVICE will work here, because it won't affect
sshd's child processes (e.g. the user's shell).
OpenBSD provides a setrtable(2) syscall to do this that has sensible
semantics: https://man.openbsd.org/setrtable.2
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list