[Bug 2784] Add native support for routing domains / VRF

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon Oct 23 15:07:52 AEDT 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2784

--- Comment #17 from Damien Miller <djm at mindrot.org> ---
Right now there are no use cases, these patches add them for the first
time.

The functionality in question here is:

1. Being able to tell sshd to listen in an explicit rdomain/VRF. This
is the first patch, implementing

ListenAddress addr[:port] [rdomain domain]

This seems like SO_BINDTODEVICE will work fine.

2. Being able to set the rdomain/VRF for sshd, so the user session as
well as any sockets created for forwardings end up in an rdomain. This
is the second patch, implementing

RDomain domain

I can't see how SO_BINDTODEVICE will work here, because it won't affect
sshd's child processes (e.g. the user's shell).

OpenBSD provides a setrtable(2) syscall to do this that has sensible
semantics: https://man.openbsd.org/setrtable.2

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list