Thank you, David, for the explanation. I have found that I cannot set the SO_BINDTODEVICE socket option, apparently because I do not have the CAP_NET_RAW capability. Can anyone explain why the kernel requires the CAP_NET_RAW capability in order to set the SO_BINDTODEVICE option? All documentation for the CAP_NET_RAW capability indicates that it is intended to restrict the use of RAW and PACKET sockets. It makes sense that use of RAW and PACKET sockets would be restricted by a capability. But it seems like it should be possible to bind a UDP socket to a device, regardless of capabilities. If the intention of CAP_NET_RAW is to restrict use of RAW and PACKET sockets, wouldn't it be adequate to check the capability at the time a socket is created, and remove the capability check from SO_BINDTODEVICE? Thanks, Jon -- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
