On Fri, Feb 28, 2020 at 04:42:02PM +0000, Bernard Metzler wrote: > Well, right, marking a socket via setsockopt SO_BINDTODEVICE > does not work - I get -EPERM. Maybe works only from user land > since the ifname gets copied in from there. > > What I tested as working is nailing the scope of wildcard > listen via: > s->sk->sk_bound_dev_if = netdev->ifindex; That sounds potentially right > I am not sure what is the right way of limiting the scope > of a socket to one interface in kernel mode. Is above line > the way to go, or do I miss an interface to do such things? > Anybody could help? I didn't find an alternative, but not a lot of places touching this outside the implementators of a socket type. Jason
