MLVPN icon indicating copy to clipboard operation
MLVPN copied to clipboard

Published 20 hours ago verified publisher icon zehome

Add a filter function to enable bindhost to be device name, instead o…

Open markfoodyburton opened this issue 8 years ago • 7 comments

Add a filter function to enable bindhost to be device name, instead of an IP address. This means that if the IP address is dynamic, the correct IP address will still be found

The changes are made in config.c, so they happen only during config read (hence the configuration would need to be re-read on an IP address change).

One use for this is if the devices are (for instance) PPP devices where the IP address is dynamically allocated by the service provider.

markfoodyburton avatar Apr 07 '16 20:04 markfoodyburton

Thank you,

yes, that's something I want to do but not this way. As you said, the address lookup would be incorrect when the ip address of the interface changes. It's also incorrect if the interface have multiple adresses and if the interface is IPv6 only.

In order do to it the proper way, we have to listen to kernel events. (libnl3 / bsd equivalent)

See another attempt in branch bindtodev: 89b59dd2273be091ee9dcfdd60bdda7df107bd5b + b06af8ba112d0d5b478d1ff9549c7132671f3e5f I don't remember if that works or not.

zehome avatar Apr 07 '16 20:04 zehome

That other approach is MUCH cleaner than this one. And simpler too, and doesn't require listening to kernel events I dont think... - whether it works through an interface going down/up, I dont know. Anyway - I'll close this, because its not the right approach

markfoodyburton avatar Apr 08 '16 18:04 markfoodyburton

I applied the two commits and can confirm that they do indeed work when the interface goes down/up.

@zehome Could you merge the commits into master please?

stapelberg avatar Oct 23 '16 11:10 stapelberg

Ok I'll look into it as soon as possible

zehome avatar Oct 23 '16 20:10 zehome

FWIW, there is one nit that should be addressed when merging: currently, the binddev option is only effective when bindhost is also specified, but the two should be independent. I’ve changed this in my local source tree and am successfully using binddev without bindhost.

stapelberg avatar Oct 23 '16 21:10 stapelberg

@zehome any update on this?

coral avatar Nov 21 '17 21:11 coral

This is a pretty old ticket, but I would like to rehash this.

systemd-network makes it really easy to create routing tables that match on the interface name, this automatically catches all the dhcp router and essentially ensures that only traffic going down that interface will infact use those routing rules. This has added benefits that make it possible to have links on different networks that both share 192.168.1.0/24 subsets without fear of conflicting.

IE:

# /etc/systemd/network/mv-linknyc.network
[Match]
Name=mv-enp0s29f7u1

[Link]
ActivationPolicy=always-up
RequiredForOnline=false

[Network]
DHCP=yes

[RoutingPolicyRule]
OutgoingInterface=mv-enp0s29f7u1
Table=53

[DHCPv4]
RouteTable=53

[IPv6AcceptRA]
RouteTable=53

It is possible to add source rules, but several of my hot spots do not allow changing the subnet and are very unreliable to give my machine the same IP address after going to sleep.

It would be great if I could just bind to the interface and have the traffic just do the right thing.

georgyo avatar Dec 30 '21 02:12 georgyo