On Tue, Dec 28, 2021 at 06:34:28PM +0100, Alexander Zubkov wrote: > Hi, > > I want to bring this question up again. In our company we use it in > production with patches, but I think it would be useful in upstream > version too. > Short version of the story: bird can try to bind socket when > IP-address is absent in the system, it will result in a error and the > protocol will remain in down state after that. Suggested change is to > allow it to bind non-local addresses. > > If this variant is OK, than the next step is to choose wether it would > be some configuration option or maybe a compile-time flag.
Hi My main objection is that whether to use IP_FREEBIND should be primarily developer decision, not admin decision. Either the code should work correctly without IP_FREEBIND, or we should use it always or automatically when necessary. I looked for disadvantages of always using IP_FREEBIND, i found nothing except that in case of misconfigured IP address it does not report error. But BIRD (and modern daemons in general) are supposed to wait for IP to appear instead of assuming that all valid IPs are available when daemon starts, so this is not an issue. So it makes sense to use IP_FREEBIND by default if available. So i think that there could be a protocol option for freebind, which should have platform-specific defaults (like rt_default_ecmp is platform-specific default for ECMP option), independently for IPv4 and IPv6. This option is primarily intended for disabling freebind in case of some unexpected case where it is not desirable. Also note that the patch does not handle IPv6 case (there is IPV6_FREEBIND) and BSD case (there is IP_BINDANY, which seems that does the same, but it is less clear and requires some privilege, so perhaps it makes sense to skip it or not make it default). I will try the patch, modify it and merge it. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."