[PATCH net-next v5 0/5] net: add local address bind support to vxlan and geneve

From: Richard Gobert
Date: Tue Aug 12 2025 - 08:56:04 EST

Next message: Diederik de Haas: "Re: [PATCH v2 0/7] media: rkvdec: Add HEVC backend"
Previous message: Richard Gobert: "[PATCH net-next v5 1/5] net: udp: add freebind option to udp_sock_create"
Next in thread: Richard Gobert: "[PATCH net-next v5 1/5] net: udp: add freebind option to udp_sock_create"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Currently, vxlan sockets are always bound to 0.0.0.0. For security, it is
better to bind to the specific interface on which traffic is expected.

This series adds a netlink option that makes vxlan sockets bind to their
local addresses. The option is disabled by default as it can potentially
break existing network.

This series also adds a local address option to geneve, similar to vxlan.
The geneve socket is bound to the local address by default.

v4 -> v5:
- Fix whitespace issues
- Fix IPv6 compilation errors
- Add missing documentation
- Add selftest to test localbind functionality
- Change localbind option in VXLAN to be non-default
- v4: https://lore.kernel.org/netdev/20250717115412.11424-1-richardbgobert@xxxxxxxxx/

v3 -> v4:
- Fix a problem where vxlan socket is bound before its outgoing interface is up
- v3: https://lore.kernel.org/netdev/20240711131411.10439-1-richardbgobert@xxxxxxxxx/

v2 -> v3:
- Fix typo and nit problem (Simon)
- v2: https://lore.kernel.org/netdev/20240708111103.9742-1-richardbgobert@xxxxxxxxx/

v1 -> v2:
- Change runtime checking of CONFIG_IPV6 to compile time in geneve
- Change {geneve,vxlan}_find_sock to check listening address
- Fix incorrect usage of IFLA_VXLAN_LOCAL6 in geneve
- Use NLA_POLICY_EXACT_LEN instead of changing strict_start_type in geneve
- v1: https://lore.kernel.org/netdev/df300a49-7811-4126-a56a-a77100c8841b@xxxxxxxxx/

Richard Gobert (5):
net: udp: add freebind option to udp_sock_create
net: vxlan: add netlink option to bind vxlan sockets to local
addresses
net: vxlan: bind vxlan sockets to their local address if configured
net: geneve: enable binding geneve sockets to local addresses
selftests/net: add vxlan localbind selftest

Documentation/netlink/specs/rt-link.yaml | 8 +
drivers/net/geneve.c | 80 ++++-
drivers/net/vxlan/vxlan_core.c | 102 +++++-
include/net/geneve.h | 6 +
include/net/udp_tunnel.h | 3 +-
include/net/vxlan.h | 1 +
include/uapi/linux/if_link.h | 3 +
net/ipv4/udp_tunnel_core.c | 1 +
net/ipv6/ip6_udp_tunnel.c | 1 +
tools/include/uapi/linux/if_link.h | 3 +
tools/testing/selftests/net/Makefile | 1 +
.../selftests/net/test_vxlan_localbind.sh | 306 ++++++++++++++++++
12 files changed, 490 insertions(+), 25 deletions(-)
create mode 100755 tools/testing/selftests/net/test_vxlan_localbind.sh

--
2.36.1

Next message: Diederik de Haas: "Re: [PATCH v2 0/7] media: rkvdec: Add HEVC backend"
Previous message: Richard Gobert: "[PATCH net-next v5 1/5] net: udp: add freebind option to udp_sock_create"
Next in thread: Richard Gobert: "[PATCH net-next v5 1/5] net: udp: add freebind option to udp_sock_create"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]