From 6e73af25c5008b4330ad14b5e22b94fff8771eb9 Mon Sep 17 00:00:00 2001
From: Marvin Gaube <dev@marvingaube.de>
Date: Wed, 15 Sep 2021 22:53:33 +0200
Subject: global: support binding the transport socket to a device

This patch depends on da5095d052860baa7fe2932fb1209628dd3e3813
from udp_tunnel module, and allows to bind the transport socket
to a specific interface.

With this patch, it is possible to use wireguard with VRFs:
The transport uses a separate "WAN" VRF, cleanly isolating
Local/VPN and WAN Routing.

The userspace API is designed to transmit the device index of
the device to listen on. Listening on a device does only work if
the socketdev_index is set/changed before the socket is brought up.

Signed-off-by: Marvin Gaube <dev@marvingaube.de>
---
 src/socket.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'src/socket.c')

diff --git a/src/socket.c b/src/socket.c
index 0473976..8ef44c1 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -370,8 +370,18 @@ int wg_socket_init(struct wg_device *wg, u16 port)
 		.use_udp6_rx_checksums = true,
 		.ipv6_v6only = true
 	};
+	if (wg->socketdev_index > 0) {
+		port6.bind_ifindex = wg->socketdev_index;
+	} else {
+		port6.bind_ifindex = 0;
+	}
 #endif
 
+	if (wg->socketdev_index > 0) {
+		port4.bind_ifindex = wg->socketdev_index;
+	} else {
+		port4.bind_ifindex = 0;
+	}
 	rcu_read_lock();
 	net = rcu_dereference(wg->creating_net);
 	net = net ? maybe_get_net(net) : NULL;
-- 
cgit v1.2.3