Bug 52978 - Binding to an interface instead of an address
Summary: Binding to an interface instead of an address
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Core (show other bugs)
Version: 2.5-HEAD
Hardware: PC Linux
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-03-23 13:20 UTC by Alexandre Ferrieux
Modified: 2012-03-23 13:49 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandre Ferrieux 2012-03-23 13:20:59 UTC

    
Comment 1 Alexandre Ferrieux 2012-03-23 13:28:16 UTC
Are there any plans to make use of SO_BINDTODEVICE, as has been proposed by various patchers over the years, to allow Apache to bind to a specific device rather than address ?

The typical use case is a VRRP-managed address that  is *not* owned by the host at the time httpd starts. It then fails with the regular bind() syscall.

With     setsockopt(..., SO_BINDTODEVICE, "ethX", ...); on could simply bind to the device, and any floating IP subsequently attached to it (with VRRP or manual "ip addr add" commands) could receive requests.

Of course, people usually don't care because INADDR_ANY satisfies most simple uses. However, there are real life setups where one wants to restrict to one interface for security reasons, or for modularity (because another service or Apache instance runs on the same port on another interface).

The SO_BINDTODEVICE method could easily be triggered by a syntax extension to Listen, as has also been proposed by those who do it by hand.