On Fri, Apr 17, 2026 at 11:33:16AM +0100, Stuart Henderson wrote:
> On 2026/04/16 08:25, Matthew Luckie wrote:
> > Hi,
> > 
> > I have written a small program that runs unpriviledged that uses
> > IP_RECVIF to obtain the interface a UDP datagram arrives on.  I would
> > like to be able to pledge("inet stdio") but pledge does not allow
> > IP_RECVIF.  I think it should be able to -- pledge_sockopt() allows
> > the equivalent functionality provided by IPV6_RECVPKTINFO.
> 
> Adding this makes sense to me. While some software using this is able
> to do it during init before pledging (e.g. ripd) that doesn't really
> make sense for simpler software where this might be wanted, and as you
> say, IPV6_RECVPKTINFO is allowed already.
> 
> Does anyone disagree?  If not, any thoughts on timing before/after
> release?

Agreed. I'm for doing this after release. We have too many other things to
worry about right now.
 
> > Attached is a one-line change to kern_pledge.c that allows for it.
> > I've tested it in openbsd 7.8.  I also noticed that ip.4 did not
> > document existence of IP_RECVIF so I copied the description from
> > freebsd's ip.4 man page and tweaked it (I believe IP_RECVIF is allowed
> > for SOCK_RAW sockets too).
> 
> Whatever happens with pledge, the ip(4) change is definitely useful
> and probably makes sense for before release.
> 
> > Patch is against HEAD.
> > 
> > Matthew
> > 
> > diff --git a/share/man/man4/ip.4 b/share/man/man4/ip.4
> > index 27e29612cd8..124c4685ce0 100644
> > --- a/share/man/man4/ip.4
> > +++ b/share/man/man4/ip.4
> > @@ -213,6 +213,35 @@ setsockopt(s, IPPROTO_IP, IP_MINTTL, &minttl, sizeof(minttl));
> >  .Ed
> >  .Pp
> >  If the
> > +.Dv IP_RECVIF
> > +option is enabled on a
> > +.Dv SOCK_DGRAM
> > +or
> > +.Dv SOCK_RAW
> > +socket, the
> > +.Xr recvmsg 2
> > +call returns a
> > +.Vt "struct sockaddr_dl"
> > +corresponding to the interface on which the
> > +packet was received.
> > +The
> > +.Va msg_control
> > +field in the
> > +.Vt msghdr
> > +structure points to a buffer that contains a
> > +.Vt cmsghdr
> > +structure followed by the
> > +.Vt "struct sockaddr_dl" .
> > +The
> > +.Vt cmsghdr
> > +fields have the following values:
> > +.Bd -literal -offset indent
> > +cmsg_len = CMSG_LEN(sizeof(struct sockaddr_dl))
> > +cmsg_level = IPPROTO_IP
> > +cmsg_type = IP_RECVIF
> > +.Ed
> > +.Pp
> > +If the
> >  .Dv IP_IPSECFLOWINFO
> >  option is enabled on a
> >  .Dv SOCK_DGRAM
> > diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
> > index 21861720b8b..99c43580073 100644
> > --- a/sys/kern/kern_pledge.c
> > +++ b/sys/kern/kern_pledge.c
> > @@ -1475,6 +1475,7 @@ pledge_sockopt(struct proc *p, int set, int level, int optname)
> >  		case IP_PORTRANGE:
> >  		case IP_RECVDSTADDR:
> >  		case IP_RECVDSTPORT:
> > +		case IP_RECVIF:
> >  			return (0);
> >  		case IP_MULTICAST_IF:
> >  		case IP_MULTICAST_TTL:
> > 
> 

-- 
:wq Claudio