From: Claudio Jeker Subject: Re: [patch] allow IP_RECVIF setsockopt with inet pledge To: Matthew Luckie , tech@openbsd.org Date: Fri, 17 Apr 2026 13:37:56 +0200 On Fri, Apr 17, 2026 at 11:33:16AM +0100, Stuart Henderson wrote: > On 2026/04/16 08:25, Matthew Luckie wrote: > > Hi, > > > > I have written a small program that runs unpriviledged that uses > > IP_RECVIF to obtain the interface a UDP datagram arrives on. I would > > like to be able to pledge("inet stdio") but pledge does not allow > > IP_RECVIF. I think it should be able to -- pledge_sockopt() allows > > the equivalent functionality provided by IPV6_RECVPKTINFO. > > Adding this makes sense to me. While some software using this is able > to do it during init before pledging (e.g. ripd) that doesn't really > make sense for simpler software where this might be wanted, and as you > say, IPV6_RECVPKTINFO is allowed already. > > Does anyone disagree? If not, any thoughts on timing before/after > release? Agreed. I'm for doing this after release. We have too many other things to worry about right now. > > Attached is a one-line change to kern_pledge.c that allows for it. > > I've tested it in openbsd 7.8. I also noticed that ip.4 did not > > document existence of IP_RECVIF so I copied the description from > > freebsd's ip.4 man page and tweaked it (I believe IP_RECVIF is allowed > > for SOCK_RAW sockets too). > > Whatever happens with pledge, the ip(4) change is definitely useful > and probably makes sense for before release. > > > Patch is against HEAD. > > > > Matthew > > > > diff --git a/share/man/man4/ip.4 b/share/man/man4/ip.4 > > index 27e29612cd8..124c4685ce0 100644 > > --- a/share/man/man4/ip.4 > > +++ b/share/man/man4/ip.4 > > @@ -213,6 +213,35 @@ setsockopt(s, IPPROTO_IP, IP_MINTTL, &minttl, sizeof(minttl)); > > .Ed > > .Pp > > If the > > +.Dv IP_RECVIF > > +option is enabled on a > > +.Dv SOCK_DGRAM > > +or > > +.Dv SOCK_RAW > > +socket, the > > +.Xr recvmsg 2 > > +call returns a > > +.Vt "struct sockaddr_dl" > > +corresponding to the interface on which the > > +packet was received. > > +The > > +.Va msg_control > > +field in the > > +.Vt msghdr > > +structure points to a buffer that contains a > > +.Vt cmsghdr > > +structure followed by the > > +.Vt "struct sockaddr_dl" . > > +The > > +.Vt cmsghdr > > +fields have the following values: > > +.Bd -literal -offset indent > > +cmsg_len = CMSG_LEN(sizeof(struct sockaddr_dl)) > > +cmsg_level = IPPROTO_IP > > +cmsg_type = IP_RECVIF > > +.Ed > > +.Pp > > +If the > > .Dv IP_IPSECFLOWINFO > > option is enabled on a > > .Dv SOCK_DGRAM > > diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c > > index 21861720b8b..99c43580073 100644 > > --- a/sys/kern/kern_pledge.c > > +++ b/sys/kern/kern_pledge.c > > @@ -1475,6 +1475,7 @@ pledge_sockopt(struct proc *p, int set, int level, int optname) > > case IP_PORTRANGE: > > case IP_RECVDSTADDR: > > case IP_RECVDSTPORT: > > + case IP_RECVIF: > > return (0); > > case IP_MULTICAST_IF: > > case IP_MULTICAST_TTL: > > > -- :wq Claudio