From: David Gwynne Subject: Re: [patch] allow IP_RECVIF setsockopt with inet pledge To: Matthew Luckie Cc: OpenBSD Tech Date: Sat, 18 Apr 2026 14:11:22 +1000 > On 18 Apr 2026, at 03:00, Matthew Luckie wrote: > > On Fri, Apr 17, 2026 at 11:33:16AM +0100, Stuart Henderson wrote: >> On 2026/04/16 08:25, Matthew Luckie wrote: >>> Hi, >>> >>> I have written a small program that runs unpriviledged that uses >>> IP_RECVIF to obtain the interface a UDP datagram arrives on. I would >>> like to be able to pledge("inet stdio") but pledge does not allow >>> IP_RECVIF. I think it should be able to -- pledge_sockopt() allows >>> the equivalent functionality provided by IPV6_RECVPKTINFO. >> >> Adding this makes sense to me. While some software using this is able >> to do it during init before pledging (e.g. ripd) that doesn't really >> make sense for simpler software where this might be wanted, and as you >> say, IPV6_RECVPKTINFO is allowed already. > > The model of setting IP_RECVIF at init before pledging works for my > current use case as well. I should have thought more carefully about > that. So, I don't need the patch to kern_pledge.c given other concern > in this thread. Sorry for the noise (but hopefully the ip.4 patch is > still useful) my 2c reflects what you just figured out here. IP_RECVIF makes the most sense on "listening" datagram sockets, so setting that up at bind time and before pledge is reasonable.