From f37db87f1676c821a4a3826a77bcafe29b28f80f Mon Sep 17 00:00:00 2001
From: David Gibson <david@gibson.dropbear.id.au>
Date: Tue, 2 Dec 2025 15:02:03 +1100
Subject: conf: More useful errors for kernels without SO_BINDTODEVICE

Before 5.7, the kernel didn't allow SO_BINDTODEVICE to be called
unprivileged.  That means for earlier kernels, we can't implement binding
listening sockets to a specific interface (e.g. -t %eth0/80).

Currently we'll generate an error on this at the point we actually attempt
the SO_BINDTODEVICE setsockopt(), at which point the connection to the
command line option might not be entirely clear.

Use the fact we now probe for SO_BINDTODEVICE support to make a clearer
error message at the time we parse the forwarding option.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 conf.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/conf.c b/conf.c
index 66b9e63..43bcaf3 100644
--- a/conf.c
+++ b/conf.c
@@ -156,6 +156,12 @@ static void conf_ports_range_except(const struct ctx *c, char optname,
 		    optname, optarg);
 	}
 
+	if (ifname && c->no_bindtodevice) {
+		die(
+"Device binding for '-%c %s' unsupported (requires kernel 5.7+)",
+		    optname, optarg);
+	}
+
 	for (i = first; i <= last; i++) {
 		if (bitmap_isset(exclude, i))
 			continue;
-- 
cgit v1.2.3