summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias Schiffer <mschiffer@universe-factory.net>2015-01-28 18:45:01 +0100
committerMatthias Schiffer <mschiffer@universe-factory.net>2015-01-28 18:45:01 +0100
commit5fe94a49df4cb685676c5924455354ac5f17075c (patch)
tree7956df71a20df8a10b1d7d26681cf77f24ed95d3
parent434bfbc3d19876a4ecd72bfa2058031a39656b53 (diff)
downloadfastd-5fe94a49df4cb685676c5924455354ac5f17075c.tar
fastd-5fe94a49df4cb685676c5924455354ac5f17075c.zip
doc: clarify bind option behaviour
-rw-r--r--doc/source/manual/config.rst25
1 files changed, 16 insertions, 9 deletions
diff --git a/doc/source/manual/config.rst b/doc/source/manual/config.rst
index 9f7d50c..f9d874e 100644
--- a/doc/source/manual/config.rst
+++ b/doc/source/manual/config.rst
@@ -35,17 +35,15 @@ Example config:
include peers from "peers";
-| ``bind <IPv4 address>:<port> [ interface "<interface>" ] [ default [ ipv4 ] ];``
-| ``bind <IPv6 address>:<port> [ interface "<interface>" ] [ default [ ipv6 ] ];``
-| ``bind any:<port> [ interface "<interface>" ] [ default [ ipv4|ipv6 ] ];``
-| ``bind <IPv4 address> port <port> [ interface "<interface>" ] [ default [ ipv4 ] ];``
-| ``bind <IPv6 address> port <port> [ interface "<interface>" ] [ default [ ipv6 ] ];``
-| ``bind any port <port> [ interface "<interface>" ] [ default [ ipv4|ipv6 ] ];``
+| ``bind <IPv4 address>[:<port>] [ interface "<interface>" ] [ default [ ipv4 ] ];``
+| ``bind <IPv6 address>[:<port>] [ interface "<interface>" ] [ default [ ipv6 ] ];``
+| ``bind any[:<port>] [ interface "<interface>" ] [ default [ ipv4|ipv6 ] ];``
+| ``bind <IPv4 address> [port <port>] [ interface "<interface>" ] [ default [ ipv4 ] ];``
+| ``bind <IPv6 address> [port <port>] [ interface "<interface>" ] [ default [ ipv6 ] ];``
+| ``bind any [port <port>] [ interface "<interface>" ] [ default [ ipv4|ipv6 ] ];``
Sets the bind address, port and possibly interface. May be specified multiple times. The keyword
- any makes fastd bind to the unspecified address for both IPv4 and IPv6. When
- no bind address is configured at all, for each outgoing connection a new socket with a random
- port is created.
+ any makes fastd bind to the unspecified address for both IPv4 and IPv6.
IPv6 address must be put in square brackets. It is possible to specify an IPv6 link-local address
with an interface in the usual notation (e.g. [fe80::1%eth0]).
@@ -53,6 +51,15 @@ Example config:
The default option makes it the default address for outgoing connections
for IPv4, IPv6 or both.
+ When an address without port or with port 0 is configured, a new socket with a random
+ port will be created for each outgoing connection. This has the side effect that the
+ options for packet marks and interface-specific binds (except IPv6 link-local addresses) will only work with the
+ ``CAP_NET_ADMIN`` capability (option ``drop capabilities no`` when fastd is built with
+ capability support, root privileges otherwise).
+
+ Configuring no bind address at all is equivalent to the setting ``bind any``, meaning fastd
+ will use a random port for each outgoing connection both for IPv4 and IPv6.
+
| ``cipher "<cipher>" use "<implementation>";``