Using Linux, how to specify which ethernet interface data is transmitted on

Question

I\'m working on a Linux based server system in which there are two network interfaces, both on the same subnet (for now, lets just say they are 172.17.32.10 &am

Answer 1

No offense intended, but the answer about using bind() is quite wrong. bind() will control the source IP address placed within the packet IP header. It does not control which interface will be used to send the packet: the kernel's routing table will be consulted to determine which interface has the lowest cost to reach a particular destination. (*see note)

Instead, you should use an SO_BINDTODEVICE sockopt. This does two things:

• Packets will always egress from the interface you specified, regardless of what the kernel routing tables says.
• Only packets arriving on the specified interface will be handed to the socket. Packets arriving on other interfaces will not.

If you have multiple interfaces you want to switch between, I'd suggest creating one socket per interface. Because you'll also only receive packets to the interface you've bound to, you'll need to add all of these sockets to your select()/poll()/whatever you use.

#include 

struct ifreq ifr;

memset(&ifr, 0, sizeof(ifr));
strncpy(ifr.ifr_name, "eth1", sizeof(ifr.ifr_name));
if (setsockopt(s, SOL_SOCKET, SO_BINDTODEVICE,
            (void *)&ifr, sizeof(ifr)) < 0) {
    perror("SO_BINDTODEVICE failed");
}

(*note) Bind() to an interface IP address can lead to confusing but nonetheless correct behavior. For example if you bind() to the IP address for eth1, but the routing table sends the packet out eth0, then a packet will appear on the eth0 wire but carrying the source IP address of the eth1 interface. This is weird but allowed, though packets sent back to the eth1 IP address would be routed back to eth1. You can test this using a Linux system with two iP interfaces. I have one, and did test it, and bind() is not effective in steering the packet out a physical interface.

Though technically allowed, depending on topology this may nonetheless not work. To dampen distributed denial of service attacks where the attackers use forged IP source addresses, many routers now perform Reverse Path Forwarding (RPF) checks. Packets with a source IP address on the "wrong" path may be dropped.