On Fri, Oct 9, 2009 at 5:15 PM, Juan Lang <span dir="ltr"><<a href="mailto:juan.lang@gmail.com">juan.lang@gmail.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi Eric,<br>
<br>
it seems to me that if this is the best we can do, we're fixing it at<br>
the wrong layer. Surely putting the fix in the Linux kernel would be<br>
much smaller in code size, and higher performing, as we wouldn't have<br>
to filter packets in user space.<br>
<font color="#888888">--Juan<br>
</font></blockquote></div><br>I put this patchset together after reviewing several years of conversations people have had with the kernel developers. A simple summary of what the devs have said is that the functions in the kernel that provide the ability to do this "easily" require root privileges for very good reasons (essentialy, the easy ways of approaching this problem allow overriding certain permissions mechanisms). Their suggestion was to filter using IP_PKTINFO (which is what the patches do):<br>
<a href="http://www.mail-archive.com/linux-net@vger.kernel.org/msg01341.html">http://www.mail-archive.com/linux-net@vger.kernel.org/msg01341.html</a><br><br>The maintainer has pretty much "put his foot down" on the matter (several times actually, here's a nicer one):<br>
<a href="http://www.mail-archive.com/linux-net@vger.kernel.org/msg01306.html">http://www.mail-archive.com/linux-net@vger.kernel.org/msg01306.html</a><br><br>This is rather embarrasing, but apparently I left server/protocol.def out of the patchset. I could have sworn I tested these patches on a clean git, but apparently I made a mistake. Is there any chance that this mistake is the reason for the rejection? The additional code in these patches is only utilized (sans a call to getsockopt) on UDP broadcast sockets that have been bound to a specific interface. According to the kernel devs, this behavior is what IP_PKTINFO is meant to do and that they have no intention of adding an additional feature that does exactly the same thing.<br>
<br>Erich Hoover<br><a href="mailto:ehoover@mines.edu">ehoover@mines.edu</a><br>