On Fri, Oct 9, 2009 at 5:15 PM, Juan Lang juan.lang@gmail.com wrote:
Hi Eric,
it seems to me that if this is the best we can do, we're fixing it at the wrong layer. Surely putting the fix in the Linux kernel would be much smaller in code size, and higher performing, as we wouldn't have to filter packets in user space. --Juan
I put this patchset together after reviewing several years of conversations people have had with the kernel developers. A simple summary of what the devs have said is that the functions in the kernel that provide the ability to do this "easily" require root privileges for very good reasons (essentialy, the easy ways of approaching this problem allow overriding certain permissions mechanisms). Their suggestion was to filter using IP_PKTINFO (which is what the patches do): http://www.mail-archive.com/linux-net@vger.kernel.org/msg01341.html
The maintainer has pretty much "put his foot down" on the matter (several times actually, here's a nicer one): http://www.mail-archive.com/linux-net@vger.kernel.org/msg01306.html
This is rather embarrasing, but apparently I left server/protocol.def out of the patchset. I could have sworn I tested these patches on a clean git, but apparently I made a mistake. Is there any chance that this mistake is the reason for the rejection? The additional code in these patches is only utilized (sans a call to getsockopt) on UDP broadcast sockets that have been bound to a specific interface. According to the kernel devs, this behavior is what IP_PKTINFO is meant to do and that they have no intention of adding an additional feature that does exactly the same thing.
Erich Hoover ehoover@mines.edu