On Mon, 2016-12-05 at 11:28 -0200, Bruno Jesus wrote:
You are trading correctness for performance, and even with this filter the getsockopt calls are probably too expensive. I guess this information should somehow be cached.
I agree with you, it is a tradeoff. The filter is fast because the patch reduces the scope of the test to only a few handful of packets that are probably broadcast addresses, only then it will check the broadcast flag and in the kernel this is very fast because judging by the kernel source code. Only if previous conditions are met it will check if it really was a broadcast address.
It's still a context switch. Couldn't there be more than a handful of broadcast packets?
A different approach would be to let it hit EACCES when sending and check for the error and only then do all tests, that would still work and still be only a handful of packets but then we could check for the broadcast address everytime without suffering from performance and getting perfect correctness. What do you think?
That would get rid of some the performance cost (more importantly it would no longer hurt the general case), but it would still require get/setsockopt calls for every broadcast packet.