Wildcard-socket simplification hits a wall
Kurt Roeckx
kurt at roeckx.be
Fri Mar 31 21:39:19 UTC 2017
On Thu, Mar 30, 2017 at 12:06:36PM -0400, Eric S. Raymond wrote:
> Head up, Mark! Policy issue.
>
> I fear the wildcard-socket simplification, last of our pre-1.0 major
> ambitions, has just hit a wall.
>
> The problem is not with the code simplification itself. The problem is
> that there is a configuration feature called "NIC rules" that depends
> on knowing what actual physical interface a packet arrived on. NIC
> rules are address filters applied to individual interfaces.
>
> In order to implement this against a packet flow that is all being
> accepted by the wildcard interface, we need a way to back out of each
> packet which physical interface it arrived on.
>
> One might expect this to be available via a CMSG lookup into recmvsg's
> per-package auxiliary headers, analogously to the way we now get the
> packet-arrival timestamp (see ntpd/ntp_packetstamp.c). It's the only
> place for the information to be that has the right locality.
Have you look to things like IP_PKTINFO?
Kurt
More information about the devel
mailing list