Why admin's do not trust daemons to do their own packet filtering (was Re: Resuming the great cleanup)
Eric S. Raymond
esr at thyrsus.com
Tue May 29 20:23:30 UTC 2018
Hal Murray <hmurray at megapathdsl.net>:
>
> kurt at roeckx.be said:
> > Do we only have 1/2 socket by default, or do we still have a listen socket
> > per interface / ip address?
>
> The current code has a socket per interface and a wildcard socket.
>
> It also has another pile of (ugly) code to watch the interfaces and create a
> new socket when an interface appears and remove a socket and associated
> connections when an interface goes away.
>
> There should potentially be similar code to track routing changes.
Assuming we drop interface-name filtering, everything but the wildcard
socket is going to go away. I think this will make tracking routing unecessary.
I hope so, anyway. That code is a mess and I want to nuke it.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
More information about the devel
mailing list