Why admin's do not trust daemons to do their own packet filtering (was Re: Resuming the great cleanup)

[Hal Murray]

devel at ntpsec.org said:
> Assuming we drop interface-name filtering, everything but the wildcard
> socket is going to go away.  I think this will make tracking routing
> unecessary. I hope so, anyway.  That code is a mess and I want to nuke it.

We don't track routing in the sense of BGP.  We do track local IP Addresses.

The easy case is a single WiFi interface that goes away as you walk down the 
street and comes back with a new IP Address a bit later on.  The key point is 
that the system only has one IP Address at any point in time.

The interesting case is a system with several (hardware) interfaces.

Each packet has a source and destination IP address.  We need to make sure 
the return packet has a source address that matches the dest address of the 
packet we are replying to.  That is the packet comes back from the address it 
was sent to rather than the address of some other interface on the other side 
of the box.  Most of the time, dumb/stupid code would just work, but we need 
to handle the other cases too.

Can we get the dest address on receive without a separate socket per IP 
Address?  recvfrom() gives us the source address.  I don't see how to get the 
dest address, but I haven't looked very hard.

I'm not sure how to set the dest address on transmit.  At worst we need 
another socket and do a bind() before sending each packet.  If bind is 
expensive, we could keep a pre-bound socket per address, and garbage collect 
the ones that don't get used, and ...

We should scan the code to see where the local address is used.  I'm sure 
crypto will need it.


-- 
These are my opinions.  I hate spam.