SINGLESOCK - How much to strip away?

Eric S. Raymond esr at thyrsus.com
Wed May 30 04:44:04 UTC 2018


The discussion of how to do SINGLESOCKET has become rather splintered.
This is an attempt to pull it  back together by presenting different
scenarios about how to do it.

In all scenarios, the per-interface sockets go away; all UDP listening
is done on what is now the wildcard socket.

Case ALPHA:

Nothing visible changes.  Packet filtering by interface
name is still supported by using IP_PKTINFO to get the interface of
incoming packets.

This is what we would want to do if we value "no surprises for existing 
implementations" above all else.  However, Mark's decision to drop
packet filtering by interface name rules this out.

Case OMEGA:

-I, -L, and the interface config directive all go away.  The daemon
listens on all interfaces all the time.  Packet filtering is entirely
outsourced to the kernel packet filter and-or dedicated firewalls. Attempting
to invoke the old features fails loudly.

This is where we land if we take Mark's distrust of external packet filtering
and his argument for do-one-thing-well seriously.  I like this one because it
results in maximum code removal and complexity reductions.

Case BETA:

Interface name filtering is dropped and fails loudly.  Otherwise the
interface directive stays in.  The -I and -L options stay too.

This is the option with the smallest code changes. I'm not a fan because
it looks unprincipled - if anybody asks why we dropped filtering by name
but not the othe kinds too I don't think we'd have any better answer than
"It was convenient that way?"  I'd be embarassed.

If we're going to take the hit for breaking backward compatibility I'd
like it to buy more than this.

Case GAMMA:

The entire interface directive goes away, failing loudly.  The -I and
-L options stay.

I think this is the one Gary wants.  I'd like it, except that I think
it means we still have to interate over interfaces (to validate the
options) and deal with routing sockets (in case the local address of one of the
selected interfaces changes).  Both of those are portability PITAs - solved,
but I dislike the code weight of the solutions.

Comments?
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

In the absence of any evidence tending to show that possession 
or use of a 'shotgun having a barrel of less than eighteen inches 
in length' at this time has some reasonable relationship to the 
preservation or efficiency of a well regulated militia, we cannot 
say that the Second Amendment guarantees the right to keep and bear 
such an instrument. [...] The Militia comprised all males 
physically capable of acting in concert for the common defense.  
        -- Majority Supreme Court opinion in "U.S. vs. Miller" (1939)


More information about the devel mailing list