On Mon, Oct 29, 2007 at 07:49:47PM +0000, Bruce M. Simpson wrote: > Brooks Davis wrote: >> While I think this idea has some merit, I think we specifically want >> the current wildcard ability to allow for a system that requires >> minimal configuration. The problem with a range is that it doesn't >> allow disjoint sets and it requires that if you really do want all the >> ports you need to produce a list of currently allocated ports to avoid >> allocating. A more (over)engineered solution holds some attraction, but >> I'm not yet convinced the fact that it could exist precludes the current >> implementation. > > Actually I concur with you on this point, based solely on the disjoint sets > point. > > Another vector of attack would be to put the relay functionality into PF, > which can do the packet matching. However this of course suffers from the > problem that if you just want a plain old UDP socket for mtund, you won't > get that unless you go to the inpcb layer anyway. > > But who says mtund needs to use sockets for its traffic relay? There is > definite appeal in *not* doing it in the socket layer at all -- an > adaptation of pf's log socket may suffice...
My initial understanding of a raw IP socket was that I could simply receive any packet for a particular protocol. This almost works for ICMP, but TCP and UDP don't seem to be supported. Hence, I have perceived the patch also as a natural extension of the idea of a raw IP socket for the UDP protocol. Matus
pgpzPleovL6oJ.pgp
Description: PGP signature
