I think #2 in your list is the right choice, and that has nothing to do
with adding a
non-standard option (which I completely agree is a bad idea).
It looked like you're just checking if the machine is acting as a router
or not and
if it comes from a link-local address; is that right? Of course, lots of
apps already
check for "am I a router" and they don't require a new socket option. (!)
See everything
in the quagga package, for example. And checking the address type in a app
is
trivial.
The previous discussion about "validation" was talking about RA's that are
forged,
so don't pass IPsec authentication checks. I don't see any reason at all
to deliver those
to an application (ever), so no non-standard socket option required there.
I don't know
if those are currently delivered on raw sockets or not, but if they are, I
think it's
reasonable to have a patch that clones them only after authentication
rather than before.
Prior discussion used FUD about some monitoring apps needing to see forged
RA's.
I don't think there really are apps that need to see forged RA's, but if
they really
want everything, they should use bpf or the like, just as they would need
to do to
receive, for example, packets with invalid checksums.
+-DLS
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
