> I can accept a TCP connection on an AF_INET socket, then take the > resulting file descriptor and transfer it to a completely unrelated > process using a control message on an AF_UNIX socket. That process > can be owned by a different user. What do you intend to happen to > the AF_INET socket that is passed in this way?
Whatever the configuration calls for, of course. That can't be done with per-packet filtering. That's why I think per-packet filtering is a wrong place to try to satisfy this desire. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
