From owner-freebsd-net@FreeBSD.ORG Mon Oct 29 20:03:24 2007 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 444F816A419; Mon, 29 Oct 2007 20:03:24 +0000 (UTC) (envelope-from bms@FreeBSD.org) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id E42CB13C4B3; Mon, 29 Oct 2007 20:03:23 +0000 (UTC) (envelope-from bms@FreeBSD.org) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id 95DF244B24; Mon, 29 Oct 2007 15:49:49 -0400 (EDT) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by compute1.internal (MEProxy); Mon, 29 Oct 2007 15:49:49 -0400 X-Sasl-enc: sDsqRXxCbPQ2dr3TCckqpm3bW19ghHHMKzTmnc5HZmhN 1193687389 Received: from empiric.lon.incunabulum.net (82-35-112-254.cable.ubr07.dals.blueyonder.co.uk [82.35.112.254]) by mail.messagingengine.com (Postfix) with ESMTP id BEC7F3A0C; Mon, 29 Oct 2007 15:49:48 -0400 (EDT) Message-ID: <4726395B.8080905@FreeBSD.org> Date: Mon, 29 Oct 2007 19:49:47 +0000 From: "Bruce M. Simpson" User-Agent: Thunderbird 2.0.0.6 (X11/20070928) MIME-Version: 1.0 To: Brooks Davis References: <20070909201837.GA18107@inf.ethz.ch> <20071026154057.GG1049@styx.ethz.ch> <4722AEB3.1010208@FreeBSD.org> <20071029150424.GA68594@lor.one-eyed-alien.net> In-Reply-To: <20071029150424.GA68594@lor.one-eyed-alien.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@FreeBSD.org, Matus Harvan , Max Laier Subject: Re: UDP catchall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Oct 2007 20:03:24 -0000 Brooks Davis wrote: > While I think this idea has some merit, I think we specifically want > the current wildcard ability to allow for a system that requires > minimal configuration. The problem with a range is that it doesn't > allow disjoint sets and it requires that if you really do want all the > ports you need to produce a list of currently allocated ports to avoid > allocating. A more (over)engineered solution holds some attraction, but > I'm not yet convinced the fact that it could exist precludes the current > implementation. Actually I concur with you on this point, based solely on the disjoint sets point. Another vector of attack would be to put the relay functionality into PF, which can do the packet matching. However this of course suffers from the problem that if you just want a plain old UDP socket for mtund, you won't get that unless you go to the inpcb layer anyway. But who says mtund needs to use sockets for its traffic relay? There is definite appeal in *not* doing it in the socket layer at all -- an adaptation of pf's log socket may suffice... Just my 2c for now... BMS