From owner-freebsd-current Tue May 8 12:14:59 2001 Delivered-To: freebsd-current@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id BA95637B422 for ; Tue, 8 May 2001 12:14:56 -0700 (PDT) (envelope-from bright@fw.wintelcom.net) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id f48JErg08182; Tue, 8 May 2001 12:14:53 -0700 (PDT) Date: Tue, 8 May 2001 12:14:53 -0700 From: Alfred Perlstein To: huntting@glarp.com Cc: freebsd-current@FreeBSD.ORG Subject: Re: user connection request data w/ recvmsg(2)/getsockopt(2) Message-ID: <20010508121452.N18676@fw.wintelcom.net> References: <200105081912.f48JC3053365@hunkular.glarp.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200105081912.f48JC3053365@hunkular.glarp.com>; from huntting@glarp.com on Tue, May 08, 2001 at 01:12:03PM -0600 X-all-your-base: are belong to us. Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG * huntting@glarp.com [010508 12:12] wrote: > > The following jucy tidbit has been hiding in the accept(2) man page > for several years, but has apparently never been implemented. > > One can obtain user connection request data without confirming the con- > nection by issuing a recvmsg(2) call with an msg_iovlen of 0 and a non- > zero msg_controllen, or by issuing a getsockopt(2) request. Similarly, > one can provide user connection rejection information by issuing a > sendmsg(2) call with providing only the control information, or by call- > ing setsockopt(2). > > There is no mention of this feature in the man pages for getsockopt(2), > recvmsg(2) or sendmsg(2). > > Rather than correct the accept(2), I'd really like to see this > feature implemented in the kernel, and incorporated into tcp wrapper. > I think it would really help limit limit the effectivness of > portscanning. > > Who's idea was this origionally and do they have thoughts on why > it should or should not be implemented? Any gottchas? You should investigate the way this is done in the TLI interface. It would be nice to have a hybrid TLI/BSD socket interface one day. TLI is not really fast enough for server programs but a hybird would offer a lot of flexibility. -- -Alfred Perlstein - [alfred@freebsd.org] http://www.egr.unlv.edu/~slumos/on-netbsd.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message