Date: Wed, 31 Oct 2007 02:15:16 +0100 From: Matus Harvan <mharvan@inf.ethz.ch> To: "Bruce M. Simpson" <bms@FreeBSD.org> Cc: freebsd-net@FreeBSD.org, Brooks Davis <brooks@FreeBSD.org>, Max Laier <max@love2party.net> Subject: Re: UDP catchall Message-ID: <20071031011516.GF2564@styx.ethz.ch> In-Reply-To: <4726395B.8080905@FreeBSD.org> References: <20070909201837.GA18107@inf.ethz.ch> <20071026154057.GG1049@styx.ethz.ch> <4722AEB3.1010208@FreeBSD.org> <20071029150424.GA68594@lor.one-eyed-alien.net> <4726395B.8080905@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--3oCie2+XPXTnK5a5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 29, 2007 at 07:49:47PM +0000, Bruce M. Simpson wrote: > Brooks Davis wrote: >> While I think this idea has some merit, I think we specifically want >> the current wildcard ability to allow for a system that requires >> minimal configuration. The problem with a range is that it doesn't >> allow disjoint sets and it requires that if you really do want all the >> ports you need to produce a list of currently allocated ports to avoid >> allocating. A more (over)engineered solution holds some attraction, but >> I'm not yet convinced the fact that it could exist precludes the current >> implementation. >=20 > Actually I concur with you on this point, based solely on the disjoint se= ts=20 > point. >=20 > Another vector of attack would be to put the relay functionality into PF,= =20 > which can do the packet matching. However this of course suffers from the= =20 > problem that if you just want a plain old UDP socket for mtund, you won't= =20 > get that unless you go to the inpcb layer anyway. >=20 > But who says mtund needs to use sockets for its traffic relay? There is= =20 > definite appeal in *not* doing it in the socket layer at all -- an=20 > adaptation of pf's log socket may suffice... My initial understanding of a raw IP socket was that I could simply receive any packet for a particular protocol. This almost works for ICMP, but TCP and UDP don't seem to be supported. Hence, I have perceived the patch also as a natural extension of the idea of a raw IP socket for the UDP protocol. Matus --3oCie2+XPXTnK5a5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD4DBQFHJ9ck43LQWDWf0QIRAvptAJ9rLq7tPJ+RKJlcLjKpOWD4RPLpXwCVFVPV aqlhRAG81I0/ki1pTVf9wg== =ZlLv -----END PGP SIGNATURE----- --3oCie2+XPXTnK5a5--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071031011516.GF2564>