From owner-freebsd-hackers Tue Jan 7 13:01:59 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id NAA11215 for hackers-outgoing; Tue, 7 Jan 1997 13:01:59 -0800 (PST) Received: from profane.iq.org (profane.iq.org [203.4.184.217]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id NAA11209 for ; Tue, 7 Jan 1997 13:01:36 -0800 (PST) Received: (from proff@localhost) by profane.iq.org (8.8.4/8.8.2) id IAA00552 for hackers@freebsd.org; Wed, 8 Jan 1997 08:00:27 +1100 (EST) From: Julian Assange Message-Id: <199701072100.IAA00552@profane.iq.org> Subject: Re: ipfws To: hackers@freebsd.org Date: Wed, 8 Jan 1997 08:00:27 +1100 (EST) X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Avalon, I did think about the domain issues before implimenting socket credentials. The bind() wormholing is really only weakly coupled, but the socket credential routines are tightly coupled, and so they must be if you want to get the degree of control and efficiency out of them that I have. I considered a scheme that used only the information from socket() bind() and connect(), but rejected it because its lack of fine control and ability to eliminate covert channels in connectionless, broadcast, multicast, routing, icmp, raw sockets etc without eliminating that form of communication entirely. In terms of grammer, I agree that perhaps the bind() list could be viewed as a seperate, given its non use of the destination address/port. On the other hand the grammers are close enough that I'm not so sure it is wise to seperate them entirely. Perhaps a change from "accept" to "bind", a lexical trigger that the "to" keyword and argument is not required. In anyevent, if you port ipfilter to -current, I promise to port socket and bind credentials to ipfilter. Cheers, Julian.