Date: Wed, 8 Jan 1997 08:00:27 +1100 (EST) From: Julian Assange <proff@iq.org> To: hackers@freebsd.org Subject: Re: ipfws Message-ID: <199701072100.IAA00552@profane.iq.org>
next in thread | raw e-mail | index | archive | help
Avalon, I did think about the domain issues before implimenting socket credentials. The bind() wormholing is really only weakly coupled, but the socket credential routines are tightly coupled, and so they must be if you want to get the degree of control and efficiency out of them that I have. I considered a scheme that used only the information from socket() bind() and connect(), but rejected it because its lack of fine control and ability to eliminate covert channels in connectionless, broadcast, multicast, routing, icmp, raw sockets etc without eliminating that form of communication entirely. In terms of grammer, I agree that perhaps the bind() list could be viewed as a seperate, given its non use of the destination address/port. On the other hand the grammers are close enough that I'm not so sure it is wise to seperate them entirely. Perhaps a change from "accept" to "bind", a lexical trigger that the "to" keyword and argument is not required. In anyevent, if you port ipfilter to -current, I promise to port socket and bind credentials to ipfilter. Cheers, Julian.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701072100.IAA00552>