Re: [PATCH,RFC] explicit connection confirmation

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Lennert Buytenhek <buytenh@gnu.org>
To: jamal <hadi@cyberus.ca>, Marc Boucher <marc@mbsi.ca>
Cc: bert hubert <ahu@ds9a.nl>, netdev@oss.sgi.com
Subject: Re: [PATCH,RFC] explicit connection confirmation
Date: Thu, 7 Nov 2002 10:27:58 -0500	[thread overview]
Message-ID: <20021107152758.GB23858@gnu.org> (raw)
In-Reply-To: <Pine.GSO.4.30.0211070834130.11358-100000@shell.cyberus.ca>

Hi,

netfilter, yeah, sure, 'could have', but please.

'Make it a netfilter module' is generally what people say when
they are confronted with a feature they don't like.

There was a thread about this in private mail round April this year,
in which some good points were raised.

- From the kernel point of view, doing it in netfilter would require
  more state tracking and access to the socket hashes and would be
  uglier.

- From the application writer's point of view, doing it via a socket
  option is much more intuitive, since this flag is really a socket
  property, than doing it via some extra API which would make it way
  too difficult/complex to use in existing apps.

It's worth noting that selective TCP connection acceptance was
also intended to be implemented as a socket option by the original
BSD developers.  See http://www.kohala.com/start/vanj.94jun27.txt
(link thanks to Marc Boucher).

>From the accept(2) man page on Red Hat Linux (again thanks to Marc
Boucher):

       For  certain  protocols which require an explicit confirmation, such as
       DECNet, accept can be thought of as merely dequeuing the  next  connec-
       tion  request  and  not  implying  confirmation.   Confirmation  can be
       implied by a normal read or write  on  the  new  file  descriptor,  and
       rejection can be implied by closing the new socket. Currently only DEC-
       Net has these semantics on Linux.


cheers,
Lennert



On Thu, Nov 07, 2002 at 08:36:28AM -0500, jamal wrote:

> Could you not have used netfilter for this? You have the app
> sending controls to add netfilter policies and delete them when not
> needed.
> 
> cheers,
> jamal
> 
> 
>

next prev parent reply	other threads:[~2002-11-07 15:27 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-11-07  9:32 [PATCH,RFC] explicit connection confirmation Lennert Buytenhek
2002-11-07 11:27 ` bert hubert
2002-11-07 12:09   ` Lennert Buytenhek
2002-11-07 13:36     ` jamal
2002-11-07 15:27       ` Lennert Buytenhek [this message]
2002-11-08 11:22         ` jamal
2002-11-08 11:52           ` bert hubert
2002-11-08 11:56             ` Marc Boucher
2002-11-08 18:28           ` Lennert Buytenhek
2002-11-07 13:49     ` bert hubert
2002-11-07 14:30       ` Lennert Buytenhek
2002-11-07 16:24         ` bert hubert
2003-08-14 13:11 ` Lennert Buytenhek
2003-08-25 11:09   ` Harald Welte

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20021107152758.GB23858@gnu.org \
    --to=buytenh@gnu.org \
    --cc=ahu@ds9a.nl \
    --cc=hadi@cyberus.ca \
    --cc=marc@mbsi.ca \
    --cc=netdev@oss.sgi.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.