* [QUESTION] Packet uid for kernel-generated multicast
@ 2026-06-02 18:00 Andrew Fenton
0 siblings, 0 replies; only message in thread
From: Andrew Fenton @ 2026-06-02 18:00 UTC (permalink / raw)
To: netdev
Certain multicast-related system calls such as setsockopt with options
IP_ADD_MEMBERSHIP, IPV6_ADD_MEMBERSHIP and MCAST_JOIN_GROUP result in outgoing
kernel-generated packets that don't have an associated uid.
Not having the packet uid set to the uid of the system caller makes it
difficult to use netfilter to ensure a specific uid can't send any traffic out
a particular interface. It is possible to use network namespaces or system call
filtering, but neither of these options are feasible for us working on top of
Android Open Source Project.
If we submit a patch that adds a kernel configuration for setting the packet uid
to the uid that made the system call, would this get merged? Or is this not a
viable approach?
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-02 18:09 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-02 18:00 [QUESTION] Packet uid for kernel-generated multicast Andrew Fenton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox