On Tue, Jun 29, 2004 at 12:22:52PM +0400, Alexey Kuznetsov wrote:

Do you mean the restriction sort of made in AF_UNIX SOCK_DGRAM:
a connected socket receives messages only from its destination?

Exactly.  Another example would be UDP over IP.

It was not done because netlink sockets were expected to listen
for broadcasts, so that this kind of protection would be not useful
and even harmful. But taking into account that inter-application
communication is not used, only kernel sends broadcasts and applications
talking to kernel will receive such broadcasts, because they are connected
to kernel.

I've had a look in the various NETLINK applications that I know of,
including quagga/iproute/iptables and all the stuff that I wrote, 
none of them does a connect at all.

So it should be harmless to introduce this new semantics.

The troube is that pid of kernel socket used to be 0, so that
applications connected to kernel are not connected in technical sense. :-)

That's kind of a good thing since it means that existing applications
are less likely to call connect(2) :)

Apparently, to implement this we have to add some kind of flag
marking connected sockets.

Or we can set the disconnected pid to a negative value since POSIX
requires pid_t to be signed.  I see that you've reserved everything
between -4096 and 0.  So perhaps we can pick -1?

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email:  Herbert Xu ~{PmV>HI~} [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt