David Miller a écrit :

From: Mark Huth <redacted>
Date: Tue, 27 Mar 2007 16:09:30 -0700

quoted

Actually, there are legitimate uses for this sort of API.  The patch 
allows an administrator to kill specific connections that are in use by 
other applications, where the close is not available, since the socket 
is owned by another process.

Anything that wants to act as an external agent to manipulate
or terminate connections should use netfilter.

This is what I thought too at the begining.

But after some thinking I recalled having to reboot machines just because 
netfilter was not in (because of noticeable performance hit), and I could find 
  the tree to compile netfilter as modules..

When I saw revoke() work in progess, I did react like you : This is coming 
from hell...