On Tue, 7 May 2002, Thomas 'Dent' Mirlacher wrote:
>
> > unless I missed something, perhaps there could be an ioctl/setsockopt
> > which would turn this behaviour into "pass packet to user mode or drop
> > altogether" that would never result in network stack getting a packet
> > directly.
>
> well, that would be nice for certain applications, but wouldn't it
> also be a security problem?
no.
read-only access to network traffic already requires priviledges.
and theres' already a way to insert packets via socket send/write.
all I'm proposing is a way to "delete" packets too.
cheers, dima.
|
