Sure! Put together a patch and let's review it.
-a On 17 October 2014 17:02, Nicolas Braud-Santoni <[email protected]> wrote: > Hello, > > I would like to enquire about the possibility of adding an IP_PEERCRED > socket option to ip(4) which would be similar to LOCAL_PEERCRED for > unix(4). > > Such a option, when requested via getsockopt(2) on a not-connectionless IP > (v4 or v6) socket, would either > - return credentials of the remote side (as a xucred structure) in the > case of a loopback (non-cross-jail) socket; > - fail (with EINVAL?). > > > The intended use-case of such a functionnality would be for processes > to provide services only to a given user, instead of the local host, > while using IP sockets. > For instance, an SSH client could use this feature to provide port > forwards for a given user, instead of providing it to all users. > > While bapt@ thought at first glance that it might be a good idea, > neither of us know whether it would be reasonable to implement. > Any though on this? > > > Best, > > Nicolas > > PS: Credit for this idea should go to David Madore (in CC), who blogged > about it (in French): > http://www.madore.org/~david/weblog/d.2014-10-16.2234.html _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[email protected]"
