Hi Daniel, I think a command-line argument is fine, just don't introduce getopt()-style parsing into the SUID binaries ;-).
Happy hacking! -Christian On 04/17/2016 10:21 PM, Daniel Golle wrote: > Hi! > > I'm currently working on improving IPvX-over-GNUnet on OpenWrt. > I believe that providing v4/v6/DNS exit service using an OpenWrt box > is a quite good idea. > On OpenWrt it doesn't make so much sense to mess around with routing, > sysctl and iptables rules in the helpers as networking and firewall are > managed by OpenWrt's services. The situation is also different from a > desktop system because on an embedded device (think e.g.: > IPvX-over-GNUnet router) the networking and firewall configuration > corresponds to a specific use (think: tunneling all traffic through > GNUnet) and do exactly that. To me it seems desirable to have an > additional parameter (or even a compile-time configure argument!) for > the dns- and exit-helpers to make them stay away from routing, sysctl > and firewall stuff and just assume that an external service will handle > all that once the interface comes up (because that's what netifd does > on OpenWrt). > Depending on your preference (additional cmdline parameter vs. > compile-time), I'd like to introduce that option, so EXIT will be more > useful to provide gateways to the ARPA internet in community mesh > networks -- that's the main application for most of them and GNUnet > could already offer a decentralized and more secure way to do that. > > Cheers > > Daniel > > _______________________________________________ > GNUnet-developers mailing list > [email protected] > https://lists.gnu.org/mailman/listinfo/gnunet-developers >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ GNUnet-developers mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnunet-developers
