Date: Sat, 30 Jun 2001 02:12:35 +0900
From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?=
<[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
| Hmm, I see. So, "the API does not prohibit the bad behavior, but the
| underlying kernel would (or might) prevent the bad packets from beiing
| sent on the wire." Right? Then, I'm perhaps okay with it.
It isn't so much that the API doesn't prohibit the bad behaviour, it
can - but whether the API says something is legal or not, people are
still going to do it.
Sometimes it is important to specify exactly what does happen when the
user does something stupid, other times it isn't.
So, you could say "if the ancillary data contains multiple IPV6_HOPOPTS
objects" (which was the particular case in question) "only the first is
used", or "only the last is used", or "E2BIG is returned" or ...
But there's no real need - allow any of those the implementation prefers
and just say it is "implementation defined".
This is generally a reasonable response to what are programming errors.
On the other hand, errors that the programmer didn't cause (like sending
into a socket that has been reset, or to a mobile node's care of address,
after it has moved again, or to a global address before the node has acquired
one of its own, or ...) need to be specified more precisely, as for those
a careful program can look at what happens, and proceed accordingly.
And (other than use of raw sockets and similar) the kernel certainly should
be avoiding sending bad packets on the wire (not just might). No matter
what I do as an idiot programmer, the kernel shouldn't be allowing my mess
to escape - or not where it can tell it is wrong.
kre
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
