On Thu, May 14, 2009 at 02:34:29PM -0400, Sebastien Roy wrote: > On Thu, 2009-05-14 at 14:12 -0400, Dan McDonald wrote: > > - Insert something into the sendmsg() path that explicitly sets the > > local IP & port for a single datagram. > > > > This involves kernel modifications, which would be awful if > > anyone requested such a daemon to run on older kernels. > > This is the cleanest and most sensible approach, IMO. A new ancillary > data type that specifies the source address and/or port makes sense to > me.
Not only that, but that will also enable connect()-less, application driver "connection latching". Which, in terms most folks other than Dan would understand, means "getting IPsec information on recv, and requestion IPsec protection and what not on send". That said, this problem has been well understood for a long time, and other parts of the system that have to deal with this do much what in.iked does: one socket per-local address + address addition detection (usually by having one socket not bound to a specific local address, the reception of datagrams on which implies that the application should rescan the interfaces). File descriptor limits should not be a problem nowadays -- the programmer should be able to set the soft limit quite high nowadays without concern for stdio. And event ports make the event loop manageable and scalable with the number of file descriptors. Of course, for datagrams received on that master socket one may have no choice but to drop them and let the peer retransmit, which is OK, but sub-optimal. Nico -- _______________________________________________ networking-discuss mailing list [email protected]
