> On Mar 30, 2020, at 12:03 AM, Roy Marples <r...@marples.name> wrote: > > On 30/03/2020 04:05, Christos Zoulas wrote: >>> On Mar 29, 2020, at 10:37 PM, Roy Marples <r...@marples.name> wrote: >>> >>> blacklistd was not working for me and the ACL check you mention was >>> certainly not described anywhere I saw. After reading the Fine Man Page, I >>> came to the conclusion that passing a sockaddr with a fd of -1 was expected >>> to work with the code as is. Hence my change. >> That's a fair point. It is explained in the presentation slides, and now >> I've also added it to the man page. > > I was expecting a change to libblacklist(3) which currently says this: > The blacklist_sa() and blacklist_sa_r() functions can be used with > unconnected sockets, where getpeername(2) will not work, the server will > pass the peer name in the message. > > In the route(4) case, it is not directly connected with the peer (hence the > sockaddr is unconnected and getpeername will not work) and the peer name (ie, > ip address) is passed in the message generated by blacklist_sa. > > This was by basis for allowing fd -1 to "work".
Ah, ok. I clarified this too. Thanks, christos
signature.asc
Description: Message signed with OpenPGP
