Hi Nikolay, On 06/14/2017 05:04 AM, Nikolay Aleksandrov wrote:
> This has been on our todo list and I'm definitely interested in the > implementation. > A few things that need careful consideration from my POV. First are the > security > implications - this sends rtnl multicast messages but the rtnl socket has > the NL_CFG_F_NONROOT_RECV flag thus allowing any user on the system to listen > in. > This would allow them to see the full packets and all reports (granted they > can see > the notifications even now), but the full packet is like giving them the > opportunity > to tcpdump the PIM traffic. I definitely see how this can be an issue. >From what I see, this means that either the packet should be transmitted another way, or another Netlink family should be used. NETLINK_ROUTE looks to be the logical family to choose though, but then I do not see a proper other way to handle this. However I may just not be looking into the right direction, maybe you currently have another approach in mind? > My second (more fixable and minor) concern is about the packet itself, how do > you > know that the packet is all linear so you can directly copy it ? Indeed, I overlooked this possibility in this version. I will improve that. -- Julien Gomes