On Thu, Aug 4, 2011 at 11:23 PM, Alexander Bluhm <[email protected]> wrote: > On Thu, Aug 04, 2011 at 05:06:24PM +0200, Mike Belopuhov wrote: >> I'm not sure it's a desired behavior and afaik it's not possible >> to achieve this with IPv4 sockets without the need to be a root. >> Do we want to change that? > > Yes. KAME fixed that, too. >
and kame didn't fix all the problems. it's still possible to inject packets afaiu. >> The following change restricts it to the locally configured >> addresses. Is it a way to go? > > I would prefer to take as much as possible from the KAME solution. > No need to introduce more differently implemented code. > > bluhm
