> On Mar 30, 2020, at 12:03 AM, Roy Marples <roy%marples.name@localhost> wrote: > > On 30/03/2020 04:05, Christos Zoulas wrote: >>> On Mar 29, 2020, at 10:37 PM, Roy Marples <roy%marples.name@localhost> wrote: >>> >>> blacklistd was not working for me and the ACL check you mention was certainly not described anywhere I saw. After reading the Fine Man Page, I came to the conclusion that passing a sockaddr with a fd of -1 was expected to work with the code as is. Hence my change. >> That's a fair point. It is explained in the presentation slides, and now I've also added it to the man page. > > I was expecting a change to libblacklist(3) which currently says this: > The blacklist_sa() and blacklist_sa_r() functions can be used with > unconnected sockets, where getpeername(2) will not work, the server will > pass the peer name in the message. > > In the route(4) case, it is not directly connected with the peer (hence the sockaddr is unconnected and getpeername will not work) and the peer name (ie, ip address) is passed in the message generated by blacklist_sa. > > This was by basis for allowing fd -1 to "work". Ah, ok. I clarified this too. Thanks, christos
Attachment:
signature.asc
Description: Message signed with OpenPGP