On Wed, 2016-03-23 at 02:26 +0000, Gilberto Bertin wrote: > Since the net-next window just opened, I'm resubmitting my RFC for the > SO_BINDTOSUBNET patch, following Mark Smith's suggestion to rename the > whole thing to a more clear SO_BINDTOPREFIX.
Please do not add such monolithic option. BPF is absolutely the way to go here, as it allows for whatever user specified tweaks, like a list of destination subnetwork, or/and a list of source network, or the date/time of the day, or port knocking without netfilter, or ... you name it. Simply add an option to load a BPF filter on a socket, used to vary the various compute_score() functions. No hard coded knowledge in the kernel, but a generic interface.
