From: Maciej Żenczykowski <zenczykow...@gmail.com> Date: Wed, 18 Nov 2015 23:19:03 -0800
> Privileged userspace can already make these decisions today, whether > it is by killing processes with open sockets, or by turning interfaces > up and down or by reconfiguring the firewall and/or the routing > rules/tables, or by injecting spoofed TCP reset packets (via tap). > It's just *very* inconvenient to do and error prone. > > Another example: privileged userspace could ptrace the userspace apps > and via code injection call close() on the app's behalf and reopen the > file descriptor to some null routed destination so it behaves like if > it was timed out / unreachable. At least if they do it this way, and someone claims that Linux TCP behaves outside the spec or improperly, it's not directly because of any code I am responsible for. That's the difference, and frankly an important one to me. If I'm going to give userspace a direct tool by which to do things, then it's suddenly my responsibility and my problem. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
