Re: Ideas for v2.1

Marc Unangst (mju@cs.cmu.edu)
Wed, 26 Jun 1996 01:27:45 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: H. Peter Anvin: "Re: possible SCSI device numbering solution"
Previous message: David Schwartz: "Re: File Descriptors & Linux 2.0"

Alan Cox writes:
> Yes, but not every packet is a system call, and do you charge for
> retransmissions, and acks or just call those "overhead". If you just want
> to charge bytes written/read from the socket I agree with you its not
> hard. I thought you meant per packet accounting,

Hmm, I see what the problem is. You are talking about implementing
packet accounting. I don't care about counting the packets; I'm
concerned about doing access control. I want to prevent unauthorized
users from making network connections to certain addresses or ports,
while still allowing access to other services. i.e., I might want to
make telnet, FTP, and other "interactive" services off-limits to
people whose real name I don't know, but allow anyone to use finger,
whois, and maybe even HTTP. This type of control really has to be
implemented in the kernel, since otherwise it can be broken if the
user writes their own program to make the appropriate system calls, or
uploads their own FTP/telnet client.

-Marc

Next message: H. Peter Anvin: "Re: possible SCSI device numbering solution"
Previous message: David Schwartz: "Re: File Descriptors & Linux 2.0"