Re: [PATCH v3 6/7] netlink: Add multicast group level permissions

From: Jakub Kicinski
Date: Fri Mar 31 2023 - 02:39:56 EST


On Wed, 29 Mar 2023 11:25:42 -0700 Anjali Kulkarni wrote:
> A new field perm_groups is added in netlink_sock to store the protocol's
> multicast group access permissions. This is to allow for a more fine
> grained access control than just at the protocol level. These
> permissions can be supplied by the protocol via the netlink_kernel_cfg.
> A new function netlink_multicast_allowed() is added, which checks if
> the protocol's multicast group has non-root access before allowing bind.

Is there a reason this is better than implementing .bind
in the connector family and filtering there?