Re: [PATCH v3 6/7] netlink: Add multicast group level permissions

[Anjali Kulkarni]

> On Mar 31, 2023, at 10:24 AM, Jakub Kicinski <kuba@xxxxxxxxxx> wrote:
> 
> On Fri, 31 Mar 2023 17:00:27 +0000 Anjali Kulkarni wrote:
>>> Is there a reason this is better than implementing .bind
>>> in the connector family and filtering there?  
>> 
>> Are you suggesting adding something like a new struct proto_ops for
>> the connector family? I have not looked into that, though that would
>> seem like a lot of work, and also I have not seen any infra structure
>> to call into protocol specific bind from netlink bind?
> 
> Where you're adding a release callback in patch 2 - there's a bind
> callback already three lines above. What am I missing?
Ah yes, that one is actually meant to be used for adding(bind) and deleting(unbind) multicast group memberships. So it is also called from setsockopt() - so I think just checking for root access permission changes the semantics of what it is meant to be used for? Besides we would need to change some of that ordering there (check for permissions & netlink_bind call) and changing it for all users of netlink might not be a good idea…?

Anjali