[redhat-lspp] UDP secpeer design document
Serge Hallyn
serue at us.ibm.com
Wed Oct 26 15:57:52 UTC 2005
Quoting Catherine Zhang (czhang.us at gmail.com):
> An example server application for UDP should look like this:
>
> getsockopt(sockfd, SOL_SOCKET, SO_PEEK_PEERSEC, outbuf, &optlen);
> switch (outbuf) {
> case "normal_u:...": // fork a normal_u process;
> case "special_u:...": // fork a special_u process;
> ...
> }
>
> There is yet another complication for the case of UDP. When the
> getsockopt is called, there might not be any data available. Thus we
> are faced with 2 design choices for getsockopt when there is no data:
>
> a) return an ENODATA error, and require the application to poll
> the socket (using select() call) and issue the getsockopt call
> only when there is data available.
>
> b) block the call until there is data.
>
> Choice a) is easier to implement but it shifts the programming burden
> to the application writer. Choice b) makes the application writer's
> job easier, but it turns getsockopt into a blocking call, which might
> not be acceptable (can't think of a good reason now).
I think (a) is the reasonable approach. Anyone who wants (b) can
write a library call which does both select and getsockopt, leaving
only potential thread locking issues for the application to deal with...
thanks,
-serge
More information about the redhat-lspp
mailing list