What's the plan for how this would be used? We can't let unprivileged userspace processes talk to the SA, because they could cause problems like deleting someone else's multicast group membership. And I don't think we want to try to do some elaborate filtering in the kernel, do we? - R.