James Morris wrote: > On Mon, 17 Apr 2006, Patrick McHardy wrote: > > >>>From a pure netfilter POV it would still be nice to have the socket >>hooks for userspace queueing in socket context and filtering hard >>to track protocols. My only question is: if I would port the skfilter >>patches to the current kernel today and fix the unresolved issues, >>would you still prefer this approach? > > > I think the newer model of marking the packets first via Netfilter then > interpreting them at the socket layer is superior. i.e. skfilter is > probably not preferred for SELinux now. > > However, it's still useful for incoming user matching for things like > user-level firewalling.
OK, thanks. I plan to make it ready for submission eventually, just wanted to make sure I'm not holding back things. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
