On 8/23/16 12:06 PM, Lorenzo Colitti wrote:
> @@ -713,10 +728,11 @@ static bool valid_markcond(const struct inet_diag_bc_op
> *op, int len,
> return len >= *min_len;
> }
>
> -static int inet_diag_bc_audit(struct nlattr *attr)
> +static int inet_diag_bc_audit(struct nlattr *attr, const str
This allows a privileged process to filter by socket mark when
dumping sockets via INET_DIAG_BY_FAMILY. This is useful on
systems that use mark-based routing such as Android.
The ability to filter socket marks requires CAP_NET_ADMIN, which
is consistent with other privileged operations allowed by
