Thank you for your comment.
I have a question regarding netfilter infrastructure.
I want to filter messages using "task_struct->security".
Can the netfilter's queuing to userspace feature
get a list of "struct task_struct" who shares a socket
that is going to receive incoming messages?
My approa
On Mon, 9 Jul 2007, Stephen Hemminger wrote:
> Isn't it better to hook into existing netfilter infrastructure somehow?
Yes, it has been suggested several times.
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [
On Mon, 9 Jul 2007 18:50:27 -0400 (EDT)
James Morris <[EMAIL PROTECTED]> wrote:
> On Mon, 9 Jul 2007, Tetsuo Handa wrote:
>
> > It drops messages from unwanted IP address/ports.
> > (To be exact, it doesn't drop, it just tells userland process
> > not to use received messages by returning errors.
On Mon, 9 Jul 2007, Tetsuo Handa wrote:
> It drops messages from unwanted IP address/ports.
> (To be exact, it doesn't drop, it just tells userland process
> not to use received messages by returning errors.)
This is broken.
You need to properly fail the network operation and ensure that the pee
Allow LSM to use IP address/port number. (was Re: [PATCH 1/1]
Add post accept()/recvmsg() hooks.)
On Mon, 9 Jul 2007, Tetsuo Handa wrote:
> Hello.
>
> This thread is from http://marc.info/?t=11834645705&r=1&w=2 .
>
> I want to use tcp_wrapper-like filtering using L
Hello.
Thank you for your comment.
David Miller wrote:
> I don't think it's such a hot idea to return errors if the
> wait_on_sync_kiocb() has returned success.
My patch may return errors for non-wait_on_sync_kiocb() case too.
Are you saying only wait_on_sync_kiocb() case is bad?
If so, could yo
From: Tetsuo Handa <[EMAIL PROTECTED]>
Date: Mon, 09 Jul 2007 14:33:01 +0900
> @@ -649,8 +660,16 @@ int sock_recvmsg(struct socket *sock, st
> init_sync_kiocb(&iocb, NULL);
> iocb.private = &siocb;
> ret = __sock_recvmsg(&iocb, sock, msg, size, flags);
> - if (-EIOCBQUEUED ==
Hello.
This thread is from http://marc.info/?t=11834645705&r=1&w=2 .
I want to use tcp_wrapper-like filtering using LSM.
But it seems that there are cases (recvmsg() and read()?) where
__sock_recvmsg() is called with msg->name == NULL and msg->msg_namelen == 0
that makes what I want to do imp
