Attached is a patch to insert a socket receive hook into the processing path for both TCP and UDP/RAW. We believe the position is the earliest point in the input processing where the socket has been looked up and associated with the skbuff. SELinux uses this hook to check receive permissions on messages. We would also like to insert another hook into tcp_rcv_state_process <new/ipv4/tcp_input.c> so that we may perform tcp connection checking (separate from this patch). The problem is that by the point that routine is called, the skb->dev field has been set to NULL. Our current checks require socket and netdevice security fields. Can anyone suggest an alternative? chris.
This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 07:50:08 PDT