Re: [patch] Socket Receive Hook

• Previous message: Chris Vance: "[patch] Socket Receive Hook"
• In reply to: Chris Vance: "[patch] Socket Receive Hook"
• Next in thread: Chris Vance: "Re: [patch] Socket Receive Hook"
• Reply: Chris Vance: "Re: [patch] Socket Receive Hook"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 9 Aug 2001, Chris Vance wrote:

> We would also like to insert another hook into tcp_rcv_state_process
> <new/ipv4/tcp_input.c> so that we may perform tcp connection checking
> (separate from this patch). The problem is that by the point that routine
> is called, the skb->dev field has been set to NULL.  Our current checks
> require socket and netdevice security fields.  Can anyone suggest an
> alternative?
>

Can you copy the netdev security information into the skb security context
lower down in the stack?

This is the intention of the skb security context, to propagate security
context between layers.


- James
-- 
James Morris
<jmorrisat_private>



_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: richard offer: "Re: Possible system call interface for LSM"
• Previous message: Chris Vance: "[patch] Socket Receive Hook"
• In reply to: Chris Vance: "[patch] Socket Receive Hook"
• Next in thread: Chris Vance: "Re: [patch] Socket Receive Hook"
• Reply: Chris Vance: "Re: [patch] Socket Receive Hook"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 08:09:28 PDT