Re: [RFC] No more module_* hooks

From: Mike Wray (mike_wrayat_private)
Date: Tue Oct 08 2002 - 08:30:09 PDT

  • Next message: Mike Wray: "Re: graft_tree/attach_mnt rfc"

    ----- Original Message ----- 
    From: James Morris <jmorrisat_private>
    To: Mike Wray <mike_wrayat_private>
    Cc: Greg KH <gregat_private>; <linux-security-moduleat_private>
    Sent: 05 October 2002 17:29
    Subject: Re: [RFC] No more module_* hooks
    
    
    > On Fri, 4 Oct 2002, Mike Wray wrote:
    > 
    > > The module we are working on uses  ip_fragment(), and ip_defragment(),
    > > but not the others.
    > 
    > Actually, I've just been looking at something else related to IP
    > fragmentation and noticed that the ip_fragment() hook does not catch all 
    > (or even most) of the outgoing fragments.  e.g. for UDP, fragments are 
    > copied via a callback directly out of userspace in ip_build_xmit().
    > 
    > The implementation of this hook will need a non-trivial overhaul.
    > 
    
    I'm currently porting from our bespoke kernel hooks over to LSM,
    and I haven't got round to fragmentation yet - but we handle
    it now so I was pattern-matching on the hook names and knew
    we'd have to use them. 
    
    I'll take a look at how our own frag hooks compare with what LSM
    does - I know we have code in ip_build_xmit().
    
    Mike
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Oct 08 2002 - 08:30:55 PDT