----- Original Message ----- From: James Morris <jmorrisat_private> To: Mike Wray <mike_wrayat_private> Cc: Greg KH <gregat_private>; <linux-security-moduleat_private> Sent: 05 October 2002 17:29 Subject: Re: [RFC] No more module_* hooks > On Fri, 4 Oct 2002, Mike Wray wrote: > > > The module we are working on uses ip_fragment(), and ip_defragment(), > > but not the others. > > Actually, I've just been looking at something else related to IP > fragmentation and noticed that the ip_fragment() hook does not catch all > (or even most) of the outgoing fragments. e.g. for UDP, fragments are > copied via a callback directly out of userspace in ip_build_xmit(). > > The implementation of this hook will need a non-trivial overhaul. > I'm currently porting from our bespoke kernel hooks over to LSM, and I haven't got round to fragmentation yet - but we handle it now so I was pattern-matching on the hook names and knew we'd have to use them. I'll take a look at how our own frag hooks compare with what LSM does - I know we have code in ip_build_xmit(). Mike _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Oct 08 2002 - 08:30:55 PDT