On Mon, 2006-02-06 at 15:18 +0100, Andreas Gaupmann wrote: > Hello! > > On Monday 06 February 2006 12:46, Andreas Gaupmann wrote: > > What is the explanation for msg->msg_name not being initialized all the > > time? Is this field filled after the discussed hook function has already > > been called? > > How can the destination socket of the message be determined despite > > msg->msg_name equal to NULL? > > > OK, I have found the answer. Destination socket addresses for datagram sockets > can be specified in two ways: > > 1) Use a msghdr structure and set the msg_name member. > 2) Make a call to connect() with a defined socket address and set msg_name to > NULL. Subsequent calls to sock_sendmsg will use this address as destination. > > In case 1 the hook function socket_sendmsg() will be called with an > initialized msg_name. Case 2 explains why the msg_name field can be NULL. In > case 2 the hook funtion socket_connect() must be used. > > That's probably all that is to it. Yes. Or you could just use a NetFilter hook to apply your checks at the network layer, e.g. see selinux_ip_postroute_last(). -- Stephen Smalley National Security Agency
This archive was generated by hypermail 2.1.3 : Mon Feb 06 2006 - 06:25:29 PST