Re: [PATCH 2.6.15.4 1/1][RFC] ipt_owner: inode match supporting bothincoming and outgoing packets

From: James Morris
Date: Mon Feb 20 2006 - 11:24:54 EST

Next message: Andreas Happe: "Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)"
Previous message: Heiko J Schick: "Re: [openib-general] Re: [PATCH 21/22] ehca main file"
In reply to: Török Edwin: "Re: [PATCH 2.6.15.4 1/1][RFC] ipt_owner: inode match supporting both incoming and outgoing packets"
Next in thread: Patrick McHardy: "Re: [PATCH 2.6.15.4 1/1][RFC] ipt_owner: inode match supporting bothincoming and outgoing packets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 18 Feb 2006, Török Edwin wrote:

> This is a patch based on Luke Kenneth Casson Leighton's patch [1]
> One problem with that patch was that it couldn't be used for filtering
> incoming packets, due to the fact that more than one process can listen on
> the same socket ([2],[3]).

Have a look at my skfilter patches:
http://people.redhat.com/jmorris/selinux/skfilter/kernel/

These implement a scheme for matching incoming packets against sockets by
adding a new hook in the socket layer.

For upstream merge, the issues are:
- should the new socket hook be used for all incoming packets?
- ensure IP queuing still works

Patrick: any other issues?

- James
--
James Morris
<jmorris@xxxxxxxxx>

Next message: Andreas Happe: "Re: Which is simpler? (Was Re: [Suspend2-devel] Re: [ 00/10] [Suspend2] Modules support.)"
Previous message: Heiko J Schick: "Re: [openib-general] Re: [PATCH 21/22] ehca main file"
In reply to: Török Edwin: "Re: [PATCH 2.6.15.4 1/1][RFC] ipt_owner: inode match supporting both incoming and outgoing packets"
Next in thread: Patrick McHardy: "Re: [PATCH 2.6.15.4 1/1][RFC] ipt_owner: inode match supporting bothincoming and outgoing packets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]