Re: [PATCH 2.6.15.4 1/1][RFC] ipt_owner: inode match supporting bothincoming and outgoing packets
From: James Morris
Date: Mon Feb 20 2006 - 11:24:54 EST
On Sat, 18 Feb 2006, Török Edwin wrote:
> This is a patch based on Luke Kenneth Casson Leighton's patch [1]
> One problem with that patch was that it couldn't be used for filtering
> incoming packets, due to the fact that more than one process can listen on
> the same socket ([2],[3]).
Have a look at my skfilter patches:
http://people.redhat.com/jmorris/selinux/skfilter/kernel/
These implement a scheme for matching incoming packets against sockets by
adding a new hook in the socket layer.
For upstream merge, the issues are:
- should the new socket hook be used for all incoming packets?
- ensure IP queuing still works
Patrick: any other issues?
- James
--
James Morris
<jmorris@xxxxxxxxx>