linux-security-module November 2007 archive
Main Archive Page > Month Archives  > linux-security-module archives
linux-security-module: Re: [PATCH net-2.6.25] Add packet filteri

Re: [PATCH net-2.6.25] Add packet filtering based on process'ssecurity context.

From: Tetsuo Handa <penguin-kernel_at_nospam>
Date: Fri Nov 30 2007 - 14:59:13 GMT
To: sam@synack.fr


Hello.

Samir Bellabes wrote:
> at security_socket_accept(), the user only accept the fact that the
> application is able to go to sock->ops->accept(). That's the purpose of
> this hook.

Yes. This hook can't perform filtering.

> After, when packet are coming, we can catch them with
> libnetfilter_queue, and deal with filtering packets.
Is this performed inside sock->ops->accept()?

> here we agree. *but* in my module, the user don't judge before
> sock->ops->accept(). He judges when packets are coming, throught the
> libnetfilter_queue API, in userspace, and reinject packet if it's ok.
I didn't understand what is happening.
Is there a hook which can perform filtering inside sock->ops->accept()?

Regards.

-
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html