Message ID | 87iptop4di.fsf@synack.fr |
---|---|
State | RFC, archived |
Delegated to: | David Miller |
Headers | show |
On Friday, May 06, 2011 5:25:45 AM Samir Bellabes wrote: > the main argument for socket_post_accept is to known informations of the > remote inet. > > from socket_accept(), we have no clue of who (inet->daddr and inet->saddr) > is connecting to the local service. with socket_post_accept(), inet->daddr > and inet->saddr are filled with the true distant informations. > > This informations is interesting for next security operations on the > socket. (we known with who we are talking to). Looking at the snet_socket_post_accept() hook, I believe all of the information you are looking for should be available to you in the sock_graft() hook. -- paul moore linux @ hp -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/security/snet/snet_hooks.c b/security/snet/snet_hooks.c index 84ea5fc..5eb3848 100644 --- a/security/snet/snet_hooks.c +++ b/security/snet/snet_hooks.c @@ -67,23 +67,22 @@ static inline int snet_check_listeners(enum snet_verdict *verdict) return 0; } -static int snet_do_verdict(enum snet_verdict *verdict, struct snet_info *info) +static void snet_do_verdict(enum snet_verdict *verdict, struct snet_info *info) { if (info->verdict_id == 0) - return -1; + return; /* sending networking informations to userspace */ if (snet_nl_send_event(info) == 0) /* waiting for userspace reply or timeout */ *verdict = snet_verdict_wait(info->verdict_id); /* removing verdict */ snet_verdict_remove(info->verdict_id); - return 0; + return; } -static void snet_do_send_event(struct snet_info *info) +static int snet_do_send_event(struct snet_info *info) { - snet_nl_send_event(info); - return; + return snet_nl_send_event(info);