> Is it ever possible for the isec->sid and the sksec->sid to be > inconsistent with one another?
I can't think of any possibility of this happening. > Could you just always return the > sksec->sid here and avoid the need to grab the isec > altogether (dropping > the requirement for sk_callback_lock at the same time, since you no > longer need sk_socket)? Will do. > > Likewise, given sksec->sid, why don't you change sock_rcv_skb > to always > use it, and eliminate the need for the isec and the sk_callback_lock > there? This is actually on my list of things to do already :) more for the reason that this would help enforce controls on any data that arrive for the socket between the time it's created and the time it's accepted. Was planning to do this as part of the next patch reconciling the various secids (IPSec, secmark, netlabel) per the design doc. > Similarly for postroute_last's use of isec->sid. With direct > labeling of the sock, it is no longer necessary to extract the isec. Sure. Thanks. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
