On Friday 04 January 2008 4:09:02 pm David Miller wrote:
> From: Paul Moore <[EMAIL PROTECTED]>
> Date: Fri, 4 Jan 2008 09:38:27 -0500
>
> > Unfortunately, it's not quite that easy at present. The only field
> > we have in the skb where we could possibly set a flag is the
> > secmark field which i
From: Paul Moore <[EMAIL PROTECTED]>
Date: Fri, 4 Jan 2008 09:38:27 -0500
> Unfortunately, it's not quite that easy at present. The only field we
> have in the skb where we could possibly set a flag is the secmark field
> which is already taken.
Herbert Xu added a "peeked" field in net-2.6.25
On Thursday 03 January 2008 11:45:49 pm David Miller wrote:
> From: Paul Moore <[EMAIL PROTECTED]>
> Date: Thu, 03 Jan 2008 12:25:39 -0500
>
> > Add an inet_sys_snd_skb() LSM hook to allow the LSM to provide
> > packet level access control for all outbound packets. Using the
> > existing postroute
From: Paul Moore <[EMAIL PROTECTED]>
Date: Thu, 03 Jan 2008 12:25:39 -0500
> Add an inet_sys_snd_skb() LSM hook to allow the LSM to provide packet level
> access control for all outbound packets. Using the existing postroute_last
> netfilter hook turns out to be problematic as it is can be invoke
Add an inet_sys_snd_skb() LSM hook to allow the LSM to provide packet level
access control for all outbound packets. Using the existing postroute_last
netfilter hook turns out to be problematic as it is can be invoked multiple
times for a single packet, e.g. individual IPsec transforms, adding unw
