Re: [patch] update: _working_ code to add device+inode check to ipt_owner.c

From: Luke Kenneth Casson Leighton
Date: Thu Sep 09 2004 - 19:04:14 EST

Next message: William Lee Irwin III: "Re: [PATCH] cacheline align pagevec structure"
Previous message: Luke Kenneth Casson Leighton: "Re: [patch] update: _working_ code to add device+inode check to ipt_owner.c"
In reply to: Chris Wright: "Re: [patch] update: _working_ code to add device+inode check to ipt_owner.c"
Next in thread: Stephen Smalley: "Re: [patch] update: _working_ code to add device+inode check toipt_owner.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 09, 2004 at 04:41:44PM -0700, Chris Wright wrote:

> > are the sockets in the interrupt context somehow different / special
> > such that they would never get to this code?
>
> Depends on where the hooks are registered into netfilter whether you'll
> get the inbound stuff.

eek!

e.g. ip_queue definitely gets it because fireflier's userspace code
is able to determine the program name [from the pid, and it then
goes hunting through /proc *gibber*] on both incoming and outgoing
packets.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: William Lee Irwin III: "Re: [PATCH] cacheline align pagevec structure"
Previous message: Luke Kenneth Casson Leighton: "Re: [patch] update: _working_ code to add device+inode check to ipt_owner.c"
In reply to: Chris Wright: "Re: [patch] update: _working_ code to add device+inode check to ipt_owner.c"
Next in thread: Stephen Smalley: "Re: [patch] update: _working_ code to add device+inode check toipt_owner.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]