On Tue, 2 Oct 2007, Kentaro Takeda wrote:
> --- linux-2.6.orig/net/core/datagram.c 2007-10-02 11:11:51.000000000
> +0900
> +++ linux-2.6/net/core/datagram.c 2007-10-02 11:26:23.000000000 +0900
> @@ -55,6 +55,7 @@
> #include <net/checksum.h>
> #include <net/sock.h>
> #include <net/tcp_states.h>
> +#include <linux/security.h>
>
> /*
> * Is a socket 'connection oriented' ?
> @@ -178,6 +179,27 @@ struct sk_buff *skb_recv_datagram(struct
> } else
> skb = skb_dequeue(&sk->sk_receive_queue);
>
> + error = security_post_recv_datagram(sk, skb, flags);
> + if (error) {
> + unsigned long cpu_flags;
> +
> + if (!(flags & MSG_PEEK))
> + goto no_peek;
> +
> + spin_lock_irqsave(&sk->sk_receive_queue.lock,
> + cpu_flags);
> + if (skb == skb_peek(&sk->sk_receive_queue)) {
> + __skb_unlink(skb,
> + &sk->sk_receive_queue);
> + atomic_dec(&skb->users);
> + }
> + spin_unlock_irqrestore(&sk->sk_receive_queue.lock,
> + cpu_flags);
> +no_peek:
> + skb_free_datagram(sk, skb);
> + goto no_packet;
> + }
> +
> if (skb)
> return skb;
I'm guessing you need this to determine the receiving process, rather than
the socket (which is available via security_sock_rcv_skb()).
If so, is this to interactively determine from the user or admin whether
the packet should be accepted/denied for the receiving process?
- James
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
