On Tue, 2 Oct 2007, Kentaro Takeda wrote:
> --- linux-2.6.orig/net/core/datagram.c 2007-10-02 11:11:51.000000000 > +0900 > +++ linux-2.6/net/core/datagram.c 2007-10-02 11:26:23.000000000 +0900 > @@ -55,6 +55,7 @@ > #include <net/checksum.h> > #include <net/sock.h> > #include <net/tcp_states.h> > +#include <linux/security.h> > > /* > * Is a socket 'connection oriented' ? > @@ -178,6 +179,27 @@ struct sk_buff *skb_recv_datagram(struct > } else > skb = skb_dequeue(&sk->sk_receive_queue); > > + error = security_post_recv_datagram(sk, skb, flags); > + if (error) { > + unsigned long cpu_flags; > + > + if (!(flags & MSG_PEEK)) > + goto no_peek; > + > + spin_lock_irqsave(&sk->sk_receive_queue.lock, > + cpu_flags); > + if (skb == skb_peek(&sk->sk_receive_queue)) { > + __skb_unlink(skb, > + &sk->sk_receive_queue); > + atomic_dec(&skb->users); > + } > + spin_unlock_irqrestore(&sk->sk_receive_queue.lock, > + cpu_flags); > +no_peek: > + skb_free_datagram(sk, skb); > + goto no_packet; > + } > + > if (skb) > return skb; I'm guessing you need this to determine the receiving process, rather than the socket (which is available via security_sock_rcv_skb()). If so, is this to interactively determine from the user or admin whether the packet should be accepted/denied for the receiving process? - James -- James Morris <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html