Paul Moore wrote: > Based on my simple understanding of DCCP it looks okay to me, i.e. all the > relevant things we do for TCP seem to be done now for DCCP. Also, I don't > think > adding labeled networking support should be all that difficult; basically we > would need to do the following (can anyone think of anything else?): > > 1. Add the security_inet_conn_established() hook to the DCCP code path (if it > isn't there already, need to check) so that the last part of the DCCP > handshake > is caught by the LSM.
Sorry, forgot to mention that we would also need to check the other related LSM connection based hooks like inet_conn_request() and inet_csk_clone(). -- paul moore linux security @ hp - To unsubscribe from this list: send the line "unsubscribe dccp" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
