Thread (3 messages) 3 messages, 2 authors, 2006-09-29

Re: [PATCH 4/7] secid reconciliation-v03: Invoke LSM hook for outbound traffic

From: James Morris <jmorris@namei.org>
Date: 2006-09-29 07:32:51
Also in: selinux 

On Thu, 28 Sep 2006, Venkat Yekkirala wrote:

+		if (connsecmark)
+			if (*connsecmark != skb->secmark) {
 				*connsecmark = skb->secmark;
+			}
Please remove the braces if re-submitting.

+printk(KERN_ERR "IN HOOK (%d) (%u) (%u)\n", hooknum, skb->secmark, *psecmark);\
Please remove debugging (here and elsewhere).



+		/* Set secmark on inbound and filter it on outbound */
+		if ((target->family == AF_INET &&
+			(hooknum == NF_IP_POST_ROUTING ||
+			 hooknum == NF_IP_LOCAL_OUT ||
+			 hooknum == NF_IP_FORWARD)) ||
+		    (target->family == AF_INET6 &&
+			(hooknum == NF_IP6_POST_ROUTING ||
+			 hooknum == NF_IP6_LOCAL_OUT ||
+			 hooknum == NF_IP6_FORWARD))) {
I think this should be a separate helper function, so the logic can be 
changed/evaluated in isolation (preferred, but not a blocker).

+		secmark_save(skb, hooknum, target);
It seems that the target parameter is not needed.


+		return secmark_restore(skb, hooknum, in, target);
Please pass a family parameter instead of target.



-- 
James Morris
[off-list ref]
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help