Re: [PATCH net-2.6.25] Add packet filtering based on process'ssecurity context.

[PATCH] Add packet filtering based on process's security context. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2007-11-21
[PATCH net-2.6.25] Add packet filtering based on process's security context. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2007-11-22
Re: [PATCH net-2.6.25] Add packet filtering based on process's security context. · James Morris <jmorris@namei.org> · 2007-11-22
Re: [PATCH net-2.6.25] Add packet filtering based on process'ssecurity context. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2007-11-24
Re: [PATCH net-2.6.25] Add packet filtering based on process'ssecurity context. · Samir Bellabes <hidden> · 2007-11-29
Re: [PATCH net-2.6.25] Add packet filtering based on process'ssecurity context. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2007-11-30
Re: [PATCH net-2.6.25] Add packet filtering based on process'ssecurity context. · Samir Bellabes <hidden> · 2007-11-30
Re: [PATCH net-2.6.25] Add packet filtering based on process'ssecurity context. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2007-11-30
Re: [PATCH net-2.6.25] Add packet filtering based on process'ssecurity context. · Samir Bellabes <hidden> · 2007-11-30
Re: [PATCH net-2.6.25] Add packet filtering based on process'ssecurity context. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2007-12-01
Re: [PATCH net-2.6.25] Add packet filtering based on process'ssecurity context. · Samir Bellabes <hidden> · 2007-12-01
Re: [PATCH net-2.6.25] Add packet filtering based on process's security context. · Patrick McHardy <hidden> · 2007-12-03
Re: [PATCH net-2.6.25] Add packet filtering based on process's securitycontext. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2007-12-03

From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: 2007-11-30 14:59:13
Also in: netfilter-devel

Hello.

Samir Bellabes wrote:

at security_socket_accept(), the user only accept the fact that the
application is able to go to sock->ops->accept(). That's the purpose of
this hook.

Yes. This hook can't perform filtering.

After, when packet are coming, we can catch them with
libnetfilter_queue, and deal with filtering packets.

Is this performed inside sock->ops->accept()?

here we agree. *but* in my module, the user don't judge before
sock->ops->accept(). He judges when packets are coming, throught the
libnetfilter_queue API, in userspace, and reinject packet if it's ok.

I didn't understand what is happening.
Is there a hook which can perform filtering inside sock->ops->accept()?

Regards.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help