On Sat, 21 Jul 2007, Tetsuo Handa wrote: > I can't use netfilter infrastructure because > it is too early to know who the recipant process of the packet is.
I think the way forward on this is to re-visit the idea of providing a proper solution for the incoming packet/user match problem. I posted one possible solution a couple of years ago (skfilter): http://lwn.net/Articles/157137/ I think there has been some recent discussion by netfilter developers about this issue, so perhaps you could talk to them (cd'd Patrick). - James -- James Morris <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
