Hello. Paul Moore wrote: > > * post_recv_datagram is added in skb_recv_datagram. > > Can you explain to me why this is not possible using the existing > security_socket_sock_rcv_skb() LSM hook?
socket_sock_rcv_skb() is a hook for enqueue time. I want a hook for dequeue time, because what TOMOYO Linux is doing is not "whether a socket created by foo is permitted to pick up an incoming packet from specific address/port" but "whether bar is permitted to pick up an incoming packet from specific address/port". At the time of enqueue, I can't know who will pick up that packet. Same reason for socket_post_accept(). What TOMOYO Linux is doing is not "whether a socket created by foo is permitted to accept a connection request from specific address/port" but "whether bar is permitted to accept a connection request from specific address/port". At the time of enqueue, I can't know who will pick up that request. - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html