watch structure

[Stephen Smalley]

On Tue, 2005-04-05 at 08:00 -0700, Casey Schaufler wrote:
> But you don't know how much to copy. If you
> decide on a fixed amount you may as well use
> the previously discussed structure.

I think that this is just a communication problem between you and me;
the program knows the total length of the buffer, and passes it to the
sendto() call when sending the buffer to the netlink socket.  The kernel
can then copy the entire buffer in once, and subsequently can extract
the strings using the length information in the header of the buffer.
Only one copyin required.

-- 
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency