watch structure
Casey Schaufler
casey at schaufler-ca.com
Tue Apr 5 15:40:16 UTC 2005
--- Stephen Smalley <sds at tycho.nsa.gov> wrote:
> On Tue, 2005-04-05 at 08:00 -0700, Casey Schaufler
> wrote:
> > But you don't know how much to copy. If you
> > decide on a fixed amount you may as well use
> > the previously discussed structure.
>
> I think that this is just a communication problem
> between you and me;
> the program knows the total length of the buffer,
> and passes it to the
> sendto() call when sending the buffer to the netlink
> socket.
Doh! My bad. I was thinking in terms of a syscall
interface, not a socket. Stephen is right.
The buf[0] scheme will work just fine.
Casey Schaufler
casey at schaufler-ca.com
__________________________________
Do you Yahoo!?
Make Yahoo! your home page
http://www.yahoo.com/r/hs
More information about the Linux-audit
mailing list