audit_receive_skb
Chris Wright
chrisw at osdl.org
Mon Sep 12 16:36:45 UTC 2005
* Steve Grubb (sgrubb at redhat.com) wrote:
> nlh = (struct nlmsghdr *)skb->data;
> if (nlh->nlmsg_len < sizeof(*nlh) || skb->len <
> nlh->nlmsg_len)
> return 0;
> rlen = NLMSG_ALIGN(nlh->nlmsg_len);
> if (rlen > skb->len)
> rlen = skb->len;
> if ((err = audit_receive_msg(skb, nlh))) {
> netlink_ack(skb, nlh, err);
> } else if (nlh->nlmsg_flags & NLM_F_ACK)
> netlink_ack(skb, nlh, 0);
> skb_pull(skb, rlen);
> }
> return 0;
> }
>
> It only returns 0. Is this a mistake or should this be made void? The reason
> I ask is that the return code is used like this:
>
> if (audit_receive_skb(skb) && skb->len)
> skb_queue_head(&sk->sk_receive_queue, skb);
> else
> kfree_skb(skb);
>
> The way the code is, we will never put the skb back on the queue head. Should
> this be refactored or do we have a problem in the .88 kernel?
That should just mean we're dropping bad packets. It's void upstream, btw.
thanks,
-chris
More information about the Linux-audit
mailing list