audit_receive_skb
Chris Wright
chrisw at osdl.org
Mon Sep 12 17:28:22 UTC 2005
* Steve Grubb (sgrubb at redhat.com) wrote:
> On Monday 12 September 2005 12:36, Chris Wright wrote:
> > That should just mean we're dropping bad packets.
>
> Where would we detect the packet is bad?
In aduit_receive_skb (just basic sanity checks on skb length and netlink
msg header info).
> > It's void upstream, btw.
>
> If something can go wrong, we should detect the problem and return 1. If there
> is nothing that can go wrong, we should make it void. I guess that's what I'm
> getting at.
Going wrong == packet we can't handle. So we just drop it. I agree,
and it's already done upstream, but I don't think it's worth spinning
a new kernel for.
More information about the Linux-audit
mailing list