audit_receive_skb
Steve Grubb
sgrubb at redhat.com
Mon Sep 12 17:33:02 UTC 2005
On Monday 12 September 2005 13:28, Chris Wright wrote:
> In aduit_receive_skb (just basic sanity checks on skb length and netlink
> msg header info).
OK, I see.
> > > It's void upstream, btw.
> >
> > If something can go wrong, we should detect the problem and return 1. If
> > there is nothing that can go wrong, we should make it void. I guess
> > that's what I'm getting at.
>
> Going wrong == packet we can't handle. So we just drop it.
Does this send a NACK back to auditctl?
> I agree, and it's already done upstream, but I don't think it's worth
> spinning a new kernel for.
I think we are at the point where we are starting the new development. Maybe
this doesn't go into a .89 kernel, but a .1 kernel for the new development
cycle.
Thanks,
-Steve
More information about the Linux-audit
mailing list