From: Paul Moore <paul.moore@hp.com>
To: etienne <etienne.basset@numericable.fr>
Cc: Casey Schaufler <casey@schaufler-ca.com>,
"Linux-Kernel" <linux-kernel@vger.kernel.org>,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH] SMACK netfilter smacklabel socket match
Date: Wed, 18 Feb 2009 10:05:24 -0500 [thread overview]
Message-ID: <200902181005.24952.paul.moore@hp.com> (raw)
In-Reply-To: <499BB76C.1030109@numericable.fr>
On Wednesday 18 February 2009 02:23:24 am etienne wrote:
> ... anyway, I think the cleanest way would be to, well, sort smk_netlbladdr
> by mask on insertion (perf doesn't matter here) and this way
> smack_host_label can stop the loop on first match. Plus, it would give a
> nicer /smack/netlabel ouptut :)
Agreed.
> so, how should we handle it? apply the patches (with whitespaces damages
> corrected ;) ) now (as it corrects a bug) an elaborate the cleaner way
> later?
Well, since you have some time and willingness to do things "the right way" I
would recommend dropping these patches (which are really just band-aids) and
working on the right solution to stored the addresses/masks in a sorted list
with the mask already applied.
FWIW, the NetLabel code (net/netlabel) has to do very similar things with
sorted address lists so I built an address list construct which builds on the
list.h ideas and operates in a similar way. You may find it helpful.
> I think this should go to stable too?
I would worry about getting the patches developed, tested and in an acceptable
form first, then we can worry about where they should be applied ;)
--
paul moore
linux @ hp
next prev parent reply other threads:[~2009-02-18 15:06 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <fa.O38YY4pVfLlMFJNBI3mhgn+qOcQ@ifi.uio.no>
[not found] ` <fa.c87eBVWyCqqi9h1c54QlwKDAIbg@ifi.uio.no>
[not found] ` <fa.f7jv/+EnhNJziduAqQS3XHiU6/A@ifi.uio.no>
[not found] ` <fa.1A5YyyPb1uCn//vnk7baNJGI0IM@ifi.uio.no>
[not found] ` <fa.HFpMNTzIQ1+pODZB3+XkfnipCfo@ifi.uio.no>
[not found] ` <fa.3IBoeBnwT1eZcqeO6DAE1tHBYc4@ifi.uio.no>
2009-02-17 20:01 ` [PATCH] SMACK netfilter smacklabel socket match etienne
2009-02-17 20:32 ` [PATCH] SMACK smacklabel : apply &MASK to IP inserted in /smack/netlabel etienne
2009-02-17 23:54 ` Paul Moore
2009-02-18 6:01 ` Casey Schaufler
2009-02-18 7:25 ` etienne
2009-02-17 22:39 ` [PATCH] SMACK netfilter smacklabel socket match David Miller
2009-02-17 23:52 ` Paul Moore
2009-02-18 7:23 ` etienne
2009-02-18 15:05 ` Paul Moore [this message]
2009-02-18 17:09 ` Casey Schaufler
2009-02-18 19:35 ` etienne
2009-02-18 20:55 ` Paul Moore
2009-02-20 4:36 ` Casey Schaufler
2009-02-20 18:26 ` etienne
2009-02-18 18:29 ` etienne
2009-02-18 19:06 ` Casey Schaufler
2009-02-18 21:16 ` [PATCH] SMACK netlabel fixes etienne
2009-02-19 5:50 ` Casey Schaufler
2009-02-19 15:24 ` Paul Moore
2009-02-19 23:22 ` [PATCH] SMACK netlabel fixes v2 etienne
2009-02-20 16:11 ` Paul Moore
2009-02-18 19:18 ` [PATCH] SMACK netfilter smacklabel socket match Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200902181005.24952.paul.moore@hp.com \
--to=paul.moore@hp.com \
--cc=casey@schaufler-ca.com \
--cc=etienne.basset@numericable.fr \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.