From: etienne <etienne.basset@numericable.fr>
To: Paul Moore <paul.moore@hp.com>, Casey Schaufler <casey@schaufler-ca.com>
Cc: Linux-Kernel <linux-kernel@vger.kernel.org>,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH] SMACK netfilter smacklabel socket match
Date: Wed, 18 Feb 2009 19:29:11 +0100 [thread overview]
Message-ID: <499C5377.8050408@numericable.fr> (raw)
In-Reply-To: <200902181005.24952.paul.moore@hp.com>
hello,
Paul Moore wrote:
..
> Well, since you have some time and willingness to do things "the right way" I
> would recommend dropping these patches (which are really just band-aids) and
> working on the right solution to stored the addresses/masks in a sorted list
> with the mask already applied.
>
OK, I'm about to send a new patch; but while testing my patches and reading code, I noticed another bug :
In smackfs.c:smk_write_netlbladdr
the netmask mask.s_addr is not handled correctly, the netmask should be :
1- computed in u32
2- converted to be32 !!
with current code, a "pseudo u32 mask" is applied to a be32 ipaddr; it occurs to works for "common netmasks" (multiple of 8), not for "intermediate" mask (/15, /25)
> FWIW, the NetLabel code (net/netlabel) has to do very similar things with
> sorted address lists so I built an address list construct which builds on the
> list.h ideas and operates in a similar way. You may find it helpful.
>
OK, I tested some code in userspace and when i was confident enough coded it to kernel
>> I think this should go to stable too?
>
> I would worry about getting the patches developed, tested and in an acceptable
> form first, then we can worry about where they should be applied ;)
>
OK :)
next prev parent reply other threads:[~2009-02-18 18:29 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <fa.O38YY4pVfLlMFJNBI3mhgn+qOcQ@ifi.uio.no>
[not found] ` <fa.c87eBVWyCqqi9h1c54QlwKDAIbg@ifi.uio.no>
[not found] ` <fa.f7jv/+EnhNJziduAqQS3XHiU6/A@ifi.uio.no>
[not found] ` <fa.1A5YyyPb1uCn//vnk7baNJGI0IM@ifi.uio.no>
[not found] ` <fa.HFpMNTzIQ1+pODZB3+XkfnipCfo@ifi.uio.no>
[not found] ` <fa.3IBoeBnwT1eZcqeO6DAE1tHBYc4@ifi.uio.no>
2009-02-17 20:01 ` [PATCH] SMACK netfilter smacklabel socket match etienne
2009-02-17 20:32 ` [PATCH] SMACK smacklabel : apply &MASK to IP inserted in /smack/netlabel etienne
2009-02-17 23:54 ` Paul Moore
2009-02-18 6:01 ` Casey Schaufler
2009-02-18 7:25 ` etienne
2009-02-17 22:39 ` [PATCH] SMACK netfilter smacklabel socket match David Miller
2009-02-17 23:52 ` Paul Moore
2009-02-18 7:23 ` etienne
2009-02-18 15:05 ` Paul Moore
2009-02-18 17:09 ` Casey Schaufler
2009-02-18 19:35 ` etienne
2009-02-18 20:55 ` Paul Moore
2009-02-20 4:36 ` Casey Schaufler
2009-02-20 18:26 ` etienne
2009-02-18 18:29 ` etienne [this message]
2009-02-18 19:06 ` Casey Schaufler
2009-02-18 21:16 ` [PATCH] SMACK netlabel fixes etienne
2009-02-19 5:50 ` Casey Schaufler
2009-02-19 15:24 ` Paul Moore
2009-02-19 23:22 ` [PATCH] SMACK netlabel fixes v2 etienne
2009-02-20 16:11 ` Paul Moore
2009-02-18 19:18 ` [PATCH] SMACK netfilter smacklabel socket match Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=499C5377.8050408@numericable.fr \
--to=etienne.basset@numericable.fr \
--cc=casey@schaufler-ca.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul.moore@hp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.