From: Mr Dash Four <mr.dash.four@googlemail.com>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: Netfilter Developer Mailing List
<netfilter-devel@vger.kernel.org>,
hch@infradead.org
Subject: Re: xt_AUDIT additions
Date: Sat, 02 Jul 2011 03:25:22 +0100 [thread overview]
Message-ID: <4E0E8192.1010406@googlemail.com> (raw)
In-Reply-To: <4E0DB027.3000309@googlemail.com>
>> However, xt_owner did not held the tasklist [write] lock, just
>> entered a RCU read section. hch: Was this RCU section also too long?
>>
>> xt_owner had the bonus that it only had to check whether the socket
>> was owned by a particular user/group/pid/sid, which means it can stop
>> looping the tasklist as soon as it found a match.
>>
> I'll have a look at the xt_owner code later to see if there is
> something I could use/learn.
Interesting, thanks for all the pointers!
xt_owner.c does have some answers.
skb->sk->sk_socket->file->f_cred->fsuid and
skb->sk->sk_socket->file->f_cred->fsgid seems to point to the socket
user id/group id owner. That, to my understanding, may not always be the
uid/gid responsible for sending a particular packet via this particular
socket, or have I got this wrong?
Moving on to the process id, I take it skb->sk->pid (or is it
skb->sk->sk_socket->sk->pid?) holds the pid list of the process(es)
owning the socket, right? Should I assume that the process responsible
for sending a particular packet could be found by traversing that list
or do I have to look elsewhere?
Also, am I right in assuming that only one process is responsible for
sending a particular packet? If that is the case, then there must only
be a single, unique triple of uid/pid/gid for each packet. If that is
so, how do I know which uid/pid/gid is responsible for that?
prev parent reply other threads:[~2011-07-02 2:25 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-30 22:42 xt_AUDIT additions Mr Dash Four
2011-07-01 8:12 ` Jan Engelhardt
2011-07-01 11:31 ` Mr Dash Four
2011-07-02 2:25 ` Mr Dash Four [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E0E8192.1010406@googlemail.com \
--to=mr.dash.four@googlemail.com \
--cc=hch@infradead.org \
--cc=jengelh@medozas.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.