From mboxrd@z Thu Jan 1 00:00:00 1970 From: Florian Westphal Subject: Re: [PATCH V3] audit: normalize NETFILTER_PKT Date: Fri, 3 Mar 2017 14:22:01 +0100 Message-ID: <20170303132201.GF29213@breakpoint.cc> References: <20170301162802.GV18258@madcap2.tricolour.ca> <20170301223447.GA18258@madcap2.tricolour.ca> <20170303020007.GF18258@madcap2.tricolour.ca> <20170303115416.GH18258@madcap2.tricolour.ca> <20170303124526.GC29213@breakpoint.cc> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: Richard Guy Briggs , Florian Westphal , linux-audit@redhat.com, Netfilter Developer Mailing List , Thomas Woerner , Thomas Graf To: Paul Moore Return-path: Content-Disposition: inline In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com List-Id: netfilter-devel.vger.kernel.org Paul Moore wrote: > On Fri, Mar 3, 2017 at 7:45 AM, Florian Westphal wrote: > > Richard Guy Briggs wrote: > >> > Perhaps I'm missing something here, but let me ask again, how does > >> > userspace distinguish between an unset nfmark and a nfmark of > >> > 0xffffffff? > >> > >> It can't. > > > > It can if you log it as 0, as I asked in patch 1 review. > > > > (You wouldn't log sk uid of 0 as -1 either, would you?) > > I want to see the code able to handle the full range of nfmark values > as well as the unset case; if that means we need to tweak userspace a > bit, please work with Steve on that. There is no 'unset nfmark'. Its just a 32bit integer.