[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [redhat-lspp] auditing labeled ipsec



On Thu, 2006-10-12 at 10:24 -0400, Steve Grubb wrote:
> On Thursday 12 October 2006 10:16, Paul Moore wrote:
> > PF_KEYv2 is a socket family/protocol defined by RFC2367 whose original goal
> > was to standardize the interface between the in-kernel IPsec bits and the
> > userland key management daemon.
> 
> OK, then the question becomes is the communication protocol asyncronous or 
> synchronous? If synchronous (the request is handled immediately and not 
> queued like netlink), then current task struct can be used. Otherwise, there 
> may be some more code needed to grab the loginuid during the send and store 
> it with the packet until dequeued. If it is async, there may be selinux 
> implications as well.
> 

pfkey doesn't appear to use a queue like netlink... it registers socket
protocol operations such as .recvmsg and .sendmsg which get called via
sock_recvmsg and sock_sendmsg.

Joy


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]