check_ack()

Steve Grubb sgrubb at redhat.com
Sun Nov 30 14:25:46 UTC 2008


On Friday 21 November 2008 01:30:53 Lucas C. Villa Real wrote:
> However, since netlink is a connectionless socket, once cannot infer
> that the lack of an ACK means that the kernel didn't receive that
> message.

That sounds like a design problem. Why would they even have an ACK if they 
can't guarantee its delivery?


> Similarly, in a very stressed system, one can just get -ENOBUFS when
> attempting to get a reply, even though sendto() succeeded sending the
> original message.

I think this sounds like a design problem in the netlink code.


> So, at least in a scenario where Audit is a key component and
> performance matters, wouldn't it make sense to just remove NLM_F_ACK
> from outgoing messages and just let audit_send() use the return value
> from sendto() to tell if the message has been sent instead?

The intent was to verify that all issued commands are in fact receieved so 
that if they aren't, we can advise the user. I also believe the ACK is how we 
find out that the command has bad parameters. So, I don't think its possible to 
remove it. When an event fails to be sent, we need it to block the action 
and/or otherwise log it into syslog. Otherwise you open up an avenue for 
attacking systems. There are many people that consider auditing to be more 
important than system availability.

-Steve




More information about the Linux-audit mailing list