Octavian Purdila wrote:
On Friday 05 February 2010 02:41:12 you wrote:
David Miller wrote:
Octavian Purdila wrote:
int inet_is_reserved_local_port(int port)
{
if (test_bit(port, reserved_ports))
return 1;
return 0;
}
Above check is exactly what I'm doing in the LSM hook.
But his version can be done inline in 2 or 3 instructions.
An LSM hook will result in an indirect function call,
all live registers spilled to the stack, then all of
those reloaded when the function returns.
It will be much more expensive.
If you can accept his version, I want to use his version (with an interface
for updating above "reserved_ports" by not only root user's sysctl() but
also MAC's policy configuration).
I think that simply using an interface to update the reserved_ports from MAC
policy configuration module wouldn't work, as root will be able to modify the
policy via sysctl.
I think that we might need to:
a) have a reserved_port updater
b) put a LSM hook into that
c) use the reserved_port updater from sysctl
Ideally, you'd provide an interface for port allocator to use, so
doing port reservation will be easier.
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
