Hi Samir, This fills in a gap i always thought was missing from LSM's boolean verdict policies. So good effort. 1)I would love to see the send/recvmsg interface complete (seems missing). 2) If you can provide an async scheme which allows re-injection of policy verdicts in addition to the sync interface, i think that would be more valuable. I can see many apps which collect multiple states before making a policy decision on multiple messages (example a multipart message). Is SNET_VERDICT_PENDING intended for this? A small glitch i noticed; you have defines in patches 8 and 9 which are needed by patches 6 and 7. I think the general idea should be to compile after adding each patch. So you may need to move some defines in earlier patches. cheers, jamal -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
