On Friday, May 06, 2011 5:25:45 AM Samir Bellabes wrote: > the main argument for socket_post_accept is to known informations of the > remote inet. > > from socket_accept(), we have no clue of who (inet->daddr and inet->saddr) > is connecting to the local service. with socket_post_accept(), inet->daddr > and inet->saddr are filled with the true distant informations. > > This informations is interesting for next security operations on the > socket. (we known with who we are talking to). Looking at the snet_socket_post_accept() hook, I believe all of the information you are looking for should be available to you in the sock_graft() hook. -- paul moore linux @ hp -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
