New skb extension for use by LSMs (skb "security blob")?

Casey Schaufler casey at schaufler-ca.com
Thu Aug 22 22:34:44 UTC 2019


On 8/22/2019 3:28 PM, David Miller wrote:
> From: Casey Schaufler <casey at schaufler-ca.com>
> Date: Thu, 22 Aug 2019 14:59:37 -0700
>
>> Sure, you *can* do that, but it would be insane to do so.
> We look up the neighbour table entries on every single packet we
> transmit from the kernel in the same exact way.
>
> And it was exactly to get rid of a pointer in a data structure.

I very much expect that the lifecycle management issues would
be completely different, but I'll admit to having little understanding
of the details of the neighbour table.



More information about the Linux-security-module-archive mailing list