18 Sep 2006 20:11
lids_nfmark problem
Kazuki Omo <omok <at> honto.info>
2006-09-18 18:11:32 GMT
2006-09-18 18:11:32 GMT
Dear, Folks, I found a strange problem on LIDS_NFMARK on lids-1.2.2-2.4.31-sk and lids-1.2.2-2.4.30. When I put mark by lidsconf -A -s /usr/sbin/sshd -o LIDS_SOCKET_NF_MARK 5 -j DISABLE I couldn't mark packet as 5 through sshd. And I changed a line on lids.c as below; ------------------------------------------------------------------------------ --- linux-2.4.31/kernel/lids.c 2006-09-15 22:09:10.000000000 +0900 +++ linux-2.4.31-patched/kernel/lids.c 2006-09-15 20:00:48.000000000 +0900 <at> <at> -690,7 +690,7 <at> <at> /* inherit SOCKET ??*/ computed_acl->lids_sys_acl->socket |= new_sys_acl->socket; - computed_acl->lids_sys_acl->mark = new_sys_acl->mark; + computed_acl->lids_sys_acl->mark |= new_sys_acl->mark; /* compute capability set */ computed_acl->lids_sys_acl->flags |= new_sys_acl->flags; ------------------------------------------------------------------------------ Now I can mark packet as 5 through sshd.(Continue reading)
RSS Feed