Date: Mon, 5 Apr 1999 10:41:05 -0400 (EDT) From: Brian Feldman <green@unixhelp.org> To: "Matthew N. Dodd" <winter@jurai.net> Cc: hackers@FreeBSD.ORG Subject: Re: ipfw uid mods (seemingly) done Message-ID: <Pine.BSF.4.05.9904051037590.35205-100000@janus.syracuse.net> In-Reply-To: <Pine.BSF.4.02.9904050915160.2158-100000@sasami.jurai.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 5 Apr 1999, Matthew N. Dodd wrote: > On Mon, 5 Apr 1999, Brian Feldman wrote: > > I'd like some more testing of the ipfw uid mods (found at > > http://janus.syracuse.net/~green/public_html/ipfw_uid.patch) before > > I'm truly comfortable that it's fine and dandy. I added incoming > > packet support today, as you can see: > > If you're going to bloat the size of an m_buf, why not store a pid_t > instead of a uid_t? This means you'll have to make up a struct to hold > all of the values to match rules against in ip_fw (might I suggest a > value/context type arrangement here as a single rule never need match more > than a single gid/uid/euid/egid etc. The problem with that is that the pid might not be alive anymore, or replaced with another one! I plan on adding a random 64-bit number to struct proc for identification purpouses. I.e. p->p_pid and p->p_cookie must both match to the mbuf ones. Does this sound good to everyone? This would be a bit cleaner, and require mbuf to add both a m_pid and m_cookie. How does this sound to everyone? Generating 8 random bytes per proc invocation shouldn't be very expensive at all... > > -- > | Matthew N. Dodd | 78 280Z | 75 164E | 84 245DL | FreeBSD/NetBSD/Sprite/VMS | > | winter@jurai.net | This Space For Rent | ix86,sparc,m68k,pmax,vax | > | http://www.jurai.net/~winter | Are you k-rad elite enough for my webpage? | > > Brian Feldman _ __ ___ ____ ___ ___ ___ green@unixhelp.org _ __ ___ | _ ) __| \ FreeBSD: The Power to Serve! _ __ | _ \__ \ |) | http://www.freebsd.org _ |___/___/___/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9904051037590.35205-100000>