git.baikalelectronics.ru Git - kernel.git/commit

author	Christian Göttsche <cgzones@googlemail.com>
	Sun, 23 Sep 2018 18:26:15 +0000 (20:26 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 28 Sep 2018 12:28:29 +0000 (14:28 +0200)
commit	89830d3d5509ece26d5e3174e27172e882a361b6
tree	db7a9801ea060e236514626f4296ec8a378c8ad0	tree \| snapshot
parent	7285d5d6dd4f12007cab591ac7457d5f5fd6f153	commit \| diff

netfilter: nf_tables: add SECMARK support

Add the ability to set the security context of packets within the nf_tables framework.
Add a nft_object for holding security contexts in the kernel and manipulating packets on the wire.

Convert the security context strings at rule addition time to security identifiers.
This is the same behavior like in xt_SECMARK and offers better performance than computing it per packet.

Set the maximum security context length to 256.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_tables_core.h		diff \| blob \| history
include/uapi/linux/netfilter/nf_tables.h		diff \| blob \| history
net/netfilter/nf_tables_core.c		diff \| blob \| history
net/netfilter/nft_meta.c		diff \| blob \| history