git.baikalelectronics.ru Git - kernel.git/commit

author	James Morris <jmorris@namei.org>
	Fri, 9 Jun 2006 07:31:46 +0000 (00:31 -0700)
committer	David S. Miller <davem@sunset.davemloft.net>
	Sun, 18 Jun 2006 04:30:01 +0000 (21:30 -0700)
commit	a8f83caf1fbe4abe658370014a20af75c2132b2a
tree	af2b67ff7c579d669d01f28af33929f780b9c1b3	tree \| snapshot
parent	10d7ac115407a5103f0913f61c598a2411d5cd70	commit \| diff

[SECMARK]: Add secmark support to conntrack

Add a secmark field to IP and NF conntracks, so that security markings
on packets can be copied to their associated connections, and also
copied back to packets as required. This is similar to the network
mark field currently used with conntrack, although it is intended for
enforcement of security policy rather than network policy.

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/linux/netfilter_ipv4/ip_conntrack.h		diff \| blob \| history
include/net/netfilter/nf_conntrack.h		diff \| blob \| history
include/net/netfilter/nf_conntrack_compat.h		diff \| blob \| history
net/ipv4/netfilter/Kconfig		diff \| blob \| history
net/ipv4/netfilter/ip_conntrack_core.c		diff \| blob \| history
net/ipv4/netfilter/ip_conntrack_standalone.c		diff \| blob \| history
net/netfilter/Kconfig		diff \| blob \| history
net/netfilter/nf_conntrack_core.c		diff \| blob \| history
net/netfilter/nf_conntrack_standalone.c		diff \| blob \| history