[SECMARK]: Add secmark support to conntrack
authorJames Morris <jmorris@namei.org>
Fri, 9 Jun 2006 07:31:46 +0000 (00:31 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Sun, 18 Jun 2006 04:30:01 +0000 (21:30 -0700)
commit7c9728c393dceb724d66d696cfabce82151a78e5
treeaf2b67ff7c579d669d01f28af33929f780b9c1b3
parent5e6874cdb8de94cd3c15d853a8ef9c6f4c305055
[SECMARK]: Add secmark support to conntrack

Add a secmark field to IP and NF conntracks, so that security markings
on packets can be copied to their associated connections, and also
copied back to packets as required.  This is similar to the network
mark field currently used with conntrack, although it is intended for
enforcement of security policy rather than network policy.

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/netfilter_ipv4/ip_conntrack.h
include/net/netfilter/nf_conntrack.h
include/net/netfilter/nf_conntrack_compat.h
net/ipv4/netfilter/Kconfig
net/ipv4/netfilter/ip_conntrack_core.c
net/ipv4/netfilter/ip_conntrack_standalone.c
net/netfilter/Kconfig
net/netfilter/nf_conntrack_core.c
net/netfilter/nf_conntrack_standalone.c