linux/net/ipv4
James Morris 560ee653b6 netfilter: ip_tables: add iptables security table for mandatory access control rules
The following patch implements a new "security" table for iptables, so
that MAC (SELinux etc.) networking rules can be managed separately to
standard DAC rules.

This is to help with distro integration of the new secmark-based
network controls, per various previous discussions.

The need for a separate table arises from the fact that existing tools
and usage of iptables will likely clash with centralized MAC policy
management.

The SECMARK and CONNSECMARK targets will still be valid in the mangle
table to prevent breakage of existing users.

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-09 15:57:24 -07:00
..
ipvs ipvs: fix oops in backup for fwmark conn templates 2008-04-29 03:21:23 -07:00
netfilter netfilter: ip_tables: add iptables security table for mandatory access control rules 2008-06-09 15:57:24 -07:00
af_inet.c Remove duplicated unlikely() in IS_ERR() 2008-04-29 08:06:25 -07:00
ah4.c [IPSEC]: Fix bogus usage of u64 on input sequence number 2008-02-12 22:50:35 -08:00
arp.c net/ipv4/arp.c: Use common hex_asc helpers 2008-05-21 17:34:32 -07:00
cipso_ipv4.c cipso: Relax too much careful cipso hash function. 2008-05-13 23:23:55 -07:00
datagram.c [IPV4] net/ipv4: Use ipv4_is_<type> 2008-01-28 14:58:15 -08:00
devinet.c [NET] NETNS: Omit sock->sk_net without CONFIG_NET_NS. 2008-03-26 04:39:55 +09:00
esp4.c [ESP]: Ensure IV is in linear part of the skb to avoid BUG() due to OOB access 2008-03-27 16:08:03 -07:00
fib_frontend.c [NET] NETNS: Omit sock->sk_net without CONFIG_NET_NS. 2008-03-26 04:39:55 +09:00
fib_hash.c [NET]: Fix heavy stack usage in seq_file output routines. 2008-04-24 01:02:16 -07:00
fib_lookup.h [IPV4] FIB_HASH: Reduce memory needs and speedup lookups 2008-01-28 15:02:46 -08:00
fib_rules.c [NET] NETNS: Omit sock->sk_net without CONFIG_NET_NS. 2008-03-26 04:39:55 +09:00
fib_semantics.c [NETNS]: Add netns refcnt debug into fib_info. 2008-04-16 02:00:50 -07:00
fib_trie.c [NET]: Fix heavy stack usage in seq_file output routines. 2008-04-24 01:02:16 -07:00
icmp.c ipv4: Update MTU to all related cache entries in ip_rt_frag_needed() 2008-04-29 03:32:25 -07:00
igmp.c net: Allow netdevices to specify needed head/tailroom 2008-05-12 20:48:31 -07:00
inet_connection_sock.c [SOCK]: Add some notes about per-bind-bucket sock lookup. 2008-04-14 02:42:27 -07:00
inet_diag.c [NETNS]: Tcp-v6 sockets per-net lookup. 2008-01-31 19:28:20 -08:00
inet_fragment.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-04-02 22:35:23 -07:00
inet_hashtables.c [INET]: Uninline the __inet_inherit_port call. 2008-04-17 23:18:15 -07:00
inet_lro.c [LRO] Fix lro_mgr->features checks 2008-01-08 23:30:18 -08:00
inet_timewait_sock.c [NETNS]: Add netns refcnt debug for timewait buckets. 2008-04-16 02:00:28 -07:00
inetpeer.c [INET]: Use list_head-s in inetpeer.c 2007-11-12 21:27:28 -08:00
ip_forward.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-04-02 22:35:23 -07:00
ip_fragment.c inet: Register fragmentation some ctls at read-only root. 2008-05-19 13:53:02 -07:00
ip_gre.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2008-05-25 23:26:10 -07:00
ip_input.c net/ipv4: correct RFC 1122 section reference in comment 2008-05-08 01:11:04 -07:00
ip_options.c [IPV4]: Convert do_gettimeofday() to getnstimeofday(). 2008-04-21 02:34:08 -07:00
ip_output.c [IPv4] UFO: prevent generation of chained skb destined to UFO device 2008-04-29 22:36:30 -07:00
ip_sockglue.c net: Add compat support for getsockopt (MCAST_MSFILTER) 2008-04-29 03:23:22 -07:00
ipcomp.c net: Remove unnecessary inclusions of asm/semaphore.h 2008-04-18 22:15:50 -04:00
ipconfig.c net: Allow netdevices to specify needed head/tailroom 2008-05-12 20:48:31 -07:00
ipip.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2008-05-25 23:26:10 -07:00
ipmr.c ipmr: Use on-device stats instead of private ones. 2008-05-21 14:43:45 -07:00
Kconfig Documentation: move nfsroot.txt to filesystems/ 2008-04-11 13:18:01 -06:00
Makefile [UDP]: Revert udplite and code split. 2008-03-06 16:22:02 -08:00
netfilter.c [NETFILTER]: Add partial checksum validation helper 2008-04-14 11:15:49 +02:00
proc.c [IPV4][NETNS]: Display per-net info in sockstat file. 2008-03-31 19:43:18 -07:00
protocol.c [IPV4]: align inet_protos[] on SMP 2007-04-25 22:28:20 -07:00
raw.c net: Allow netdevices to specify needed head/tailroom 2008-05-12 20:48:31 -07:00
route.c ipsec: Use the correct ip_local_out function 2008-05-20 14:32:14 -07:00
syncookies.c [Syncookies]: Add support for TCP options via timestamps. 2008-04-10 03:12:40 -07:00
sysctl_net_ipv4.c [NETNS][ICMP]: Make ctl tables for ICMP sysctls per-net. 2008-03-26 01:56:24 -07:00
tcp_bic.c [TCP]: BIC web page link is corrected. 2008-02-28 22:14:32 -08:00
tcp_cong.c tcp: Limit cwnd growth when deferring for GSO 2008-04-29 03:13:52 -07:00
tcp_cubic.c rename div64_64 to div64_u64 2008-05-01 08:03:58 -07:00
tcp_diag.c [INET]: Let inet_diag and friends autoload 2007-10-22 02:59:54 -07:00
tcp_highspeed.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_htcp.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_hybla.c net: fix returning void-valued expression warnings 2008-05-01 02:47:38 -07:00
tcp_illinois.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_input.c tcp FRTO: work-around inorder receivers 2008-05-13 02:54:19 -07:00
tcp_ipv4.c ipv4: assign PDE->data before gluing PDE into /proc tree 2008-05-02 04:10:08 -07:00
tcp_lp.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_minisocks.c [TCP]: TCP_DEFER_ACCEPT updates - process as established 2008-03-21 16:33:01 -07:00
tcp_output.c tcp: TCP connection times out if ICMP frag needed is delayed 2008-05-21 16:42:20 -07:00
tcp_probe.c tcp: tcp_probe buffer overflow and incorrect return value 2008-04-24 21:11:58 -07:00
tcp_scalable.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_timer.c [TCP]: Format addresses appropriately in debug messages. 2008-04-14 04:09:36 -07:00
tcp_vegas.c net: fix returning void-valued expression warnings 2008-05-01 02:47:38 -07:00
tcp_vegas.h [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_veno.c net: fix returning void-valued expression warnings 2008-05-01 02:47:38 -07:00
tcp_westwood.c [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_yeah.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp.c tcp: Trivial fix to correct function name in a comment in net/ipv4/tcp.c 2008-04-21 02:27:58 -07:00
tunnel4.c [SIT]: Allow for IPPROTO_IPV6 protocol in namespaces. 2008-04-16 01:17:39 -07:00
udp_impl.h [UDP]: Make full use of proto.h.udp_hash innovation. 2008-03-22 16:51:21 -07:00
udp.c ipv4: assign PDE->data before gluing PDE into /proc tree 2008-05-02 04:10:08 -07:00
udplite.c [UDP]: Remove owner from udp_seq_afinfo. 2008-03-28 18:25:53 -07:00
xfrm4_input.c [IPSEC]: Fix transport-mode async resume on intput without netfilter 2008-01-28 15:00:10 -08:00
xfrm4_mode_beet.c [IPSEC]: Fix BEET output 2008-03-26 16:51:09 -07:00
xfrm4_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm4_mode_tunnel.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm4_output.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm4_policy.c [NET] NETNS: Omit net_device->nd_net without CONFIG_NET_NS. 2008-03-26 04:39:53 +09:00
xfrm4_state.c [IPSEC]: Fix BEET output 2008-03-26 16:51:09 -07:00
xfrm4_tunnel.c [IPCOMP]: Fix reception of incompressible packets 2008-01-31 19:27:24 -08:00