linux/net/netfilter
James Morris 100468e9c0 [SECMARK]: Add CONNSECMARK xtables target
Add a new xtables target, CONNSECMARK, which is used to specify rules
for copying security marks from packets to connections, and for
copyying security marks back from connections to packets.  This is
similar to the CONNMARK target, but is more limited in scope in that
it only allows copying of security marks to and from packets, as this
is all it needs to do.

A typical scenario would be to apply a security mark to a 'new' packet
with SECMARK, then copy that to its conntrack via CONNMARK, and then
restore the security mark from the connection to established and
related packets on that connection.

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-17 21:30:03 -07:00
..
core.c [NETFILTER]: Introduce infrastructure for address family specific operations 2006-04-09 22:25:40 -07:00
Kconfig [SECMARK]: Add CONNSECMARK xtables target 2006-06-17 21:30:03 -07:00
Makefile [SECMARK]: Add CONNSECMARK xtables target 2006-06-17 21:30:03 -07:00
nf_conntrack_core.c [SECMARK]: Add secmark support to conntrack 2006-06-17 21:30:01 -07:00
nf_conntrack_ftp.c [NETFILTER]: FTP helper: search optimization 2006-06-17 21:29:07 -07:00
nf_conntrack_l3proto_generic.c [NETFILTER]: nf_conntrack: Fix module refcount dropping too far 2006-04-24 17:27:28 -07:00
nf_conntrack_netlink.c [NETFILTER]: ctnetlink: change table dumping not to require an unique ID 2006-06-17 21:29:03 -07:00
nf_conntrack_proto_generic.c [NETFILTER]: Fix timeout sysctls on big-endian 64bit architectures 2006-01-10 12:54:35 -08:00
nf_conntrack_proto_sctp.c [NETFILTER] SCTP conntrack: fix infinite loop 2006-05-02 17:26:39 -07:00
nf_conntrack_proto_tcp.c [NETFILTER]: conntrack: add sysctl to disable checksumming 2006-06-17 21:28:57 -07:00
nf_conntrack_proto_udp.c [NETFILTER]: conntrack: add sysctl to disable checksumming 2006-06-17 21:28:57 -07:00
nf_conntrack_standalone.c [SECMARK]: Add secmark support to conntrack 2006-06-17 21:30:01 -07:00
nf_internals.h [NETFILTER]: split net/core/netfilter.c into net/netfilter/*.c 2005-08-29 15:51:11 -07:00
nf_log.c [NETFILTER]: Fix compilation when no PROC_FS enabled 2005-08-29 15:56:54 -07:00
nf_queue.c [NETFILTER]: Introduce infrastructure for address family specific operations 2006-04-09 22:25:40 -07:00
nf_sockopt.c [NET]: Identation & other cleanups related to compat_[gs]etsockopt cset 2006-03-20 22:48:35 -08:00
nfnetlink_log.c [NETFILTER]: nfnetlink_log: fix byteorder confusion 2006-05-19 02:17:18 -07:00
nfnetlink_queue.c [NETFILTER]: Fix section mismatch warnings 2006-04-09 22:25:34 -07:00
nfnetlink.c [NETFILTER]: ctnetlink: avoid unneccessary event message generation 2006-03-20 18:03:59 -08:00
x_tables.c [NETFILTER]: x_tables: don't use __copy_{from,to}_user on unchecked memory in compat layer 2006-05-03 23:20:27 -07:00
xt_CLASSIFY.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_comment.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_connbytes.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_connmark.c [NETFILTER]: x_tables: remove some unnecessary casts 2006-06-17 21:28:45 -07:00
xt_CONNMARK.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_CONNSECMARK.c [SECMARK]: Add CONNSECMARK xtables target 2006-06-17 21:30:03 -07:00
xt_conntrack.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_dccp.c [NETFILTER]: x_tables: remove some unnecessary casts 2006-06-17 21:28:45 -07:00
xt_esp.c [NETFILTER]: x_tables: unify IPv4/IPv6 esp match 2006-04-01 02:22:30 -08:00
xt_helper.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_length.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_limit.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_mac.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_mark.c [NETFILTER]: x_tables: remove some unnecessary casts 2006-06-17 21:28:45 -07:00
xt_MARK.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_multiport.c [NETFILTER]: x_tables: add SCTP/DCCP support where missing 2006-06-17 21:28:47 -07:00
xt_NFQUEUE.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_NOTRACK.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_physdev.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_pkttype.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_policy.c [IPSEC]: Kill unused decap state structure 2006-04-01 00:54:16 -08:00
xt_quota.c [NETFILTER]: x_tables: add quota match 2006-06-17 21:28:49 -07:00
xt_realm.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_sctp.c [NETFILTER]: x_tables: remove some unnecessary casts 2006-06-17 21:28:45 -07:00
xt_SECMARK.c [SECMARK]: Add xtables SECMARK target 2006-06-17 21:29:59 -07:00
xt_state.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_statistic.c [NETFILTER]: x_tables: add statistic match 2006-06-17 21:28:51 -07:00
xt_string.c [NETFILTER]: x_tables: remove some unnecessary casts 2006-06-17 21:28:45 -07:00
xt_tcpmss.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_tcpudp.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00