linux/net/netfilter
James Morris 7c9728c393 [SECMARK]: Add secmark support to conntrack
Add a secmark field to IP and NF conntracks, so that security markings
on packets can be copied to their associated connections, and also
copied back to packets as required.  This is similar to the network
mark field currently used with conntrack, although it is intended for
enforcement of security policy rather than network policy.

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-17 21:30:01 -07:00
..
core.c [NETFILTER]: Introduce infrastructure for address family specific operations 2006-04-09 22:25:40 -07:00
Kconfig [SECMARK]: Add secmark support to conntrack 2006-06-17 21:30:01 -07:00
Makefile [SECMARK]: Add xtables SECMARK target 2006-06-17 21:29:59 -07:00
nf_conntrack_core.c [SECMARK]: Add secmark support to conntrack 2006-06-17 21:30:01 -07:00
nf_conntrack_ftp.c [NETFILTER]: FTP helper: search optimization 2006-06-17 21:29:07 -07:00
nf_conntrack_l3proto_generic.c [NETFILTER]: nf_conntrack: Fix module refcount dropping too far 2006-04-24 17:27:28 -07:00
nf_conntrack_netlink.c [NETFILTER]: ctnetlink: change table dumping not to require an unique ID 2006-06-17 21:29:03 -07:00
nf_conntrack_proto_generic.c [NETFILTER]: Fix timeout sysctls on big-endian 64bit architectures 2006-01-10 12:54:35 -08:00
nf_conntrack_proto_sctp.c [NETFILTER] SCTP conntrack: fix infinite loop 2006-05-02 17:26:39 -07:00
nf_conntrack_proto_tcp.c [NETFILTER]: conntrack: add sysctl to disable checksumming 2006-06-17 21:28:57 -07:00
nf_conntrack_proto_udp.c [NETFILTER]: conntrack: add sysctl to disable checksumming 2006-06-17 21:28:57 -07:00
nf_conntrack_standalone.c [SECMARK]: Add secmark support to conntrack 2006-06-17 21:30:01 -07:00
nf_internals.h [NETFILTER]: split net/core/netfilter.c into net/netfilter/*.c 2005-08-29 15:51:11 -07:00
nf_log.c [NETFILTER]: Fix compilation when no PROC_FS enabled 2005-08-29 15:56:54 -07:00
nf_queue.c [NETFILTER]: Introduce infrastructure for address family specific operations 2006-04-09 22:25:40 -07:00
nf_sockopt.c [NET]: Identation & other cleanups related to compat_[gs]etsockopt cset 2006-03-20 22:48:35 -08:00
nfnetlink_log.c [NETFILTER]: nfnetlink_log: fix byteorder confusion 2006-05-19 02:17:18 -07:00
nfnetlink_queue.c [NETFILTER]: Fix section mismatch warnings 2006-04-09 22:25:34 -07:00
nfnetlink.c [NETFILTER]: ctnetlink: avoid unneccessary event message generation 2006-03-20 18:03:59 -08:00
x_tables.c [NETFILTER]: x_tables: don't use __copy_{from,to}_user on unchecked memory in compat layer 2006-05-03 23:20:27 -07:00
xt_CLASSIFY.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_comment.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_connbytes.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_connmark.c [NETFILTER]: x_tables: remove some unnecessary casts 2006-06-17 21:28:45 -07:00
xt_CONNMARK.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_conntrack.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_dccp.c [NETFILTER]: x_tables: remove some unnecessary casts 2006-06-17 21:28:45 -07:00
xt_esp.c [NETFILTER]: x_tables: unify IPv4/IPv6 esp match 2006-04-01 02:22:30 -08:00
xt_helper.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_length.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_limit.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_mac.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_mark.c [NETFILTER]: x_tables: remove some unnecessary casts 2006-06-17 21:28:45 -07:00
xt_MARK.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_multiport.c [NETFILTER]: x_tables: add SCTP/DCCP support where missing 2006-06-17 21:28:47 -07:00
xt_NFQUEUE.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_NOTRACK.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_physdev.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_pkttype.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_policy.c [IPSEC]: Kill unused decap state structure 2006-04-01 00:54:16 -08:00
xt_quota.c [NETFILTER]: x_tables: add quota match 2006-06-17 21:28:49 -07:00
xt_realm.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_sctp.c [NETFILTER]: x_tables: remove some unnecessary casts 2006-06-17 21:28:45 -07:00
xt_SECMARK.c [SECMARK]: Add xtables SECMARK target 2006-06-17 21:29:59 -07:00
xt_state.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_statistic.c [NETFILTER]: x_tables: add statistic match 2006-06-17 21:28:51 -07:00
xt_string.c [NETFILTER]: x_tables: remove some unnecessary casts 2006-06-17 21:28:45 -07:00
xt_tcpmss.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
xt_tcpudp.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00