netfilter: xt_qtaguid: 1st pass at tracking tag based data resources
authorJP Abgrall <jpa@google.com>
Fri, 9 Sep 2011 08:55:24 +0000 (01:55 -0700)
committerDan Willemsen <dwillemsen@nvidia.com>
Thu, 1 Dec 2011 05:39:04 +0000 (21:39 -0800)
commit76a22ac439a4048bc6bd012253572bb571cc66d9
tree9dfc8838ee81b2e981c99b7da9e65d5919e87459
parentcebb1ca8b724c59b7b73ceeddcbef594612b99ab
netfilter: xt_qtaguid: 1st pass at tracking tag based data resources

* Added global resource tracking based on tags.
 - Can be put into passive mode via
    /sys/modules/xt_qtaguid/params/tag_tracking_passive
 - The number of socket tags per UID is now limited
 - Adding /dev/xt_qtaguid that each process should open before starting
to tag sockets. A later change will make it a "must".
 - A process should not create new tags unless it has the dev open.
  A later change will make it a must.
 - On qtaguid_resources release, the process' matching socket tag info
  is deleted.
* Support run-time debug mask via /sys/modules parameter "debug_mask".
* split module into prettyprinting code, includes, main.
* Removed ptrdiff_t usage which didn't work in all cases.

Change-Id: I4a21d3bea55d23c1c3747253904e2a79f7d555d9
Signed-off-by: JP Abgrall <jpa@google.com>
net/netfilter/Makefile
net/netfilter/xt_qtaguid.c
net/netfilter/xt_qtaguid_internal.h [new file with mode: 0644]
net/netfilter/xt_qtaguid_print.c [new file with mode: 0644]
net/netfilter/xt_qtaguid_print.h [new file with mode: 0644]