nv-tegra.nvidia Code Review - linux-2.6.git/commit

author	James Morris <jmorris@namei.org>
	Fri, 9 Jun 2006 07:32:39 +0000 (00:32 -0700)
committer	David S. Miller <davem@sunset.davemloft.net>
	Sun, 18 Jun 2006 04:30:03 +0000 (21:30 -0700)
commit	100468e9c05c10fb6872751c1af523b996d6afa9
tree	2ad0e988897a3636cbe5353a7624232c62b0968a	tree \| snapshot
parent	7c9728c393dceb724d66d696cfabce82151a78e5	commit \| diff

[SECMARK]: Add CONNSECMARK xtables target

Add a new xtables target, CONNSECMARK, which is used to specify rules
for copying security marks from packets to connections, and for
copyying security marks back from connections to packets. This is
similar to the CONNMARK target, but is more limited in scope in that
it only allows copying of security marks to and from packets, as this
is all it needs to do.

A typical scenario would be to apply a security mark to a 'new' packet
with SECMARK, then copy that to its conntrack via CONNMARK, and then
restore the security mark from the connection to established and
related packets on that connection.

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/linux/netfilter/xt_CONNSECMARK.h	[new file with mode: 0644]	blob
net/netfilter/Kconfig		diff \| blob \| history
net/netfilter/Makefile		diff \| blob \| history
net/netfilter/xt_CONNSECMARK.c	[new file with mode: 0644]	blob