summaryrefslogtreecommitdiffstats
path: root/net/netfilter/nf_conntrack_core.c
diff options
context:
space:
mode:
authorJames Morris2006-06-09 09:31:46 +0200
committerDavid S. Miller2006-06-18 06:30:01 +0200
commit7c9728c393dceb724d66d696cfabce82151a78e5 (patch)
treeaf2b67ff7c579d669d01f28af33929f780b9c1b3 /net/netfilter/nf_conntrack_core.c
parent[SECMARK]: Add xtables SECMARK target (diff)
downloadkernel-qcow2-linux-7c9728c393dceb724d66d696cfabce82151a78e5.tar.gz
kernel-qcow2-linux-7c9728c393dceb724d66d696cfabce82151a78e5.tar.xz
kernel-qcow2-linux-7c9728c393dceb724d66d696cfabce82151a78e5.zip
[SECMARK]: Add secmark support to conntrack
Add a secmark field to IP and NF conntracks, so that security markings on packets can be copied to their associated connections, and also copied back to packets as required. This is similar to the network mark field currently used with conntrack, although it is intended for enforcement of security policy rather than network policy. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netfilter/nf_conntrack_core.c')
-rw-r--r--net/netfilter/nf_conntrack_core.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index bc2bd4c3859e..cd299f4b7db1 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -990,6 +990,9 @@ init_conntrack(const struct nf_conntrack_tuple *tuple,
#ifdef CONFIG_NF_CONNTRACK_MARK
conntrack->mark = exp->master->mark;
#endif
+#ifdef CONFIG_NF_CONNTRACK_SECMARK
+ conntrack->secmark = exp->master->secmark;
+#endif
nf_conntrack_get(&conntrack->master->ct_general);
NF_CT_STAT_INC(expect_new);
} else
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-23 19:05:15 +0200