[SECMARK]: Add xtables SECMARK target
Add a SECMARK target to xtables, allowing the admin to apply security marks to packets via both iptables and ip6tables. The target currently handles SELinux security marking, but can be extended for other purposes as needed. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
James Morris
David S. Miller
parent
984bc16cc9
commit
5e6874cdb8
4 changed files with 192 additions and 0 deletions
26
include/linux/netfilter/xt_SECMARK.h
Normal file
26
include/linux/netfilter/xt_SECMARK.h
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
#ifndef _XT_SECMARK_H_target
|
||||
#define _XT_SECMARK_H_target
|
||||
|
||||
/*
|
||||
* This is intended for use by various security subsystems (but not
|
||||
* at the same time).
|
||||
*
|
||||
* 'mode' refers to the specific security subsystem which the
|
||||
* packets are being marked for.
|
||||
*/
|
||||
#define SECMARK_MODE_SEL 0x01 /* SELinux */
|
||||
#define SECMARK_SELCTX_MAX 256
|
||||
|
||||
struct xt_secmark_target_selinux_info {
|
||||
u_int32_t selsid;
|
||||
char selctx[SECMARK_SELCTX_MAX];
|
||||
};
|
||||
|
||||
struct xt_secmark_target_info {
|
||||
u_int8_t mode;
|
||||
union {
|
||||
struct xt_secmark_target_selinux_info sel;
|
||||
} u;
|
||||
};
|
||||
|
||||
#endif /*_XT_SECMARK_H_target */
|
||||
Loading…
Add table
Add a link
Reference in a new issue