summaryrefslogtreecommitdiff
path: root/net/netfilter/nf_conntrack_standalone.c
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2006-06-09 07:31:46 (GMT)
committerDavid S. Miller <davem@sunset.davemloft.net>2006-06-18 04:30:01 (GMT)
commit7c9728c393dceb724d66d696cfabce82151a78e5 (patch)
treeaf2b67ff7c579d669d01f28af33929f780b9c1b3 /net/netfilter/nf_conntrack_standalone.c
parent5e6874cdb8de94cd3c15d853a8ef9c6f4c305055 (diff)
downloadlinux-fsl-qoriq-7c9728c393dceb724d66d696cfabce82151a78e5.tar.xz
[SECMARK]: Add secmark support to conntrack
Add a secmark field to IP and NF conntracks, so that security markings on packets can be copied to their associated connections, and also copied back to packets as required. This is similar to the network mark field currently used with conntrack, although it is intended for enforcement of security policy rather than network policy. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netfilter/nf_conntrack_standalone.c')
-rw-r--r--net/netfilter/nf_conntrack_standalone.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index e01d20d..e34c574 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -213,6 +213,11 @@ static int ct_seq_show(struct seq_file *s, void *v)
return -ENOSPC;
#endif
+#ifdef CONFIG_NF_CONNTRACK_SECMARK
+ if (seq_printf(s, "secmark=%u ", conntrack->secmark))
+ return -ENOSPC;
+#endif
+
if (seq_printf(s, "use=%u\n", atomic_read(&conntrack->ct_general.use)))
return -ENOSPC;
generated by cgit v0.10.2 at 2024-07-21 15:43:06 (GMT)