2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-25 21:54:06 +08:00
linux-next/include/linux/netfilter
Eric Paris 1cc63249ad conntrack: export lsm context rather than internal secid via netlink
The conntrack code can export the internal secid to userspace.  These are
dynamic, can change on lsm changes, and have no meaning in userspace.  We
should instead be sending lsm contexts to userspace instead.  This patch sends
the secctx (rather than secid) to userspace over the netlink socket.  We use a
new field CTA_SECCTX and stop using the the old CTA_SECMARK field since it did
not send particularly useful information.

Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: Paul Moore <paul.moore@hp.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: James Morris <jmorris@namei.org>
2010-10-21 10:12:51 +11:00
..
Kbuild include: replace unifdef-y with header-y 2010-08-14 22:26:51 +02:00
nf_conntrack_amanda.h
nf_conntrack_common.h netfilter: nf_conntrack: IPS_UNTRACKED bit 2010-06-08 16:09:52 +02:00
nf_conntrack_dccp.h
nf_conntrack_ftp.h net: cleanup include/linux 2009-11-04 09:50:58 -08:00
nf_conntrack_h323_asn1.h
nf_conntrack_h323_types.h
nf_conntrack_h323.h
nf_conntrack_irc.h
nf_conntrack_pptp.h
nf_conntrack_proto_gre.h
nf_conntrack_sane.h
nf_conntrack_sctp.h net: cleanup include/linux 2009-11-04 09:50:58 -08:00
nf_conntrack_sip.h netfilter: nf_conntrack_sip: add T.38 FAX support 2010-02-11 12:30:21 +01:00
nf_conntrack_tcp.h Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2009-12-03 13:23:12 -08:00
nf_conntrack_tftp.h
nf_conntrack_tuple_common.h netfilter: include/linux/netfilter/nf_conntrack_tuple_common.h: Checkpatch cleanup 2010-03-08 13:13:07 +01:00
nfnetlink_compat.h net: cleanup include/linux 2009-11-04 09:50:58 -08:00
nfnetlink_conntrack.h conntrack: export lsm context rather than internal secid via netlink 2010-10-21 10:12:51 +11:00
nfnetlink_log.h nfnetlink_log: do not expose NFULNL_COPY_DISABLED to user-space 2010-07-15 11:27:41 +02:00
nfnetlink_queue.h
nfnetlink.h netfilter: ctnetlink: fix reliable event delivery if message building fails 2010-03-20 14:29:03 -07:00
x_tables.h netfilter: xtables: stackptr should be percpu 2010-05-31 16:41:35 +02:00
xt_CHECKSUM.h netfilter: correct CHECKSUM header and export it 2010-07-16 14:08:20 +02:00
xt_CLASSIFY.h
xt_cluster.h
xt_comment.h
xt_connbytes.h net: cleanup include/linux 2009-11-04 09:50:58 -08:00
xt_connlimit.h
xt_connmark.h netfilter: xtables: merge xt_CONNMARK into xt_connmark 2010-03-17 15:48:36 +01:00
xt_CONNMARK.h netfilter: xtables: merge xt_CONNMARK into xt_connmark 2010-03-17 15:48:36 +01:00
xt_CONNSECMARK.h
xt_conntrack.h netfilter: xtables: remove xt_conntrack v0 2009-08-10 13:09:44 +02:00
xt_cpu.h netfilter: add xt_cpu match 2010-07-23 12:59:36 +02:00
xt_CT.h netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
xt_dccp.h
xt_dscp.h
xt_DSCP.h
xt_esp.h net: cleanup include/linux 2009-11-04 09:50:58 -08:00
xt_hashlimit.h
xt_helper.h
xt_IDLETIMER.h header: fix broken headers for user space 2010-08-22 21:15:39 -07:00
xt_iprange.h
xt_ipvs.h netfilter: fix userspace header warning 2010-08-18 23:34:26 -07:00
xt_LED.h
xt_length.h
xt_limit.h
xt_mac.h
xt_mark.h netfilter: xtables: merge xt_MARK into xt_mark 2010-03-17 15:48:36 +01:00
xt_MARK.h netfilter: xtables: merge xt_MARK into xt_mark 2010-03-17 15:48:36 +01:00
xt_multiport.h net: cleanup include/linux 2009-11-04 09:50:58 -08:00
xt_NFLOG.h
xt_NFQUEUE.h
xt_osf.h netfilter: headers_check fix: linux/netfilter/xt_osf.h 2009-06-29 14:28:27 +02:00
xt_owner.h
xt_physdev.h
xt_pkttype.h
xt_policy.h net: cleanup include/linux 2009-11-04 09:50:58 -08:00
xt_quota.h xt_quota: report initial quota value instead of current value to userspace 2010-07-23 14:07:47 +02:00
xt_rateest.h
xt_RATEEST.h
xt_realm.h
xt_recent.h netfilter: xt_recent: check for unsupported user space flags 2010-03-17 16:18:56 +01:00
xt_sctp.h
xt_SECMARK.h secmark: make secmark object handling generic 2010-10-21 10:12:48 +11:00
xt_socket.h
xt_state.h net: cleanup include/linux 2009-11-04 09:50:58 -08:00
xt_statistic.h
xt_string.h net: cleanup include/linux 2009-11-04 09:50:58 -08:00
xt_tcpmss.h
xt_TCPMSS.h
xt_TCPOPTSTRIP.h
xt_tcpudp.h net: cleanup include/linux 2009-11-04 09:50:58 -08:00
xt_TEE.h netfilter: xt_TEE: resolve oif using netdevice notifiers 2010-04-20 15:07:32 +02:00
xt_time.h
xt_TPROXY.h
xt_u32.h