5e6874cdb8
Add a SECMARK target to xtables, allowing the admin to apply security marks to packets via both iptables and ip6tables. The target currently handles SELinux security marking, but can be extended for other purposes as needed. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
27 lines
573 B
C
27 lines
573 B
C
#ifndef _XT_SECMARK_H_target
|
|
#define _XT_SECMARK_H_target
|
|
|
|
/*
|
|
* This is intended for use by various security subsystems (but not
|
|
* at the same time).
|
|
*
|
|
* 'mode' refers to the specific security subsystem which the
|
|
* packets are being marked for.
|
|
*/
|
|
#define SECMARK_MODE_SEL 0x01 /* SELinux */
|
|
#define SECMARK_SELCTX_MAX 256
|
|
|
|
struct xt_secmark_target_selinux_info {
|
|
u_int32_t selsid;
|
|
char selctx[SECMARK_SELCTX_MAX];
|
|
};
|
|
|
|
struct xt_secmark_target_info {
|
|
u_int8_t mode;
|
|
union {
|
|
struct xt_secmark_target_selinux_info sel;
|
|
} u;
|
|
};
|
|
|
|
#endif /*_XT_SECMARK_H_target */
|