summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2006-06-09 00:32:39 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2006-06-17 21:30:03 -0700
commit100468e9c05c10fb6872751c1af523b996d6afa9 (patch)
tree2ad0e988897a3636cbe5353a7624232c62b0968a /include
parent7c9728c393dceb724d66d696cfabce82151a78e5 (diff)
[SECMARK]: Add CONNSECMARK xtables target
Add a new xtables target, CONNSECMARK, which is used to specify rules for copying security marks from packets to connections, and for copyying security marks back from connections to packets. This is similar to the CONNMARK target, but is more limited in scope in that it only allows copying of security marks to and from packets, as this is all it needs to do. A typical scenario would be to apply a security mark to a 'new' packet with SECMARK, then copy that to its conntrack via CONNMARK, and then restore the security mark from the connection to established and related packets on that connection. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r--include/linux/netfilter/xt_CONNSECMARK.h13
1 files changed, 13 insertions, 0 deletions
diff --git a/include/linux/netfilter/xt_CONNSECMARK.h b/include/linux/netfilter/xt_CONNSECMARK.h
new file mode 100644
index 00000000000..c6bd75469ba
--- /dev/null
+++ b/include/linux/netfilter/xt_CONNSECMARK.h
@@ -0,0 +1,13 @@
+#ifndef _XT_CONNSECMARK_H_target
+#define _XT_CONNSECMARK_H_target
+
+enum {
+ CONNSECMARK_SAVE = 1,
+ CONNSECMARK_RESTORE,
+};
+
+struct xt_connsecmark_target_info {
+ u_int8_t mode;
+};
+
+#endif /*_XT_CONNSECMARK_H_target */