q3k
/
linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux/net/ipv4/netfilter
History
James Morris 560ee653b6 netfilter: ip_tables: add iptables security table for mandatory access control rules 
The following patch implements a new "security" table for iptables, so
that MAC (SELinux etc.) networking rules can be managed separately to
standard DAC rules.

This is to help with distro integration of the new secmark-based
network controls, per various previous discussions.

The need for a separate table arises from the fact that existing tools
and usage of iptables will likely clash with centralized MAC policy
management.

The SECMARK and CONNSECMARK targets will still be valid in the mangle
table to prevent breakage of existing users.

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2008-06-09 15:57:24 -07:00
..
Kconfig netfilter: ip_tables: add iptables security table for mandatory access control rules 2008-06-09 15:57:24 -07:00
Makefile netfilter: ip_tables: add iptables security table for mandatory access control rules 2008-06-09 15:57:24 -07:00
arp_tables.c [NETFILTER]: {ip,ip6,arp}_tables: return EAGAIN for invalid SO_GET_ENTRIES size 2008-04-14 11:15:45 +02:00
arpt_mangle.c [NETFILTER]: remove arpt_(un)register_target indirection macros 2008-04-14 11:15:44 +02:00
arptable_filter.c [NETFILTER]: Explicitly initialize .priority in arptable_filter 2008-04-14 11:15:44 +02:00
ip_queue.c netfilter: {nfnetlink,ip,ip6}_queue: fix skb_over_panic when enlarging packets 2008-04-29 03:16:34 -07:00
ip_tables.c [NETFILTER]: {ip,ip6,arp}_tables: return EAGAIN for invalid SO_GET_ENTRIES size 2008-04-14 11:15:45 +02:00
ipt_CLUSTERIP.c netfilter: assign PDE->data before gluing PDE into /proc tree 2008-05-02 02:45:42 -07:00
ipt_ECN.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
ipt_LOG.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
ipt_MASQUERADE.c [NET] NETNS: Omit net_device->nd_net without CONFIG_NET_NS. 2008-03-26 04:39:53 +09:00
ipt_NETMAP.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
ipt_REDIRECT.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
ipt_REJECT.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
ipt_TTL.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
ipt_ULOG.c [NETNS]: Consolidate kernel netlink socket destruction. 2008-01-28 15:08:07 -08:00
ipt_addrtype.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
ipt_ah.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
ipt_ecn.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
ipt_recent.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
ipt_ttl.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
iptable_filter.c [NETFILTER]: Use non-deprecated __RW_LOCK_UNLOCKED macro 2008-04-14 09:56:03 +02:00
iptable_mangle.c [NETFILTER]: Use non-deprecated __RW_LOCK_UNLOCKED macro 2008-04-14 09:56:03 +02:00
iptable_raw.c [NETFILTER]: Use non-deprecated __RW_LOCK_UNLOCKED macro 2008-04-14 09:56:03 +02:00
iptable_security.c netfilter: ip_tables: add iptables security table for mandatory access control rules 2008-06-09 15:57:24 -07:00
nf_conntrack_l3proto_ipv4.c netfilter: nf_conntrack: padding breaks conntrack hash on ARM 2008-04-29 03:35:10 -07:00
nf_conntrack_l3proto_ipv4_compat.c [NETFILTER]: nf_conntrack: add tuplehash l3num/protonum accessors 2008-04-14 11:15:52 +02:00
nf_conntrack_proto_icmp.c [NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function call 2008-04-14 11:15:54 +02:00
nf_nat_amanda.c [NETFILTER]: remove unneeded rcu_dereference() calls 2007-11-07 04:08:23 -08:00
nf_nat_core.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.26 2008-04-14 03:50:43 -07:00
nf_nat_ftp.c [NETFILTER]: remove unneeded rcu_dereference() calls 2007-11-07 04:08:23 -08:00
nf_nat_h323.c [NETFILTER]: nf_conntrack_h323: constify and annotate H.323 helper 2008-01-31 19:28:07 -08:00
nf_nat_helper.c [NETFILTER]: nf_nat: kill helper and seq_adjust hooks 2008-04-14 11:15:52 +02:00
nf_nat_irc.c [NETFILTER]: remove unneeded rcu_dereference() calls 2007-11-07 04:08:23 -08:00
nf_nat_pptp.c [NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function call 2008-04-14 11:15:54 +02:00
nf_nat_proto_common.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_proto_dccp.c [NETFILTER]: nf_conntrack: const annotations in nf_conntrack_sctp, nf_nat_proto_gre 2008-04-14 11:15:54 +02:00
nf_nat_proto_gre.c [NETFILTER]: nf_conntrack: const annotations in nf_conntrack_sctp, nf_nat_proto_gre 2008-04-14 11:15:54 +02:00
nf_nat_proto_icmp.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_proto_sctp.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_proto_tcp.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_proto_udp.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_proto_udplite.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_proto_unknown.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_rule.c [NETFILTER]: nf_nat: don't add NAT extension for confirmed conntracks 2008-04-14 11:15:51 +02:00
nf_nat_sip.c [NETFILTER]: nf_conntrack_sip: update copyright 2008-03-25 20:27:05 -07:00
nf_nat_snmp_basic.c [NETFILTER]: annotate rest of nf_nat_* with const 2008-04-14 11:15:42 +02:00
nf_nat_standalone.c [NETFILTER]: nf_nat: kill helper and seq_adjust hooks 2008-04-14 11:15:52 +02:00
nf_nat_tftp.c [NETFILTER]: nf_{conntrack,nat}_tftp: annotate TFTP helper with const 2008-01-31 19:28:08 -08:00