netfilter: nfnetlink_queue: add security context information
This patch adds an additional attribute when sending packet information via netlink in netfilter_queue module. It will send additional security context data, so that userspace applications can verify this context against their own security databases. Signed-off-by: Roman Kubiak <r.kubiak@samsung.com> Acked-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Roman Kubiak
Pablo Neira Ayuso
parent
89d256bb69
commit
ef493bd930
2 changed files with 37 additions and 2 deletions
|
|
@ -49,6 +49,7 @@ enum nfqnl_attr_type {
|
|||
NFQA_EXP, /* nf_conntrack_netlink.h */
|
||||
NFQA_UID, /* __u32 sk uid */
|
||||
NFQA_GID, /* __u32 sk gid */
|
||||
NFQA_SECCTX, /* security context string */
|
||||
|
||||
__NFQA_MAX
|
||||
};
|
||||
|
|
@ -102,7 +103,8 @@ enum nfqnl_attr_config {
|
|||
#define NFQA_CFG_F_CONNTRACK (1 << 1)
|
||||
#define NFQA_CFG_F_GSO (1 << 2)
|
||||
#define NFQA_CFG_F_UID_GID (1 << 3)
|
||||
#define NFQA_CFG_F_MAX (1 << 4)
|
||||
#define NFQA_CFG_F_SECCTX (1 << 4)
|
||||
#define NFQA_CFG_F_MAX (1 << 5)
|
||||
|
||||
/* flags for NFQA_SKB_INFO */
|
||||
/* packet appears to have wrong checksums, but they are ok */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue