aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorRoman Kubiak <r.kubiak@samsung.com>2015-06-12 12:32:57 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2015-06-18 13:02:24 +0200
commitef493bd930ae482c608c5999b40d79dda3f2a674 (patch)
treef411c73a50e8c3f8d46182f7b0710114152744aa /include
parentbpf: disallow bpf tc programs access current->pid,uid (diff)
downloadlinux-dev-ef493bd930ae482c608c5999b40d79dda3f2a674.tar.xz
linux-dev-ef493bd930ae482c608c5999b40d79dda3f2a674.zip
netfilter: nfnetlink_queue: add security context information
This patch adds an additional attribute when sending packet information via netlink in netfilter_queue module. It will send additional security context data, so that userspace applications can verify this context against their own security databases. Signed-off-by: Roman Kubiak <r.kubiak@samsung.com> Acked-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r--include/uapi/linux/netfilter/nfnetlink_queue.h4
1 files changed, 3 insertions, 1 deletions
diff --git a/include/uapi/linux/netfilter/nfnetlink_queue.h b/include/uapi/linux/netfilter/nfnetlink_queue.h
index 8dd819e2b5fe..b67a853638ff 100644
--- a/include/uapi/linux/netfilter/nfnetlink_queue.h
+++ b/include/uapi/linux/netfilter/nfnetlink_queue.h
@@ -49,6 +49,7 @@ enum nfqnl_attr_type {
NFQA_EXP, /* nf_conntrack_netlink.h */
NFQA_UID, /* __u32 sk uid */
NFQA_GID, /* __u32 sk gid */
+ NFQA_SECCTX, /* security context string */
__NFQA_MAX
};
@@ -102,7 +103,8 @@ enum nfqnl_attr_config {
#define NFQA_CFG_F_CONNTRACK (1 << 1)
#define NFQA_CFG_F_GSO (1 << 2)
#define NFQA_CFG_F_UID_GID (1 << 3)
-#define NFQA_CFG_F_MAX (1 << 4)
+#define NFQA_CFG_F_SECCTX (1 << 4)
+#define NFQA_CFG_F_MAX (1 << 5)
/* flags for NFQA_SKB_INFO */
/* packet appears to have wrong checksums, but they are ok */
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.