[PATCH v3 1/2] netfilter: nf_tables: add SECMARK support

Pablo Neira Ayuso pablo at netfilter.org
Fri Sep 28 09:01:11 UTC 2018


On Sun, Sep 23, 2018 at 08:26:15PM +0200, Christian Göttsche wrote:
> Add the ability to set the security context of packets within the nf_tables framework.
> Add a nft_object for holding security contexts in the kernel and manipulating packets on the wire.
> 
> Convert the security context strings at rule addition time to security identifiers.
> This is the same behavior like in xt_SECMARK and offers better performance than computing it per packet.
> 
> Set the maximum security context length to 256.

Applied, thanks Christian.



More information about the Linux-security-module-archive mailing list