[PATCH v3 1/2] netfilter: nf_tables: add SECMARK support
Pablo Neira Ayuso
pablo at netfilter.org
Fri Sep 28 09:01:11 UTC 2018
On Sun, Sep 23, 2018 at 08:26:15PM +0200, Christian Göttsche wrote:
> Add the ability to set the security context of packets within the nf_tables framework.
> Add a nft_object for holding security contexts in the kernel and manipulating packets on the wire.
>
> Convert the security context strings at rule addition time to security identifiers.
> This is the same behavior like in xt_SECMARK and offers better performance than computing it per packet.
>
> Set the maximum security context length to 256.
Applied, thanks Christian.
More information about the Linux-security-module-archive
mailing list