1
linux/include/net
James Morris 560ee653b6 netfilter: ip_tables: add iptables security table for mandatory access control rules
The following patch implements a new "security" table for iptables, so
that MAC (SELinux etc.) networking rules can be managed separately to
standard DAC rules.

This is to help with distro integration of the new secmark-based
network controls, per various previous discussions.

The need for a separate table arises from the fact that existing tools
and usage of iptables will likely clash with centralized MAC policy
management.

The SECMARK and CONNSECMARK targets will still be valid in the mangle
table to prevent breakage of existing users.

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-09 15:57:24 -07:00
..
9p 9p: fix error path during early mount 2008-05-14 19:23:27 -05:00
bluetooth bluetooth: Make hci_sock_cleanup() return void 2008-03-05 18:47:03 -08:00
irda irda: Fix a misalign access issue. (v2) 2008-05-13 23:25:57 -07:00
iucv
netfilter netfilter: nf_conntrack: padding breaks conntrack hash on ARM 2008-04-29 03:35:10 -07:00
netns netfilter: ip_tables: add iptables security table for mandatory access control rules 2008-06-09 15:57:24 -07:00
sctp sctp: add sctp/remaddr table to complete RFC remote address table OID 2008-05-09 15:14:50 -07:00
tc_act
tipc tipc: Fix race condition when creating socket or native port 2008-05-12 15:42:28 -07:00
act_api.h
addrconf.h [IPV6]: Define constants for link-local multicast addresses. 2008-04-12 13:43:19 +09:00
af_rxrpc.h
af_unix.h
ah.h
arp.h
atmclip.h
ax25.h [AX25] ax25_ds_timer: use mod_timer instead of add_timer 2008-02-12 17:53:34 -08:00
ax88796.h
cfg80211.h nl80211/cfg80211: support for mesh, sta dumping 2008-03-06 15:30:41 -05:00
checksum.h
cipso_ipv4.h
compat.h net: Add compat support for getsockopt (MCAST_MSFILTER) 2008-04-29 03:23:22 -07:00
datalink.h
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h
dn.h
dsfield.h
dst.h [NET]: uninline dst_release 2008-03-27 17:53:31 -07:00
esp.h
fib_rules.h [NETNS]: Add netns refcnt debug to fib rules. 2008-04-16 02:01:56 -07:00
flow.h
gen_stats.h
genetlink.h
icmp.h [NETNS][ICMP]: Move ICMP sysctls on struct net. 2008-03-26 01:55:37 -07:00
ieee80211_crypt.h
ieee80211_radiotap.h
ieee80211.h remove ieee80211_wx_{get,set}_auth() 2008-05-07 15:02:14 -04:00
if_inet6.h [IPV6]: Reorg struct ifmcaddr6 to save some bytes 2008-02-03 04:28:54 -08:00
inet6_connection_sock.h
inet6_hashtables.h [SOCK] proto: Add hashinfo member to struct proto 2008-02-03 04:28:52 -08:00
inet_common.h [NETNS]: Inet control socket should not hold a namespace. 2008-04-03 14:28:30 -07:00
inet_connection_sock.h [INET]: Rename inet_csk_ctl_sock_create to inet_ctl_sock_create. 2008-04-03 14:22:32 -07:00
inet_ecn.h [IPV6]: Use appropriate sock tclass setting for routing lookup. 2008-04-13 23:40:51 -07:00
inet_frag.h [NET]: Rename inet_frag.h identifiers COMPLETE, FIRST_IN, LAST_IN to INET_FRAG_* 2008-03-28 16:35:27 -07:00
inet_hashtables.h [INET]: Uninline the __inet_inherit_port call. 2008-04-17 23:18:15 -07:00
inet_sock.h [IPV4,IPV6]: Share cork.rt between IPv4 and IPv6. 2008-03-25 10:23:59 +09:00
inet_timewait_sock.h [NETNS]: Compilation warnings under CONFIG_NET_NS. 2008-03-26 00:48:17 -07:00
inetpeer.h
ip6_checksum.h
ip6_fib.h [NETNS][IPV6] rt6_info - move rt6_info structure inside the namespace 2008-03-04 13:48:30 -08:00
ip6_route.h [IPV6]: Make address arguments const. 2008-04-12 13:43:18 +09:00
ip6_tunnel.h ip6tnl: Use on-device stats instead of private ones. 2008-05-21 14:17:05 -07:00
ip_fib.h [IPV4]: Fix compile error building without CONFIG_FS_PROC 2008-02-05 02:54:16 -08:00
ip_vs.h ipvs: fix oops in backup for fwmark conn templates 2008-04-29 03:21:23 -07:00
ip.h ip: Make use of the inline function dst_metric_locked() 2008-05-04 22:12:43 -07:00
ipcomp.h
ipconfig.h
ipip.h tunnels: Remove stat member from ip_tunnel struct. 2008-05-21 14:16:36 -07:00
ipv6.h IPv6 support for NFS server export caches 2008-04-23 16:13:36 -04:00
ipx.h
iw_handler.h
lapb.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h [LLC]: Kill static inline llc_addrany 2008-02-29 11:46:17 -08:00
llc_pdu.h [LLC]: skb allocation size for responses 2008-03-31 21:02:47 -07:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h [LLC]: skb allocation size for responses 2008-03-31 21:02:47 -07:00
llc.h [LLC]: station source mac address 2008-03-28 16:28:36 -07:00
mac80211.h Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2008-05-25 23:26:10 -07:00
mip6.h [IPV6] MIP6: Use our standard definitions for paddings. 2008-04-12 13:43:22 +09:00
ndisc.h ndisc: Add missing strategies for per-device retrans timer/reachable time settings. 2008-05-19 16:25:42 -07:00
neighbour.h Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-03-27 18:48:56 -07:00
net_namespace.h netns: Introduce sysctl root for read-only net sysctls. 2008-05-19 13:45:33 -07:00
netdma.h
netevent.h
netlabel.h Audit: collect sessionid in netlink messages 2008-04-28 06:18:03 -04:00
netlink.h netlink: Fix nla_parse_nested_compat() to call nla_parse() directly 2008-05-22 10:48:59 -07:00
netrom.h
nexthop.h
p8022.h
pkt_cls.h [PKT_SCHED]: Pass real namespace in net scheduler classifiers. 2008-03-27 16:53:37 -07:00
pkt_sched.h
protocol.h [NETNS]: Drop packets in the non-initial namespace on the per/protocol basis. 2008-03-24 15:33:00 -07:00
psnap.h
raw.h [RAW]: Add raw_hashinfo member on struct proto. 2008-03-22 16:56:51 -07:00
rawv6.h
red.h
request_sock.h [Syncookies]: Add support for TCP options via timestamps. 2008-04-10 03:12:40 -07:00
rose.h
route.h ipv4: Update MTU to all related cache entries in ip_rt_frag_needed() 2008-04-29 03:32:25 -07:00
rtnetlink.h [RTNL]: Introduce the rtnl_kill_links helper. 2008-04-16 00:46:52 -07:00
sch_generic.h
scm.h
slhc_vj.h
snmp.h
sock.h [NETNS]: Add netns refcnt debug for kernel sockets. 2008-04-16 01:59:46 -07:00
syncppp.h syncppp: Fix crashes. 2008-05-12 03:29:11 -07:00
tcp_states.h
tcp.h [TCP]: Increase the max_burst threshold from 3 to tp->reordering. 2008-04-16 02:29:56 -07:00
timewait_sock.h
transp_v6.h [UDP]: Revert udplite and code split. 2008-03-06 16:22:02 -08:00
udp.h [SOCK][NETNS]: Add a struct net argument to sock_prot_inuse_add and _get. 2008-03-31 19:41:46 -07:00
udplite.h [UDP]: Revert udplite and code split. 2008-03-06 16:22:02 -08:00
wext.h
wireless.h cfg80211: don't export ieee80211_get_channel 2008-03-27 16:03:20 -04:00
x25.h
x25device.h
xfrm.h xfrm: convert empty xfrm_audit_* macros to functions 2008-05-03 21:03:01 -07:00