Add the ability to set the security context of packets within the nf_tables
framework.
Add a nft_object for holding security contexts in the kernel and manipulating
packets on the wire.
Convert the security context strings at rule addition time to security
identifiers.
This is the same behavior
Christian Göttsche wrote:
> Add the ability to set the security context of packets within the nf_tables
> framework.
> Add a nft_object for holding security contexts in the kernel and manipulating
> packets on the wire.
>
> Convert the security context strings at rule addition time to security
Christian Göttsche wrote:
> > Can you change this to:
> >
> > struct nft_secmark {
> > u32 secid;
> > char *ctx;
> > };
>
> Does the nla_policy struct needs an update too? (regarding then .len member)
>
> +static const struct nla_policy nft_secmark_policy[NFTA_SECMARK_MAX + 1] =
> > +struct nft_secmark {
> > + char ctx[NFT_SECMARK_CTX_MAXLEN];
> > + int len;
> > + u32 secid;
> > +};
>
> Can you change this to:
>
> struct nft_secmark {
> u32 secid;
> char *ctx;
> };
Does the nla_policy struct needs an update too? (regarding then .len member)
+s
