linux_dsm_epyc7002/include/net
James Morris 560ee653b6 netfilter: ip_tables: add iptables security table for mandatory access control rules
The following patch implements a new "security" table for iptables, so
that MAC (SELinux etc.) networking rules can be managed separately to
standard DAC rules.

This is to help with distro integration of the new secmark-based
network controls, per various previous discussions.

The need for a separate table arises from the fact that existing tools
and usage of iptables will likely clash with centralized MAC policy
management.

The SECMARK and CONNSECMARK targets will still be valid in the mangle
table to prevent breakage of existing users.

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-09 15:57:24 -07:00
..
9p 9p: fix error path during early mount 2008-05-14 19:23:27 -05:00
bluetooth bluetooth: Make hci_sock_cleanup() return void 2008-03-05 18:47:03 -08:00
irda irda: Fix a misalign access issue. (v2) 2008-05-13 23:25:57 -07:00
iucv [AF_IUCV]: postpone receival of iucv-packets 2007-10-10 16:54:51 -07:00
netfilter netfilter: nf_conntrack: padding breaks conntrack hash on ARM 2008-04-29 03:35:10 -07:00
netns netfilter: ip_tables: add iptables security table for mandatory access control rules 2008-06-09 15:57:24 -07:00
sctp sctp: add sctp/remaddr table to complete RFC remote address table OID 2008-05-09 15:14:50 -07:00
tc_act [PKT_SCHED]: Add stateless NAT 2007-10-10 16:53:11 -07:00
tipc tipc: Fix race condition when creating socket or native port 2008-05-12 15:42:28 -07:00
act_api.h [NET_SCHED]: act_api: use PTR_ERR in tcf_action_init/tcf_action_get 2008-01-28 15:11:17 -08:00
addrconf.h [IPV6]: Define constants for link-local multicast addresses. 2008-04-12 13:43:19 +09:00
af_rxrpc.h
af_unix.h [AF_UNIX]: Remove unused declaration of sysctl_unix_max_dgram_qlen. 2008-01-28 14:57:13 -08:00
ah.h [IPSEC]: Get rid of ipv6_{auth,esp,comp}_hdr 2007-10-10 16:55:55 -07:00
arp.h [NETFILTER]: ebtables: remove casts, use consts 2008-01-31 19:27:33 -08:00
atmclip.h
ax25.h [AX25] ax25_ds_timer: use mod_timer instead of add_timer 2008-02-12 17:53:34 -08:00
ax88796.h ax88796: add 93cx6 eeprom support 2007-10-10 16:53:56 -07:00
cfg80211.h nl80211/cfg80211: support for mesh, sta dumping 2008-03-06 15:30:41 -05:00
checksum.h [NET]: Move netfilter checksum helpers to net/core/utils.c 2008-01-28 14:55:14 -08:00
cipso_ipv4.h [NetLabel]: consolidate the struct socket/sock handling to just struct sock 2007-06-08 13:33:09 -07:00
compat.h net: Add compat support for getsockopt (MCAST_MSFILTER) 2008-04-29 03:23:22 -07:00
datalink.h
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h [NET]: Wrap netdevice hardware header creation. 2007-10-10 16:52:50 -07:00
dn.h [DECNET]: Another unnecessary net/tcp.h inclusion in net/dn.h 2007-07-10 23:02:12 -07:00
dsfield.h [NET]: Constify include/net/dsfield.h 2008-01-28 14:55:58 -08:00
dst.h [NET]: uninline dst_release 2008-03-27 17:53:31 -07:00
esp.h [IPSEC]: Use crypto_aead and authenc in ESP 2008-01-31 19:27:02 -08:00
fib_rules.h [NETNS]: Add netns refcnt debug to fib rules. 2008-04-16 02:01:56 -07:00
flow.h [IPV4]: Remove unused multipath cached routing defintion in net/flow.h 2008-01-28 15:00:20 -08:00
gen_stats.h [NET_SCHED]: Convert packet schedulers from rtnetlink to new netlink API 2008-01-28 15:11:10 -08:00
genetlink.h [GENETLINK]: Dynamic multicast groups. 2007-07-18 15:47:52 -07:00
icmp.h [NETNS][ICMP]: Move ICMP sysctls on struct net. 2008-03-26 01:55:37 -07:00
ieee80211_crypt.h
ieee80211_radiotap.h [MAC80211]: Add get_unaligned to ieee80211_get_radiotap_len 2007-10-10 16:47:40 -07:00
ieee80211.h remove ieee80211_wx_{get,set}_auth() 2008-05-07 15:02:14 -04:00
if_inet6.h [IPV6]: Reorg struct ifmcaddr6 to save some bytes 2008-02-03 04:28:54 -08:00
inet6_connection_sock.h
inet6_hashtables.h [SOCK] proto: Add hashinfo member to struct proto 2008-02-03 04:28:52 -08:00
inet_common.h [NETNS]: Inet control socket should not hold a namespace. 2008-04-03 14:28:30 -07:00
inet_connection_sock.h [INET]: Rename inet_csk_ctl_sock_create to inet_ctl_sock_create. 2008-04-03 14:22:32 -07:00
inet_ecn.h [IPV6]: Use appropriate sock tclass setting for routing lookup. 2008-04-13 23:40:51 -07:00
inet_frag.h [NET]: Rename inet_frag.h identifiers COMPLETE, FIRST_IN, LAST_IN to INET_FRAG_* 2008-03-28 16:35:27 -07:00
inet_hashtables.h [INET]: Uninline the __inet_inherit_port call. 2008-04-17 23:18:15 -07:00
inet_sock.h [IPV4,IPV6]: Share cork.rt between IPv4 and IPv6. 2008-03-25 10:23:59 +09:00
inet_timewait_sock.h [NETNS]: Compilation warnings under CONFIG_NET_NS. 2008-03-26 00:48:17 -07:00
inetpeer.h [INET]: Use list_head-s in inetpeer.c 2007-11-12 21:27:28 -08:00
ip6_checksum.h
ip6_fib.h [NETNS][IPV6] rt6_info - move rt6_info structure inside the namespace 2008-03-04 13:48:30 -08:00
ip6_route.h [IPV6]: Make address arguments const. 2008-04-12 13:43:18 +09:00
ip6_tunnel.h ip6tnl: Use on-device stats instead of private ones. 2008-05-21 14:17:05 -07:00
ip_fib.h [IPV4]: Fix compile error building without CONFIG_FS_PROC 2008-02-05 02:54:16 -08:00
ip_vs.h ipvs: fix oops in backup for fwmark conn templates 2008-04-29 03:21:23 -07:00
ip.h ip: Make use of the inline function dst_metric_locked() 2008-05-04 22:12:43 -07:00
ipcomp.h [IPSEC]: Get rid of ipv6_{auth,esp,comp}_hdr 2007-10-10 16:55:55 -07:00
ipconfig.h
ipip.h tunnels: Remove stat member from ip_tunnel struct. 2008-05-21 14:16:36 -07:00
ipv6.h IPv6 support for NFS server export caches 2008-04-23 16:13:36 -04:00
ipx.h
iw_handler.h [NL80211]: add netlink interface to cfg80211 2007-10-10 16:52:14 -07:00
lapb.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h [NET]: Make socket creation namespace safe. 2007-10-10 16:49:07 -07:00
llc_if.h [LLC]: Kill static inline llc_addrany 2008-02-29 11:46:17 -08:00
llc_pdu.h [LLC]: skb allocation size for responses 2008-03-31 21:02:47 -07:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h [LLC]: skb allocation size for responses 2008-03-31 21:02:47 -07:00
llc.h [LLC]: station source mac address 2008-03-28 16:28:36 -07:00
mac80211.h Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2008-05-25 23:26:10 -07:00
mip6.h [IPV6] MIP6: Use our standard definitions for paddings. 2008-04-12 13:43:22 +09:00
ndisc.h ndisc: Add missing strategies for per-device retrans timer/reachable time settings. 2008-05-19 16:25:42 -07:00
neighbour.h Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-03-27 18:48:56 -07:00
net_namespace.h netns: Introduce sysctl root for read-only net sysctls. 2008-05-19 13:45:33 -07:00
netdma.h
netevent.h [NET]: Remove unnecessary inclusion of dst.h 2008-01-28 14:53:38 -08:00
netlabel.h Audit: collect sessionid in netlink messages 2008-04-28 06:18:03 -04:00
netlink.h netlink: Fix nla_parse_nested_compat() to call nla_parse() directly 2008-05-22 10:48:59 -07:00
netrom.h
nexthop.h
p8022.h
pkt_cls.h [PKT_SCHED]: Pass real namespace in net scheduler classifiers. 2008-03-27 16:53:37 -07:00
pkt_sched.h [NET_SCHED]: Convert packet schedulers from rtnetlink to new netlink API 2008-01-28 15:11:10 -08:00
protocol.h [NETNS]: Drop packets in the non-initial namespace on the per/protocol basis. 2008-03-24 15:33:00 -07:00
psnap.h
raw.h [RAW]: Add raw_hashinfo member on struct proto. 2008-03-22 16:56:51 -07:00
rawv6.h [IPv6] RAW: Compact the API for the kernel 2008-01-28 14:54:29 -08:00
red.h
request_sock.h [Syncookies]: Add support for TCP options via timestamps. 2008-04-10 03:12:40 -07:00
rose.h [ROSE]: Fix rose.ko oops on unload 2007-10-07 23:44:17 -07:00
route.h ipv4: Update MTU to all related cache entries in ip_rt_frag_needed() 2008-04-29 03:32:25 -07:00
rtnetlink.h [RTNL]: Introduce the rtnl_kill_links helper. 2008-04-16 00:46:52 -07:00
sch_generic.h [NET_SCHED]: Convert classifiers from rtnetlink to new netlink API 2008-01-28 15:11:11 -08:00
scm.h pid namespaces: changes to show virtual ids to user 2007-10-19 11:53:40 -07:00
slhc_vj.h
snmp.h [XFRM]: Define packet dropping statistics. 2008-01-28 14:59:38 -08:00
sock.h [NETNS]: Add netns refcnt debug for kernel sockets. 2008-04-16 01:59:46 -07:00
syncppp.h syncppp: Fix crashes. 2008-05-12 03:29:11 -07:00
tcp_states.h
tcp.h [TCP]: Increase the max_burst threshold from 3 to tp->reordering. 2008-04-16 02:29:56 -07:00
timewait_sock.h
transp_v6.h [UDP]: Revert udplite and code split. 2008-03-06 16:22:02 -08:00
udp.h [SOCK][NETNS]: Add a struct net argument to sock_prot_inuse_add and _get. 2008-03-31 19:41:46 -07:00
udplite.h [UDP]: Revert udplite and code split. 2008-03-06 16:22:02 -08:00
wext.h [NET]: Make the device list and device lookups per namespace. 2007-10-10 16:49:10 -07:00
wireless.h cfg80211: don't export ieee80211_get_channel 2008-03-27 16:03:20 -04:00
x25.h
x25device.h
xfrm.h xfrm: convert empty xfrm_audit_* macros to functions 2008-05-03 21:03:01 -07:00