[SECMARK]: Add secmark support to core networking.

Add a secmark field to the skbuff structure, to allow security subsystems to place security markings on network packets. This is similar to the nfmark field, except is intended for implementing security policy, rather than than networking policy. This patch was already acked in principle by Dave Miller. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: James Morris <jmorris@namei.org> 2006-06-09 03:29:17 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-06-18 00:29:57 -0400
commit: 984bc16cc92ea3c247bf34ad667cfb95331b9d3c (patch)
tree: 2342638457f43980501179056f4ba1e4e3c2c1aa /net/core
parent: c749b29fae74ed59c507d84025b3298202b42609 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index fb3770f9c094..96cdcbe24ba2 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -464,7 +464,7 @@ struct sk_buff *skb_clone(struct sk_buff *skb, gfp_t gfp_mask)
        n->tc_verd = CLR_TC_MUNGED(n->tc_verd);
        C(input_dev);
 #endif
+        skb_copy_secmark(n, skb);
 #endif
        C(truesize);
        atomic_set(&n->users, 1);
@@ -526,6 +526,7 @@ static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
 #endif
        new->tc_index   = old->tc_index;
 #endif
+        skb_copy_secmark(new, old);
        atomic_set(&new->users, 1);
        skb_shinfo(new)->tso_size = skb_shinfo(old)->tso_size;
        skb_shinfo(new)->tso_segs = skb_shinfo(old)->tso_segs;
author	James Morris <jmorris@namei.org>	2006-06-09 03:29:17 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-06-18 00:29:57 -0400
commit	984bc16cc92ea3c247bf34ad667cfb95331b9d3c (patch)
tree	2342638457f43980501179056f4ba1e4e3c2c1aa /net/core
parent	c749b29fae74ed59c507d84025b3298202b42609 (diff)

diff --git a/net/core/skbuff.c b/net/core/skbuff.c index fb3770f9c094..96cdcbe24ba2 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c
@@ -464,7 +464,7 @@ struct sk_buff skb_clone(struct sk_buff skb, gfp_t gfp_mask)
464	n->tc_verd = CLR_TC_MUNGED(n->tc_verd);	464	n->tc_verd = CLR_TC_MUNGED(n->tc_verd);
465	C(input_dev);	465	C(input_dev);
466	#endif	466	#endif
467		467	skb_copy_secmark(n, skb);
468	#endif	468	#endif
469	C(truesize);	469	C(truesize);
470	atomic_set(&n->users, 1);	470	atomic_set(&n->users, 1);
@@ -526,6 +526,7 @@ static void copy_skb_header(struct sk_buff new, const struct sk_buff old)
526	#endif	526	#endif
527	new->tc_index = old->tc_index;	527	new->tc_index = old->tc_index;
528	#endif	528	#endif
		529	skb_copy_secmark(new, old);
529	atomic_set(&new->users, 1);	530	atomic_set(&new->users, 1);
530	skb_shinfo(new)->tso_size = skb_shinfo(old)->tso_size;	531	skb_shinfo(new)->tso_size = skb_shinfo(old)->tso_size;
531	skb_shinfo(new)->tso_segs = skb_shinfo(old)->tso_segs;	532	skb_shinfo(new)->tso_segs = skb_shinfo(old)->tso_segs;