|author||James Morris <firstname.lastname@example.org>||2006-06-09 00:29:17 -0700|
|committer||David S. Miller <email@example.com>||2006-06-17 21:29:57 -0700|
[SECMARK]: Add secmark support to core networking.
Add a secmark field to the skbuff structure, to allow security subsystems to place security markings on network packets. This is similar to the nfmark field, except is intended for implementing security policy, rather than than networking policy. This patch was already acked in principle by Dave Miller. Signed-off-by: James Morris <firstname.lastname@example.org> Signed-off-by: Andrew Morton <email@example.com> Signed-off-by: David S. Miller <firstname.lastname@example.org>
Diffstat (limited to 'net/Kconfig')
1 files changed, 7 insertions, 0 deletions
diff --git a/net/Kconfig b/net/Kconfig
index ccadc8e4815..c6cec5aa548 100644
@@ -66,6 +66,13 @@ source "net/ipv6/Kconfig"
endif # if INET
+ bool "Security Marking"
+ This enables security marking of network packets, similar
+ to nfmark, but designated for security purposes.
+ If you are unsure how to answer this question, answer N.
bool "Network packet filtering (replaces ipchains)"