summaryrefslogtreecommitdiff
path: root/net/Kconfig
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2006-06-09 00:29:17 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2006-06-17 21:29:57 -0700
commit984bc16cc92ea3c247bf34ad667cfb95331b9d3c (patch)
tree2342638457f43980501179056f4ba1e4e3c2c1aa /net/Kconfig
parentc749b29fae74ed59c507d84025b3298202b42609 (diff)
downloadlwn-984bc16cc92ea3c247bf34ad667cfb95331b9d3c.tar.gz
lwn-984bc16cc92ea3c247bf34ad667cfb95331b9d3c.zip
[SECMARK]: Add secmark support to core networking.
Add a secmark field to the skbuff structure, to allow security subsystems to place security markings on network packets. This is similar to the nfmark field, except is intended for implementing security policy, rather than than networking policy. This patch was already acked in principle by Dave Miller. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/Kconfig')
-rw-r--r--net/Kconfig7
1 files changed, 7 insertions, 0 deletions
diff --git a/net/Kconfig b/net/Kconfig
index ccadc8e48152..c6cec5aa5486 100644
--- a/net/Kconfig
+++ b/net/Kconfig
@@ -66,6 +66,13 @@ source "net/ipv6/Kconfig"
endif # if INET
+config NETWORK_SECMARK
+ bool "Security Marking"
+ help
+ This enables security marking of network packets, similar
+ to nfmark, but designated for security purposes.
+ If you are unsure how to answer this question, answer N.
+
menuconfig NETFILTER
bool "Network packet filtering (replaces ipchains)"
---help---