[SECMARK]: Add secmark support to core networking.

Add a secmark field to the skbuff structure, to allow security subsystems to place security markings on network packets. This is similar to the nfmark field, except is intended for implementing security policy, rather than than networking policy. This patch was already acked in principle by Dave Miller. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: James Morris <jmorris@namei.org> 2006-06-09 00:29:17 -0700
committer: David S. Miller <davem@sunset.davemloft.net> 2006-06-17 21:29:57 -0700
commit: 984bc16cc92ea3c247bf34ad667cfb95331b9d3c (patch)
tree: 2342638457f43980501179056f4ba1e4e3c2c1aa /net/ipv4/netfilter/ipt_REJECT.c
parent: c749b29fae74ed59c507d84025b3298202b42609 (diff)
download: linux-984bc16cc92ea3c247bf34ad667cfb95331b9d3c.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index 0bba3c2bb786b8..431a3ce6f7b74b 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -147,6 +147,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
 	/* This packet will not be the same as the other: clear nf fields */
 	nf_reset(nskb);
 	nskb->nfmark = 0;
+	skb_init_secmark(nskb);
 
 	tcph = (struct tcphdr *)((u_int32_t*)nskb->nh.iph + nskb->nh.iph->ihl);
author	James Morris <jmorris@namei.org>	2006-06-09 00:29:17 -0700
committer	David S. Miller <davem@sunset.davemloft.net>	2006-06-17 21:29:57 -0700
commit	984bc16cc92ea3c247bf34ad667cfb95331b9d3c (patch)
tree	2342638457f43980501179056f4ba1e4e3c2c1aa /net/ipv4/netfilter/ipt_REJECT.c
parent	c749b29fae74ed59c507d84025b3298202b42609 (diff)
download	linux-984bc16cc92ea3c247bf34ad667cfb95331b9d3c.tar.gz