16 Oct, 2007
1 commit
-
With all the users of the double pointers removed, this patch mops up by
finally replacing all occurances of sk_buff ** in the netfilter API by
sk_buff *.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
11 Jul, 2007
2 commits
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Switch the return type of target checkentry functions to boolean.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
13 Feb, 2007
1 commit
-
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
09 Feb, 2007
1 commit
-
Remove unnecessary if() constructs before assignment.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
23 Sep, 2006
4 commits
-
Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller -
The size is verified by x_tables and isn't needed by the modules anymore.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
03 Aug, 2006
1 commit
-
The patch below fixes a problem in the iptables SECMARK target, where
the user-supplied 'selctx' string may not be nul-terminated.From initial analysis, it seems that the strlen() called from
selinux_string_to_sid() could run until it arbitrarily finds a zero,
and possibly cause a kernel oops before then.The impact of this appears limited because the operation requires
CAP_NET_ADMIN, which is essentially always root. Also, the module is
not yet in wide use.Signed-off-by: James Morris
Signed-off-by: Stephen Smalley
Signed-off-by: David S. Miller
18 Jun, 2006
1 commit
-
Add a SECMARK target to xtables, allowing the admin to apply security
marks to packets via both iptables and ip6tables.The target currently handles SELinux security marking, but can be
extended for other purposes as needed.Signed-off-by: James Morris
Signed-off-by: Andrew Morton
Signed-off-by: David S. Miller