From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Roman Kubiak <r.kubiak@samsung.com>
Cc: "Florian Westphal" <fw@strlen.de>,
netfilter-devel@vger.kernel.org,
"Rafał Krypa" <r.krypa@samsung.com>
Subject: Re: [PATCH] libmnl: security context retrieval in nf-queue example
Date: Tue, 30 Jun 2015 17:33:03 +0200 [thread overview]
Message-ID: <20150630153303.GA5925@salvia> (raw)
In-Reply-To: <55804B77.1030207@samsung.com>
On Tue, Jun 16, 2015 at 06:14:47PM +0200, Roman Kubiak wrote:
> Below is a complete libnetfilter_queue patch:
>
>
> [PATCH] libnetfilter_queue: add security context information
>
> This commit adds security context information structures
> and functions.
>
> This will allow userspace to find the security context of each
> packet (if it exists) and make decisions based on that.
> It should work for SELinux and SMACK.
Applied with minor glitch. Thanks.
> @@ -76,7 +80,7 @@ static int cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
> {
> uint32_t id = print_pkt(nfa);
> printf("entering callback\n");
> - return nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
> + return nfq_set_verdict2(qh, id, NF_ACCEPT, 0x3, 0, NULL);
I have kept back this chunk to set the packet mark to 3. It doesn't
belong here.
next prev parent reply other threads:[~2015-06-30 15:27 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-25 10:16 [PATCH] Security context information added to netfilter_queue Roman Kubiak
2015-05-25 10:48 ` Florian Westphal
2015-05-25 13:13 ` Pablo Neira Ayuso
2015-05-25 16:09 ` [PATCH v2] nfnetlink_queue: add security context information Roman Kubiak
2015-05-25 20:52 ` Florian Westphal
2015-05-26 12:29 ` Roman Kubiak
2015-05-26 13:06 ` Florian Westphal
2015-05-27 11:04 ` [PATCH v3] " Roman Kubiak
2015-05-27 11:12 ` Roman Kubiak
2015-05-27 12:49 ` Pablo Neira Ayuso
2015-06-10 15:20 ` Roman Kubiak
2015-06-10 16:05 ` Florian Westphal
2015-06-11 12:56 ` Roman Kubiak
2015-06-11 23:37 ` Florian Westphal
2015-06-12 10:32 ` Roman Kubiak
2015-06-12 10:42 ` Florian Westphal
2015-06-12 13:02 ` [PATCH v3] nfnetlink_queue: add security context informationg Pablo Neira Ayuso
2015-06-16 12:25 ` [PATCH] libmnl: security context retrieval in nf-queue example Roman Kubiak
2015-06-16 12:37 ` Pablo Neira Ayuso
2015-06-16 12:58 ` Roman Kubiak
2015-06-16 15:25 ` Pablo Neira Ayuso
2015-06-16 16:14 ` Roman Kubiak
2015-06-30 15:33 ` Pablo Neira Ayuso [this message]
2015-06-18 19:02 ` [PATCH v3] nfnetlink_queue: add security context information Pablo Neira Ayuso
2015-05-27 11:48 ` Florian Westphal
2015-05-28 16:11 ` Roman Kubiak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150630153303.GA5925@salvia \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=r.krypa@samsung.com \
--cc=r.kubiak@samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).