Searched refs:secmark (Results 1 – 16 of 16) sorted by relevance
| /linux-4.4.14/net/netfilter/ |
| D | xt_CONNSECMARK.c | 38 if (skb->secmark) { in secmark_save()
43 if (ct && !ct->secmark) { in secmark_save()
44 ct->secmark = skb->secmark; in secmark_save()
56 if (!skb->secmark) { in secmark_restore()
61 if (ct && ct->secmark) in secmark_restore()
62 skb->secmark = ct->secmark; in secmark_restore()
|
| D | xt_SECMARK.c | 35 u32 secmark = 0; in secmark_tg() local
42 secmark = info->secid; in secmark_tg()
48 skb->secmark = secmark; in secmark_tg()
|
| D | xt_AUDIT.c | 171 if (skb->secmark) in audit_tg()
172 audit_log_secctx(ab, skb->secmark); in audit_tg()
|
| D | nft_meta.c | 132 *dest = skb->secmark; in nft_meta_get_eval()
|
| D | nft_ct.c | 80 *dest = ct->secmark; in nft_ct_get_eval()
|
| D | nf_conntrack_standalone.c | 129 ret = security_secid_to_secctx(ct->secmark, &secctx, &len); in ct_show_secctx()
|
| D | nfnetlink_queue.c | 290 if (skb->secmark) in nfqnl_get_sk_secctx()
291 security_secid_to_secctx(skb->secmark, secdata, &seclen); in nfqnl_get_sk_secctx()
|
| D | nf_conntrack_netlink.c | 325 ret = security_secid_to_secctx(ct->secmark, &secctx, &len); in ctnetlink_dump_secctx()
576 ret = security_secid_to_secctx(ct->secmark, NULL, &len); in ctnetlink_secctx_size()
731 if ((events & (1 << IPCT_SECMARK) || ct->secmark) in ctnetlink_conntrack_event()
2225 if (ct->secmark && ctnetlink_dump_secctx(skb, ct) < 0) in __ctnetlink_glue_build()
|
| D | nf_conntrack_core.c | 992 ct->secmark = exp->master->secmark; in init_conntrack()
|
| /linux-4.4.14/security/smack/ |
| D | smack_netfilter.c | 36 skb->secmark = skp->smk_secid; in smack_ipv6_output()
54 skb->secmark = skp->smk_secid; in smack_ipv4_output()
|
| D | smack_lsm.c | 3942 if (skb && skb->secmark != 0) { in smack_socket_sock_rcv_skb()
3943 skp = smack_from_secid(skb->secmark); in smack_socket_sock_rcv_skb()
3987 if (skb && skb->secmark != 0) in smack_socket_sock_rcv_skb()
3988 skp = smack_from_secid(skb->secmark); in smack_socket_sock_rcv_skb()
4086 s = skb->secmark; in smack_socket_getpeersec_dgram()
4105 s = skb->secmark; in smack_socket_getpeersec_dgram()
4183 if (skb && skb->secmark != 0) { in smack_inet_conn_request()
4184 skp = smack_from_secid(skb->secmark); in smack_inet_conn_request()
|
| /linux-4.4.14/include/net/netfilter/ |
| D | nf_conntrack.h | 111 u_int32_t secmark; member
|
| /linux-4.4.14/net/ipv4/netfilter/ |
| D | nf_conntrack_l3proto_ipv4_compat.c | 103 ret = security_secid_to_secctx(ct->secmark, &secctx, &len); in ct_show_secctx()
|
| /linux-4.4.14/include/linux/ |
| D | skbuff.h | 674 __u32 secmark; member
3413 to->secmark = from->secmark; in skb_copy_secmark()
3418 skb->secmark = 0; in skb_init_secmark()
|
| /linux-4.4.14/security/selinux/ |
| D | hooks.c | 4414 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET, in selinux_sock_rcv_skb_compat()
4488 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET, in selinux_socket_sock_rcv_skb()
4852 if (avc_has_perm(peer_sid, skb->secmark, in selinux_ip_forward()
4955 if (avc_has_perm(sksec->sid, skb->secmark, in selinux_ip_postroute_compat()
5078 if (avc_has_perm(peer_sid, skb->secmark, in selinux_ip_postroute()
|
| /linux-4.4.14/net/core/ |
| D | skbuff.c | 795 CHECK_SKB_FIELD(secmark); in __copy_skb_header()
|