On Fri, Feb 13, 2009 at 7:16 PM, pat-lkml <pat-lkml@xxxxxxxxx> wrote:
> Luis R. Rodriguez wrote:
> >> Is there interest in a patch allowing you to
>>> set something like FORCE=y on the CLI to override these patches?
>>
>> Do you have CONFIG_NET_DMA?
>> If not do you have CONFIG_NETWORK_SECMARK?
>>
>> It'd be interesting to see what net core is doing due to the rape and
>> it'd be even more interesting if we can determine the rape is allowed
>> during certain circumstances, therefore allowing us to hack config.mk
>> to allow for such atrocities to go on.
>
> Yes to CONFIG_NETWORK_SECMARK, No to CONFIG_NET_DMA.
Then I take it you haven't yet used this feature:
config NETWORK_SECMARK
bool "Security Marking"
help
This enables security marking of network packets, similar
to nfmark, but designated for security purposes.
If you are unsure how to answer this question, answer N.
Which you seem to be able to use if you enable and use:
config NF_CONNTRACK_SECMARK
bool 'Connection tracking security mark support'
depends on NETWORK_SECMARK
default m if NETFILTER_ADVANCED=n
help
This option enables security markings to be applied to
connections. Typically they are copied to connections from
packets using the CONNSECMARK target and copied back from
connections to packets with the same target, with the packets
being originally labeled via SECMARK.
If unsure, say 'N'.
or:
config NETFILTER_XT_TARGET_SECMARK
tristate '"SECMARK" target support'
depends on NETWORK_SECMARK
default m if NETFILTER_ADVANCED=n
help
The SECMARK target allows security marking of network
packets, for use with security subsystems.
To compile it as a module, choose M here. If unsure, say N.
Not like I have any clue what the hell this is used for despite the explanation.
Luis
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
