On Fri, Feb 13, 2009 at 7:16 PM, pat-lkml <pat-lkml@xxxxxxxxx> wrote: > Luis R. Rodriguez wrote: > >> Is there interest in a patch allowing you to >>> set something like FORCE=y on the CLI to override these patches? >> >> Do you have CONFIG_NET_DMA? >> If not do you have CONFIG_NETWORK_SECMARK? >> >> It'd be interesting to see what net core is doing due to the rape and >> it'd be even more interesting if we can determine the rape is allowed >> during certain circumstances, therefore allowing us to hack config.mk >> to allow for such atrocities to go on. > > Yes to CONFIG_NETWORK_SECMARK, No to CONFIG_NET_DMA. Then I take it you haven't yet used this feature: config NETWORK_SECMARK bool "Security Marking" help This enables security marking of network packets, similar to nfmark, but designated for security purposes. If you are unsure how to answer this question, answer N. Which you seem to be able to use if you enable and use: config NF_CONNTRACK_SECMARK bool 'Connection tracking security mark support' depends on NETWORK_SECMARK default m if NETFILTER_ADVANCED=n help This option enables security markings to be applied to connections. Typically they are copied to connections from packets using the CONNSECMARK target and copied back from connections to packets with the same target, with the packets being originally labeled via SECMARK. If unsure, say 'N'. or: config NETFILTER_XT_TARGET_SECMARK tristate '"SECMARK" target support' depends on NETWORK_SECMARK default m if NETFILTER_ADVANCED=n help The SECMARK target allows security marking of network packets, for use with security subsystems. To compile it as a module, choose M here. If unsure, say N. Not like I have any clue what the hell this is used for despite the explanation. Luis -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html