On Sun, Sep 23, 2018 at 08:26:15PM +0200, Christian Göttsche wrote: > Add the ability to set the security context of packets within the nf_tables framework. > Add a nft_object for holding security contexts in the kernel and manipulating packets on the wire. > > Convert the security context strings at rule addition time to security identifiers. > This is the same behavior like in xt_SECMARK and offers better performance than computing it per packet. > > Set the maximum security context length to 256. Applied, thanks Christian.
