| /Linux-v5.4/net/netfilter/ |
| D | xt_CONNSECMARK.c | 34 if (skb->secmark) { in secmark_save()
39 if (ct && !ct->secmark) { in secmark_save()
40 ct->secmark = skb->secmark; in secmark_save()
52 if (!skb->secmark) { in secmark_restore()
57 if (ct && ct->secmark) in secmark_restore()
58 skb->secmark = ct->secmark; in secmark_restore()
|
| D | xt_SECMARK.c | 31 u32 secmark = 0; in secmark_tg() local
36 secmark = info->secid; in secmark_tg()
42 skb->secmark = secmark; in secmark_tg()
|
| D | nft_meta.c | 157 *dest = skb->secmark; in nft_meta_get_eval()
301 skb->secmark = value; in nft_meta_set_eval()
644 skb->secmark = priv->secid; in nft_secmark_obj_eval()
|
| D | nft_ct.c | 104 *dest = ct->secmark; in nft_ct_get_eval()
306 if (ct->secmark != value) { in nft_ct_set_eval()
307 ct->secmark = value; in nft_ct_set_eval()
|
| D | nfnetlink_queue.c | 313 if (skb->secmark) in nfqnl_get_sk_secctx()
314 security_secid_to_secctx(skb->secmark, secdata, &seclen); in nfqnl_get_sk_secctx()
|
| D | nf_conntrack_netlink.c | 335 ret = security_secid_to_secctx(ct->secmark, &secctx, &len); in ctnetlink_dump_secctx()
625 ret = security_secid_to_secctx(ct->secmark, NULL, &len); in ctnetlink_secctx_size()
773 if ((events & (1 << IPCT_SECMARK) || ct->secmark) in ctnetlink_conntrack_event()
2451 if (ct->secmark && ctnetlink_dump_secctx(skb, ct) < 0) in __ctnetlink_glue_build()
|
| D | nf_conntrack_standalone.c | 179 ret = security_secid_to_secctx(ct->secmark, &secctx, &len); in ct_show_secctx()
|
| D | nf_conntrack_core.c | 1497 ct->secmark = exp->master->secmark; in init_conntrack()
|
| /Linux-v5.4/security/apparmor/ |
| D | net.c | 190 static int apparmor_secmark_init(struct aa_secmark *secmark) in apparmor_secmark_init() argument
194 if (secmark->label[0] == '*') { in apparmor_secmark_init()
195 secmark->secid = AA_SECID_WILDCARD; in apparmor_secmark_init()
200 secmark->label, strlen(secmark->label), in apparmor_secmark_init()
206 secmark->secid = label->secid; in apparmor_secmark_init()
221 if (!profile->secmark[i].secid) { in aa_secmark_perm()
222 ret = apparmor_secmark_init(&profile->secmark[i]); in aa_secmark_perm()
227 if (profile->secmark[i].secid == secid || in aa_secmark_perm()
228 profile->secmark[i].secid == AA_SECID_WILDCARD) { in aa_secmark_perm()
229 if (profile->secmark[i].deny) in aa_secmark_perm()
[all …]
|
| D | policy_unpack.c | 580 profile->secmark = kcalloc(size, sizeof(struct aa_secmark), in unpack_secmark()
582 if (!profile->secmark) in unpack_secmark()
588 if (!unpack_u8(e, &profile->secmark[i].audit, NULL)) in unpack_secmark()
590 if (!unpack_u8(e, &profile->secmark[i].deny, NULL)) in unpack_secmark()
592 if (!unpack_strdup(e, &profile->secmark[i].label, NULL)) in unpack_secmark()
604 if (profile->secmark) { in unpack_secmark()
606 kfree(profile->secmark[i].label); in unpack_secmark()
607 kfree(profile->secmark); in unpack_secmark()
609 profile->secmark = NULL; in unpack_secmark()
|
| D | lsm.c | 1030 if (!skb->secmark) in apparmor_socket_sock_rcv_skb()
1034 skb->secmark, sk); in apparmor_socket_sock_rcv_skb()
1137 if (!skb->secmark) in apparmor_inet_conn_request()
1141 skb->secmark, sk); in apparmor_inet_conn_request()
1620 if (!skb->secmark) in apparmor_ip_postroute()
1629 skb->secmark, sk)) in apparmor_ip_postroute()
|
| D | policy.c | 230 kzfree(profile->secmark[i].label); in aa_free_profile()
231 kzfree(profile->secmark); in aa_free_profile()
|
| /Linux-v5.4/security/smack/ |
| D | smack_netfilter.c | 34 skb->secmark = skp->smk_secid; in smack_ipv6_output()
52 skb->secmark = skp->smk_secid; in smack_ipv4_output()
|
| D | smack_lsm.c | 3872 if (skb && skb->secmark != 0) { in smack_socket_sock_rcv_skb()
3873 skp = smack_from_secid(skb->secmark); in smack_socket_sock_rcv_skb()
3918 if (skb && skb->secmark != 0) in smack_socket_sock_rcv_skb()
3919 skp = smack_from_secid(skb->secmark); in smack_socket_sock_rcv_skb()
4024 s = skb->secmark; in smack_socket_getpeersec_dgram()
4043 s = skb->secmark; in smack_socket_getpeersec_dgram()
4121 if (skb && skb->secmark != 0) { in smack_inet_conn_request()
4122 skp = smack_from_secid(skb->secmark); in smack_inet_conn_request()
|
| /Linux-v5.4/security/apparmor/include/ |
| D | policy.h | 155 struct aa_secmark *secmark; member
|
| /Linux-v5.4/include/net/netfilter/ |
| D | nf_conntrack.h | 100 u_int32_t secmark; member
|
| /Linux-v5.4/include/linux/ |
| D | skbuff.h | 849 __u32 secmark; member
4233 to->secmark = from->secmark; in skb_copy_secmark()
4238 skb->secmark = 0; in skb_init_secmark()
|
| /Linux-v5.4/security/selinux/ |
| D | hooks.c | 4966 sk_sid, skb->secmark, SECCLASS_PACKET, in selinux_sock_rcv_skb_compat()
5042 sk_sid, skb->secmark, SECCLASS_PACKET, in selinux_socket_sock_rcv_skb()
5593 peer_sid, skb->secmark, in selinux_ip_forward()
5706 sksec->sid, skb->secmark, in selinux_ip_postroute_compat()
5830 peer_sid, skb->secmark, in selinux_ip_postroute()
|
| /Linux-v5.4/net/core/ |
| D | skbuff.c | 963 CHECK_SKB_FIELD(secmark); in __copy_skb_header()
|
