diff options
| author | Linus Torvalds <torvalds@g5.osdl.org> | 2006-09-23 16:49:31 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-09-23 16:49:31 -0700 |
| commit | a4c12d6c5dde48c69464baf7c703e425ee511433 (patch) | |
| tree | 73c375e41a353e2da0461ff30d744bff73958b08 /Documentation/networking/secid.txt | |
| parent | 73af07de3e32b9ac328c3d1417258bb98a9b0a9b (diff) | |
| parent | 3b9f9a1c3903b64c38505f9fed3bb11e48dbc931 (diff) | |
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (353 commits)
[IPV6] ADDRCONF: Mobile IPv6 Home Address support.
[IPV6] ADDRCONF: Allow non-DAD'able addresses.
[IPV6] NDISC: Fix is_router flag setting.
[IPV6] ADDRCONF: Convert addrconf_lock to RCU.
[IPV6] NDISC: Add proxy_ndp sysctl.
[IPV6] NDISC: Set per-entry is_router flag in Proxy NA.
[IPV6] NDISC: Avoid updating neighbor cache for proxied address in receiving NA.
[IPV6]: Don't forward packets to proxied link-local address.
[IPV6] NDISC: Handle NDP messages to proxied addresses.
[NETFILTER]: PPTP conntrack: fix another GRE keymap leak
[NETFILTER]: PPTP conntrack: fix GRE keymap leak
[NETFILTER]: PPTP conntrack: fix PPTP_IN_CALL message types
[NETFILTER]: PPTP conntrack: check call ID before changing state
[NETFILTER]: PPTP conntrack: clean up debugging cruft
[NETFILTER]: PPTP conntrack: consolidate header parsing
[NETFILTER]: PPTP conntrack: consolidate header size checks
[NETFILTER]: PPTP conntrack: simplify expectation handling
[NETFILTER]: PPTP conntrack: remove unnecessary cid/pcid header pointers
[NETFILTER]: PPTP conntrack: fix header definitions
[NETFILTER]: PPTP conntrack: remove more dead code
...
Diffstat (limited to 'Documentation/networking/secid.txt')
| -rw-r--r-- | Documentation/networking/secid.txt | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/Documentation/networking/secid.txt b/Documentation/networking/secid.txt new file mode 100644 index 000000000000..95ea06784333 --- /dev/null +++ b/Documentation/networking/secid.txt @@ -0,0 +1,14 @@ +flowi structure: + +The secid member in the flow structure is used in LSMs (e.g. SELinux) to indicate +the label of the flow. This label of the flow is currently used in selecting +matching labeled xfrm(s). + +If this is an outbound flow, the label is derived from the socket, if any, or +the incoming packet this flow is being generated as a response to (e.g. tcp +resets, timewait ack, etc.). It is also conceivable that the label could be +derived from other sources such as process context, device, etc., in special +cases, as may be appropriate. + +If this is an inbound flow, the label is derived from the IPSec security +associations, if any, used by the packet. |