Re: [PATCH 2/5] secmark: make secmark object handling generic
From: Jan Engelhardt
Date: Tue Oct 12 2010 - 12:26:30 EST
On Tuesday 2010-10-12 17:40, Eric Paris wrote:
>diff --git a/include/linux/netfilter/xt_SECMARK.h b/include/linux/netfilter/xt_SECMARK.h
>index 6fcd344..989092b 100644
>--- a/include/linux/netfilter/xt_SECMARK.h
>+++ b/include/linux/netfilter/xt_SECMARK.h
>@@ -11,18 +11,12 @@
> * packets are being marked for.
> */
> #define SECMARK_MODE_SEL 0x01 /* SELinux */
>-#define SECMARK_SELCTX_MAX 256
>-
>-struct xt_secmark_target_selinux_info {
>- __u32 selsid;
>- char selctx[SECMARK_SELCTX_MAX];
>-};
>+#define SECMARK_SECCTX_MAX 256
>
> struct xt_secmark_target_info {
> __u8 mode;
>- union {
>- struct xt_secmark_target_selinux_info sel;
>- } u;
>+ __u32 secid;
>+ char secctx[SECMARK_SECCTX_MAX];
> };
If you make changes here, bump the .revision please, in here:
> static struct xt_target secmark_tg_reg __read_mostly = {
>- .name = "SECMARK",
>- .revision = 0,
>- .family = NFPROTO_UNSPEC,
>- .checkentry = secmark_tg_check,
>- .destroy = secmark_tg_destroy,
>- .target = secmark_tg,
>- .targetsize = sizeof(struct xt_secmark_target_info),
>- .me = THIS_MODULE,
>+ .name = "SECMARK",
>+ .revision = 0,
>+ .family = NFPROTO_UNSPEC,
>+ .checkentry = secmark_tg_check,
>+ .destroy = secmark_tg_destroy,
>+ .target = secmark_tg,
>+ .targetsize = sizeof(struct xt_secmark_target_info),
>+ .me = THIS_MODULE,
> };
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/