Release 4.15 security/smack/smack_netfilter.c
/*
* Simplified MAC Kernel (smack) security module
*
* This file contains the Smack netfilter implementation
*
* Author:
* Casey Schaufler <casey@schaufler-ca.com>
*
* Copyright (C) 2014 Casey Schaufler <casey@schaufler-ca.com>
* Copyright (C) 2014 Intel Corporation.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2,
* as published by the Free Software Foundation.
*/
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv6.h>
#include <linux/netdevice.h>
#include <net/inet_sock.h>
#include <net/net_namespace.h>
#include "smack.h"
#if IS_ENABLED(CONFIG_IPV6)
static unsigned int smack_ipv6_output(void *priv,
struct sk_buff *skb,
const struct nf_hook_state *state)
{
struct sock *sk = skb_to_full_sk(skb);
struct socket_smack *ssp;
struct smack_known *skp;
if (sk && sk->sk_security) {
ssp = sk->sk_security;
skp = ssp->smk_out;
skb->secmark = skp->smk_secid;
}
return NF_ACCEPT;
}
Contributors
| Person | Tokens | Prop | Commits | CommitProp |
| Casey Schaufler | 61 | 81.33% | 1 | 25.00% |
| Eric Dumazet | 10 | 13.33% | 1 | 25.00% |
| Eric W. Biedermann | 2 | 2.67% | 1 | 25.00% |
| David S. Miller | 2 | 2.67% | 1 | 25.00% |
| Total | 75 | 100.00% | 4 | 100.00% |
#endif /* IPV6 */
static unsigned int smack_ipv4_output(void *priv,
struct sk_buff *skb,
const struct nf_hook_state *state)
{
struct sock *sk = skb_to_full_sk(skb);
struct socket_smack *ssp;
struct smack_known *skp;
if (sk && sk->sk_security) {
ssp = sk->sk_security;
skp = ssp->smk_out;
skb->secmark = skp->smk_secid;
}
return NF_ACCEPT;
}
Contributors
| Person | Tokens | Prop | Commits | CommitProp |
| Casey Schaufler | 61 | 81.33% | 1 | 25.00% |
| Eric Dumazet | 10 | 13.33% | 1 | 25.00% |
| Eric W. Biedermann | 2 | 2.67% | 1 | 25.00% |
| David S. Miller | 2 | 2.67% | 1 | 25.00% |
| Total | 75 | 100.00% | 4 | 100.00% |
static const struct nf_hook_ops smack_nf_ops[] = {
{
.hook = smack_ipv4_output,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP_PRI_SELINUX_FIRST,
},
#if IS_ENABLED(CONFIG_IPV6)
{
.hook = smack_ipv6_output,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP6_PRI_SELINUX_FIRST,
},
#endif /* IPV6 */
};
static int __net_init smack_nf_register(struct net *net)
{
return nf_register_net_hooks(net, smack_nf_ops,
ARRAY_SIZE(smack_nf_ops));
}
Contributors
| Person | Tokens | Prop | Commits | CommitProp |
| Florian Westphal | 25 | 100.00% | 1 | 100.00% |
| Total | 25 | 100.00% | 1 | 100.00% |
static void __net_exit smack_nf_unregister(struct net *net)
{
nf_unregister_net_hooks(net, smack_nf_ops, ARRAY_SIZE(smack_nf_ops));
}
Contributors
| Person | Tokens | Prop | Commits | CommitProp |
| Florian Westphal | 24 | 100.00% | 1 | 100.00% |
| Total | 24 | 100.00% | 1 | 100.00% |
static struct pernet_operations smack_net_ops = {
.init = smack_nf_register,
.exit = smack_nf_unregister,
};
static int __init smack_nf_ip_init(void)
{
if (smack_enabled == 0)
return 0;
printk(KERN_DEBUG "Smack: Registering netfilter hooks\n");
return register_pernet_subsys(&smack_net_ops);
}
Contributors
| Person | Tokens | Prop | Commits | CommitProp |
| Casey Schaufler | 27 | 87.10% | 1 | 50.00% |
| Florian Westphal | 4 | 12.90% | 1 | 50.00% |
| Total | 31 | 100.00% | 2 | 100.00% |
__initcall(smack_nf_ip_init);
Overall Contributors
| Person | Tokens | Prop | Commits | CommitProp |
| Casey Schaufler | 236 | 68.80% | 1 | 14.29% |
| Florian Westphal | 74 | 21.57% | 2 | 28.57% |
| Eric Dumazet | 23 | 6.71% | 1 | 14.29% |
| Eric W. Biedermann | 4 | 1.17% | 1 | 14.29% |
| David S. Miller | 4 | 1.17% | 1 | 14.29% |
| Javier Martinez Canillas | 2 | 0.58% | 1 | 14.29% |
| Total | 343 | 100.00% | 7 | 100.00% |
Information contained on this website is for historical information purposes only and does not indicate or represent copyright ownership.