| Patrick McHardy | ff96830 | 2006-05-24 16:15:03 +0000 | [diff] [blame] | 1 | This module copies security markings from packets to connections |
| 2 | (if unlabeled), and from connections back to packets (also only |
| 3 | if unlabeled). Typically used in conjunction with SECMARK, it is |
| Mark Montague | df37d99 | 2011-04-04 14:54:52 +0200 | [diff] [blame] | 4 | valid in the |
| 5 | .B security |
| 6 | table (for backwards compatibility with older kernels, it is also |
| 7 | valid in the |
| Patrick McHardy | ff96830 | 2006-05-24 16:15:03 +0000 | [diff] [blame] | 8 | .B mangle |
| Mark Montague | df37d99 | 2011-04-04 14:54:52 +0200 | [diff] [blame] | 9 | table). |
| Patrick McHardy | ff96830 | 2006-05-24 16:15:03 +0000 | [diff] [blame] | 10 | .TP |
| Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 11 | \fB\-\-save\fP |
| Patrick McHardy | ff96830 | 2006-05-24 16:15:03 +0000 | [diff] [blame] | 12 | If the packet has a security marking, copy it to the connection |
| 13 | if the connection is not marked. |
| 14 | .TP |
| Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 15 | \fB\-\-restore\fP |
| Patrick McHardy | ff96830 | 2006-05-24 16:15:03 +0000 | [diff] [blame] | 16 | If the packet does not have a security marking, and the connection |
| 17 | does, copy the security marking from the connection to the packet. |
| 18 | |