diff options
| author | Huw Davies <huw@codeweavers.com> | 2016-06-27 15:06:17 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2016-06-27 15:06:17 -0400 |
| commit | 4fee5242bf41d9ad641d4c1b821e36eb7ba37fbf (patch) | |
| tree | 6b79290fc0dbeffe30945235ca86576b652c84dd /include/net/netlabel.h | |
| parent | 2e532b702834c07f614caf4489feb691e713232a (diff) | |
calipso: Add a label cache.
This works in exactly the same way as the CIPSO label cache.
The idea is to allow the lsm to cache the result of a secattr
lookup so that it doesn't need to perform the lookup for
every skbuff.
It introduces two sysctl controls:
calipso_cache_enable - enables/disables the cache.
calipso_cache_bucket_size - sets the size of a cache bucket.
Signed-off-by: Huw Davies <huw@codeweavers.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include/net/netlabel.h')
| -rw-r--r-- | include/net/netlabel.h | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h index d8a46a8ed512..a306bc7d2642 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h | |||
| @@ -235,6 +235,8 @@ struct netlbl_lsm_secattr { | |||
| 235 | * @skbuff_optptr: find option in packet | 235 | * @skbuff_optptr: find option in packet |
| 236 | * @skbuff_setattr: set the skbuff's attr | 236 | * @skbuff_setattr: set the skbuff's attr |
| 237 | * @skbuff_delattr: remove the skbuff's attr | 237 | * @skbuff_delattr: remove the skbuff's attr |
| 238 | * @cache_invalidate: invalidate cache | ||
| 239 | * @cache_add: add cache entry | ||
| 238 | * | 240 | * |
| 239 | * Description: | 241 | * Description: |
| 240 | * This structure is filled out by the CALIPSO engine and passed | 242 | * This structure is filled out by the CALIPSO engine and passed |
| @@ -269,6 +271,9 @@ struct netlbl_calipso_ops { | |||
| 269 | const struct calipso_doi *doi_def, | 271 | const struct calipso_doi *doi_def, |
| 270 | const struct netlbl_lsm_secattr *secattr); | 272 | const struct netlbl_lsm_secattr *secattr); |
| 271 | int (*skbuff_delattr)(struct sk_buff *skb); | 273 | int (*skbuff_delattr)(struct sk_buff *skb); |
| 274 | void (*cache_invalidate)(void); | ||
| 275 | int (*cache_add)(const unsigned char *calipso_ptr, | ||
| 276 | const struct netlbl_lsm_secattr *secattr); | ||
| 272 | }; | 277 | }; |
| 273 | 278 | ||
| 274 | /* | 279 | /* |
| @@ -494,7 +499,7 @@ void netlbl_skbuff_err(struct sk_buff *skb, u16 family, int error, int gateway); | |||
| 494 | * LSM label mapping cache operations | 499 | * LSM label mapping cache operations |
| 495 | */ | 500 | */ |
| 496 | void netlbl_cache_invalidate(void); | 501 | void netlbl_cache_invalidate(void); |
| 497 | int netlbl_cache_add(const struct sk_buff *skb, | 502 | int netlbl_cache_add(const struct sk_buff *skb, u16 family, |
| 498 | const struct netlbl_lsm_secattr *secattr); | 503 | const struct netlbl_lsm_secattr *secattr); |
| 499 | 504 | ||
| 500 | /* | 505 | /* |
| @@ -647,7 +652,7 @@ static inline void netlbl_cache_invalidate(void) | |||
| 647 | { | 652 | { |
| 648 | return; | 653 | return; |
| 649 | } | 654 | } |
| 650 | static inline int netlbl_cache_add(const struct sk_buff *skb, | 655 | static inline int netlbl_cache_add(const struct sk_buff *skb, u16 family, |
| 651 | const struct netlbl_lsm_secattr *secattr) | 656 | const struct netlbl_lsm_secattr *secattr) |
| 652 | { | 657 | { |
| 653 | return 0; | 658 | return 0; |