diff options
| author | Huw Davies <huw@codeweavers.com> | 2016-06-27 15:02:51 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2016-06-27 15:02:51 -0400 |
| commit | ceba1832b1b2da0149c51de62a847c00bca1677a (patch) | |
| tree | 5f03426f96c98a387cc1087865fe99b32410561c /include/net | |
| parent | 3faa8f982f958961fda68b8d63e682fe77a032d4 (diff) | |
calipso: Set the calipso socket label to match the secattr.
CALIPSO is a hop-by-hop IPv6 option. A lot of this patch is based on
the equivalent CISPO code. The main difference is due to manipulating
the options in the hop-by-hop header.
Signed-off-by: Huw Davies <huw@codeweavers.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/ipv6.h | 2 | ||||
| -rw-r--r-- | include/net/netlabel.h | 9 |
2 files changed, 11 insertions, 0 deletions
diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 887313d978d0..4e279a83cdd0 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h | |||
| @@ -319,6 +319,8 @@ struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space, | |||
| 319 | 319 | ||
| 320 | bool ipv6_opt_accepted(const struct sock *sk, const struct sk_buff *skb, | 320 | bool ipv6_opt_accepted(const struct sock *sk, const struct sk_buff *skb, |
| 321 | const struct inet6_skb_parm *opt); | 321 | const struct inet6_skb_parm *opt); |
| 322 | struct ipv6_txoptions *ipv6_update_options(struct sock *sk, | ||
| 323 | struct ipv6_txoptions *opt); | ||
| 322 | 324 | ||
| 323 | static inline bool ipv6_accept_ra(struct inet6_dev *idev) | 325 | static inline bool ipv6_accept_ra(struct inet6_dev *idev) |
| 324 | { | 326 | { |
diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 9fc2cab9be98..918a6044c89c 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h | |||
| @@ -226,6 +226,9 @@ struct netlbl_lsm_secattr { | |||
| 226 | * @doi_getdef: returns a reference to a DOI | 226 | * @doi_getdef: returns a reference to a DOI |
| 227 | * @doi_putdef: releases a reference of a DOI | 227 | * @doi_putdef: releases a reference of a DOI |
| 228 | * @doi_walk: enumerate the DOI list | 228 | * @doi_walk: enumerate the DOI list |
| 229 | * @sock_getattr: retrieve the socket's attr | ||
| 230 | * @sock_setattr: set the socket's attr | ||
| 231 | * @sock_delattr: remove the socket's attr | ||
| 229 | * | 232 | * |
| 230 | * Description: | 233 | * Description: |
| 231 | * This structure is filled out by the CALIPSO engine and passed | 234 | * This structure is filled out by the CALIPSO engine and passed |
| @@ -243,6 +246,12 @@ struct netlbl_calipso_ops { | |||
| 243 | int (*doi_walk)(u32 *skip_cnt, | 246 | int (*doi_walk)(u32 *skip_cnt, |
| 244 | int (*callback)(struct calipso_doi *doi_def, void *arg), | 247 | int (*callback)(struct calipso_doi *doi_def, void *arg), |
| 245 | void *cb_arg); | 248 | void *cb_arg); |
| 249 | int (*sock_getattr)(struct sock *sk, | ||
| 250 | struct netlbl_lsm_secattr *secattr); | ||
| 251 | int (*sock_setattr)(struct sock *sk, | ||
| 252 | const struct calipso_doi *doi_def, | ||
| 253 | const struct netlbl_lsm_secattr *secattr); | ||
| 254 | void (*sock_delattr)(struct sock *sk); | ||
| 246 | }; | 255 | }; |
| 247 | 256 | ||
| 248 | /* | 257 | /* |