diff options
| author | Huw Davies <huw@codeweavers.com> | 2016-06-27 15:02:51 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2016-06-27 15:02:51 -0400 |
| commit | ceba1832b1b2da0149c51de62a847c00bca1677a (patch) | |
| tree | 5f03426f96c98a387cc1087865fe99b32410561c /include | |
| parent | 3faa8f982f958961fda68b8d63e682fe77a032d4 (diff) | |
calipso: Set the calipso socket label to match the secattr.
CALIPSO is a hop-by-hop IPv6 option. A lot of this patch is based on
the equivalent CISPO code. The main difference is due to manipulating
the options in the hop-by-hop header.
Signed-off-by: Huw Davies <huw@codeweavers.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/net/ipv6.h | 2 | ||||
| -rw-r--r-- | include/net/netlabel.h | 9 | ||||
| -rw-r--r-- | include/uapi/linux/in6.h | 1 |
3 files changed, 12 insertions, 0 deletions
diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 887313d978d0..4e279a83cdd0 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h | |||
| @@ -319,6 +319,8 @@ struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space, | |||
| 319 | 319 | ||
| 320 | bool ipv6_opt_accepted(const struct sock *sk, const struct sk_buff *skb, | 320 | bool ipv6_opt_accepted(const struct sock *sk, const struct sk_buff *skb, |
| 321 | const struct inet6_skb_parm *opt); | 321 | const struct inet6_skb_parm *opt); |
| 322 | struct ipv6_txoptions *ipv6_update_options(struct sock *sk, | ||
| 323 | struct ipv6_txoptions *opt); | ||
| 322 | 324 | ||
| 323 | static inline bool ipv6_accept_ra(struct inet6_dev *idev) | 325 | static inline bool ipv6_accept_ra(struct inet6_dev *idev) |
| 324 | { | 326 | { |
diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 9fc2cab9be98..918a6044c89c 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h | |||
| @@ -226,6 +226,9 @@ struct netlbl_lsm_secattr { | |||
| 226 | * @doi_getdef: returns a reference to a DOI | 226 | * @doi_getdef: returns a reference to a DOI |
| 227 | * @doi_putdef: releases a reference of a DOI | 227 | * @doi_putdef: releases a reference of a DOI |
| 228 | * @doi_walk: enumerate the DOI list | 228 | * @doi_walk: enumerate the DOI list |
| 229 | * @sock_getattr: retrieve the socket's attr | ||
| 230 | * @sock_setattr: set the socket's attr | ||
| 231 | * @sock_delattr: remove the socket's attr | ||
| 229 | * | 232 | * |
| 230 | * Description: | 233 | * Description: |
| 231 | * This structure is filled out by the CALIPSO engine and passed | 234 | * This structure is filled out by the CALIPSO engine and passed |
| @@ -243,6 +246,12 @@ struct netlbl_calipso_ops { | |||
| 243 | int (*doi_walk)(u32 *skip_cnt, | 246 | int (*doi_walk)(u32 *skip_cnt, |
| 244 | int (*callback)(struct calipso_doi *doi_def, void *arg), | 247 | int (*callback)(struct calipso_doi *doi_def, void *arg), |
| 245 | void *cb_arg); | 248 | void *cb_arg); |
| 249 | int (*sock_getattr)(struct sock *sk, | ||
| 250 | struct netlbl_lsm_secattr *secattr); | ||
| 251 | int (*sock_setattr)(struct sock *sk, | ||
| 252 | const struct calipso_doi *doi_def, | ||
| 253 | const struct netlbl_lsm_secattr *secattr); | ||
| 254 | void (*sock_delattr)(struct sock *sk); | ||
| 246 | }; | 255 | }; |
| 247 | 256 | ||
| 248 | /* | 257 | /* |
diff --git a/include/uapi/linux/in6.h b/include/uapi/linux/in6.h index 318a4828bf98..b39ea4f2e701 100644 --- a/include/uapi/linux/in6.h +++ b/include/uapi/linux/in6.h | |||
| @@ -143,6 +143,7 @@ struct in6_flowlabel_req { | |||
| 143 | #define IPV6_TLV_PAD1 0 | 143 | #define IPV6_TLV_PAD1 0 |
| 144 | #define IPV6_TLV_PADN 1 | 144 | #define IPV6_TLV_PADN 1 |
| 145 | #define IPV6_TLV_ROUTERALERT 5 | 145 | #define IPV6_TLV_ROUTERALERT 5 |
| 146 | #define IPV6_TLV_CALIPSO 7 /* RFC 5570 */ | ||
| 146 | #define IPV6_TLV_JUMBO 194 | 147 | #define IPV6_TLV_JUMBO 194 |
| 147 | #define IPV6_TLV_HAO 201 /* home address option */ | 148 | #define IPV6_TLV_HAO 201 /* home address option */ |
| 148 | 149 | ||