diff options
author | Paul Moore <paul.moore@hp.com> | 2007-02-28 15:14:20 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2007-04-26 01:35:45 -0400 |
commit | f998e8cb52396c6a197d14f6afb07144324aea6d (patch) | |
tree | 71ba11443952f09bf7792ad127a29fded161774d | |
parent | de46c33745f5e2ad594c72f2cf5f490861b16ce1 (diff) |
NetLabel: cleanup and document CIPSO constants
This patch collects all of the CIPSO constants and puts them in one place; it
also documents each value explaining how the value is derived.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | net/ipv4/cipso_ipv4.c | 37 |
1 files changed, 29 insertions, 8 deletions
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c index 2ce5b693a8bd..d466bd5186a1 100644 --- a/net/ipv4/cipso_ipv4.c +++ b/net/ipv4/cipso_ipv4.c | |||
@@ -92,6 +92,33 @@ int cipso_v4_rbm_optfmt = 0; | |||
92 | int cipso_v4_rbm_strictvalid = 1; | 92 | int cipso_v4_rbm_strictvalid = 1; |
93 | 93 | ||
94 | /* | 94 | /* |
95 | * Protocol Constants | ||
96 | */ | ||
97 | |||
98 | /* Maximum size of the CIPSO IP option, derived from the fact that the maximum | ||
99 | * IPv4 header size is 60 bytes and the base IPv4 header is 20 bytes long. */ | ||
100 | #define CIPSO_V4_OPT_LEN_MAX 40 | ||
101 | |||
102 | /* Length of the base CIPSO option, this includes the option type (1 byte), the | ||
103 | * option length (1 byte), and the DOI (4 bytes). */ | ||
104 | #define CIPSO_V4_HDR_LEN 6 | ||
105 | |||
106 | /* Base length of the restrictive category bitmap tag (tag #1). */ | ||
107 | #define CIPSO_V4_TAG_RBM_BLEN 4 | ||
108 | |||
109 | /* Base length of the enumerated category tag (tag #2). */ | ||
110 | #define CIPSO_V4_TAG_ENUM_BLEN 4 | ||
111 | |||
112 | /* Base length of the ranged categories bitmap tag (tag #5). */ | ||
113 | #define CIPSO_V4_TAG_RNG_BLEN 4 | ||
114 | /* The maximum number of category ranges permitted in the ranged category tag | ||
115 | * (tag #5). You may note that the IETF draft states that the maximum number | ||
116 | * of category ranges is 7, but if the low end of the last category range is | ||
117 | * zero then it is possibile to fit 8 category ranges because the zero should | ||
118 | * be omitted. */ | ||
119 | #define CIPSO_V4_TAG_RNG_CAT_MAX 8 | ||
120 | |||
121 | /* | ||
95 | * Helper Functions | 122 | * Helper Functions |
96 | */ | 123 | */ |
97 | 124 | ||
@@ -1109,15 +1136,12 @@ static int cipso_v4_map_cat_rng_hton(const struct cipso_v4_doi *doi_def, | |||
1109 | unsigned char *net_cat, | 1136 | unsigned char *net_cat, |
1110 | u32 net_cat_len) | 1137 | u32 net_cat_len) |
1111 | { | 1138 | { |
1112 | /* The constant '16' is not random, it is the maximum number of | ||
1113 | * high/low category range pairs as permitted by the CIPSO draft based | ||
1114 | * on a maximum IPv4 header length of 60 bytes - the BUG_ON() assertion | ||
1115 | * does a sanity check to make sure we don't overflow the array. */ | ||
1116 | int iter = -1; | 1139 | int iter = -1; |
1117 | u16 array[16]; | 1140 | u16 array[CIPSO_V4_TAG_RNG_CAT_MAX * 2]; |
1118 | u32 array_cnt = 0; | 1141 | u32 array_cnt = 0; |
1119 | u32 cat_size = 0; | 1142 | u32 cat_size = 0; |
1120 | 1143 | ||
1144 | /* make sure we don't overflow the 'array[]' variable */ | ||
1121 | BUG_ON(net_cat_len > 30); | 1145 | BUG_ON(net_cat_len > 30); |
1122 | 1146 | ||
1123 | for (;;) { | 1147 | for (;;) { |
@@ -1196,9 +1220,6 @@ static int cipso_v4_map_cat_rng_ntoh(const struct cipso_v4_doi *doi_def, | |||
1196 | * Protocol Handling Functions | 1220 | * Protocol Handling Functions |
1197 | */ | 1221 | */ |
1198 | 1222 | ||
1199 | #define CIPSO_V4_OPT_LEN_MAX 40 | ||
1200 | #define CIPSO_V4_HDR_LEN 6 | ||
1201 | |||
1202 | /** | 1223 | /** |
1203 | * cipso_v4_gentag_hdr - Generate a CIPSO option header | 1224 | * cipso_v4_gentag_hdr - Generate a CIPSO option header |
1204 | * @doi_def: the DOI definition | 1225 | * @doi_def: the DOI definition |