aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation/networking
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2006-08-03 19:45:49 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-22 17:53:31 -0400
commit8802f616f6de8576805f32e47602816f141118f2 (patch)
tree0763c745b3b09ebb085b7d8625447e284a5650de /Documentation/networking
parenta51c64f1e5c2876eab2a32955acd9e8015c91c15 (diff)
[NetLabel]: documentation
Documentation for the NetLabel system, this includes a basic overview of how NetLabel works, how LSM developers can integrate it into their favorite LSM, as well as documentation on the CIPSO related sysctl variables. Also, due to the difficulty of finding expired IETF drafts, I am including the IETF CIPSO draft that is the basis of the NetLabel CIPSO implementation. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'Documentation/networking')
-rw-r--r--Documentation/networking/ip-sysctl.txt35
1 files changed, 35 insertions, 0 deletions
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index 90ed78110fd4..307cd4ec8edd 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -375,6 +375,41 @@ tcp_slow_start_after_idle - BOOLEAN
375 be timed out after an idle period. 375 be timed out after an idle period.
376 Default: 1 376 Default: 1
377 377
378CIPSOv4 Variables:
379
380cipso_cache_enable - BOOLEAN
381 If set, enable additions to and lookups from the CIPSO label mapping
382 cache. If unset, additions are ignored and lookups always result in a
383 miss. However, regardless of the setting the cache is still
384 invalidated when required when means you can safely toggle this on and
385 off and the cache will always be "safe".
386 Default: 1
387
388cipso_cache_bucket_size - INTEGER
389 The CIPSO label cache consists of a fixed size hash table with each
390 hash bucket containing a number of cache entries. This variable limits
391 the number of entries in each hash bucket; the larger the value the
392 more CIPSO label mappings that can be cached. When the number of
393 entries in a given hash bucket reaches this limit adding new entries
394 causes the oldest entry in the bucket to be removed to make room.
395 Default: 10
396
397cipso_rbm_optfmt - BOOLEAN
398 Enable the "Optimized Tag 1 Format" as defined in section 3.4.2.6 of
399 the CIPSO draft specification (see Documentation/netlabel for details).
400 This means that when set the CIPSO tag will be padded with empty
401 categories in order to make the packet data 32-bit aligned.
402 Default: 0
403
404cipso_rbm_structvalid - BOOLEAN
405 If set, do a very strict check of the CIPSO option when
406 ip_options_compile() is called. If unset, relax the checks done during
407 ip_options_compile(). Either way is "safe" as errors are caught else
408 where in the CIPSO processing code but setting this to 0 (False) should
409 result in less work (i.e. it should be faster) but could cause problems
410 with other implementations that require strict checking.
411 Default: 0
412
378IP Variables: 413IP Variables:
379 414
380ip_local_port_range - 2 INTEGERS 415ip_local_port_range - 2 INTEGERS