diff options
| author | Venkat Yekkirala <vyekkirala@TrustedCS.com> | 2006-07-25 02:29:07 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 17:53:24 -0400 |
| commit | e0d1caa7b0d5f02e4f34aa09c695d04251310c6c (patch) | |
| tree | bf023c17abf6813f2694ebf5fafff82edd6a1023 /net/core | |
| parent | b6340fcd761acf9249b3acbc95c4dc555d9beb07 (diff) | |
[MLSXFRM]: Flow based matching of xfrm policy and state
This implements a seemless mechanism for xfrm policy selection and
state matching based on the flow sid. This also includes the necessary
SELinux enforcement pieces.
Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/core')
| -rw-r--r-- | net/core/flow.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/net/core/flow.c b/net/core/flow.c index 2191af5f26ac..645241165e6c 100644 --- a/net/core/flow.c +++ b/net/core/flow.c | |||
| @@ -32,7 +32,6 @@ struct flow_cache_entry { | |||
| 32 | u8 dir; | 32 | u8 dir; |
| 33 | struct flowi key; | 33 | struct flowi key; |
| 34 | u32 genid; | 34 | u32 genid; |
| 35 | u32 sk_sid; | ||
| 36 | void *object; | 35 | void *object; |
| 37 | atomic_t *object_ref; | 36 | atomic_t *object_ref; |
| 38 | }; | 37 | }; |
| @@ -165,7 +164,7 @@ static int flow_key_compare(struct flowi *key1, struct flowi *key2) | |||
| 165 | return 0; | 164 | return 0; |
| 166 | } | 165 | } |
| 167 | 166 | ||
| 168 | void *flow_cache_lookup(struct flowi *key, u32 sk_sid, u16 family, u8 dir, | 167 | void *flow_cache_lookup(struct flowi *key, u16 family, u8 dir, |
| 169 | flow_resolve_t resolver) | 168 | flow_resolve_t resolver) |
| 170 | { | 169 | { |
| 171 | struct flow_cache_entry *fle, **head; | 170 | struct flow_cache_entry *fle, **head; |
| @@ -189,7 +188,6 @@ void *flow_cache_lookup(struct flowi *key, u32 sk_sid, u16 family, u8 dir, | |||
| 189 | for (fle = *head; fle; fle = fle->next) { | 188 | for (fle = *head; fle; fle = fle->next) { |
| 190 | if (fle->family == family && | 189 | if (fle->family == family && |
| 191 | fle->dir == dir && | 190 | fle->dir == dir && |
| 192 | fle->sk_sid == sk_sid && | ||
| 193 | flow_key_compare(key, &fle->key) == 0) { | 191 | flow_key_compare(key, &fle->key) == 0) { |
| 194 | if (fle->genid == atomic_read(&flow_cache_genid)) { | 192 | if (fle->genid == atomic_read(&flow_cache_genid)) { |
| 195 | void *ret = fle->object; | 193 | void *ret = fle->object; |
| @@ -214,7 +212,6 @@ void *flow_cache_lookup(struct flowi *key, u32 sk_sid, u16 family, u8 dir, | |||
| 214 | *head = fle; | 212 | *head = fle; |
| 215 | fle->family = family; | 213 | fle->family = family; |
| 216 | fle->dir = dir; | 214 | fle->dir = dir; |
| 217 | fle->sk_sid = sk_sid; | ||
| 218 | memcpy(&fle->key, key, sizeof(*key)); | 215 | memcpy(&fle->key, key, sizeof(*key)); |
| 219 | fle->object = NULL; | 216 | fle->object = NULL; |
| 220 | flow_count(cpu)++; | 217 | flow_count(cpu)++; |
| @@ -226,7 +223,7 @@ nocache: | |||
| 226 | void *obj; | 223 | void *obj; |
| 227 | atomic_t *obj_ref; | 224 | atomic_t *obj_ref; |
| 228 | 225 | ||
| 229 | resolver(key, sk_sid, family, dir, &obj, &obj_ref); | 226 | resolver(key, family, dir, &obj, &obj_ref); |
| 230 | 227 | ||
| 231 | if (fle) { | 228 | if (fle) { |
| 232 | fle->genid = atomic_read(&flow_cache_genid); | 229 | fle->genid = atomic_read(&flow_cache_genid); |