diff options
author | Paul Moore <paul.moore@hp.com> | 2006-08-03 19:46:20 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 17:53:32 -0400 |
commit | 11a03f78fbf15a866ba3bf6359a75cdfd1ced703 (patch) | |
tree | 49c4c35124c05826a940fba6633dd815985cf8a9 /net/ipv4 | |
parent | 8802f616f6de8576805f32e47602816f141118f2 (diff) |
[NetLabel]: core network changes
Changes to the core network stack to support the NetLabel subsystem. This
includes changes to the IPv4 option handling to support CIPSO labels.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/ah4.c | 2 | ||||
-rw-r--r-- | net/ipv4/ip_options.c | 19 |
2 files changed, 20 insertions, 1 deletions
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index 2b98943e6b02..008e69d2e423 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c | |||
@@ -35,7 +35,7 @@ static int ip_clear_mutable_options(struct iphdr *iph, u32 *daddr) | |||
35 | switch (*optptr) { | 35 | switch (*optptr) { |
36 | case IPOPT_SEC: | 36 | case IPOPT_SEC: |
37 | case 0x85: /* Some "Extended Security" crap. */ | 37 | case 0x85: /* Some "Extended Security" crap. */ |
38 | case 0x86: /* Another "Commercial Security" crap. */ | 38 | case IPOPT_CIPSO: |
39 | case IPOPT_RA: | 39 | case IPOPT_RA: |
40 | case 0x80|21: /* RFC1770 */ | 40 | case 0x80|21: /* RFC1770 */ |
41 | break; | 41 | break; |
diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c index 406056edc02b..e0a93b4fa8cc 100644 --- a/net/ipv4/ip_options.c +++ b/net/ipv4/ip_options.c | |||
@@ -24,6 +24,7 @@ | |||
24 | #include <net/ip.h> | 24 | #include <net/ip.h> |
25 | #include <net/icmp.h> | 25 | #include <net/icmp.h> |
26 | #include <net/route.h> | 26 | #include <net/route.h> |
27 | #include <net/cipso_ipv4.h> | ||
27 | 28 | ||
28 | /* | 29 | /* |
29 | * Write options to IP header, record destination address to | 30 | * Write options to IP header, record destination address to |
@@ -194,6 +195,13 @@ int ip_options_echo(struct ip_options * dopt, struct sk_buff * skb) | |||
194 | dopt->is_strictroute = sopt->is_strictroute; | 195 | dopt->is_strictroute = sopt->is_strictroute; |
195 | } | 196 | } |
196 | } | 197 | } |
198 | if (sopt->cipso) { | ||
199 | optlen = sptr[sopt->cipso+1]; | ||
200 | dopt->cipso = dopt->optlen+sizeof(struct iphdr); | ||
201 | memcpy(dptr, sptr+sopt->cipso, optlen); | ||
202 | dptr += optlen; | ||
203 | dopt->optlen += optlen; | ||
204 | } | ||
197 | while (dopt->optlen & 3) { | 205 | while (dopt->optlen & 3) { |
198 | *dptr++ = IPOPT_END; | 206 | *dptr++ = IPOPT_END; |
199 | dopt->optlen++; | 207 | dopt->optlen++; |
@@ -434,6 +442,17 @@ int ip_options_compile(struct ip_options * opt, struct sk_buff * skb) | |||
434 | if (optptr[2] == 0 && optptr[3] == 0) | 442 | if (optptr[2] == 0 && optptr[3] == 0) |
435 | opt->router_alert = optptr - iph; | 443 | opt->router_alert = optptr - iph; |
436 | break; | 444 | break; |
445 | case IPOPT_CIPSO: | ||
446 | if (opt->cipso) { | ||
447 | pp_ptr = optptr; | ||
448 | goto error; | ||
449 | } | ||
450 | opt->cipso = optptr - iph; | ||
451 | if (cipso_v4_validate(&optptr)) { | ||
452 | pp_ptr = optptr; | ||
453 | goto error; | ||
454 | } | ||
455 | break; | ||
437 | case IPOPT_SEC: | 456 | case IPOPT_SEC: |
438 | case IPOPT_SID: | 457 | case IPOPT_SID: |
439 | default: | 458 | default: |