aboutsummaryrefslogtreecommitdiffstats
path: root/net/xfrm/xfrm_policy.c
diff options
context:
space:
mode:
authorVenkat Yekkirala <vyekkirala@TrustedCS.com>2006-08-05 02:12:42 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-22 17:53:27 -0400
commitbeb8d13bed80f8388f1a9a107d07ddd342e627e8 (patch)
tree19d5763b9b3b8ff3969997565e5ec0edd6e4bd33 /net/xfrm/xfrm_policy.c
parent4e2ba18eae7f370c7c3ed96eaca747cc9b39f917 (diff)
[MLSXFRM]: Add flow labeling
This labels the flows that could utilize IPSec xfrms at the points the flows are defined so that IPSec policy and SAs at the right label can be used. The following protos are currently not handled, but they should continue to be able to use single-labeled IPSec like they currently do. ipmr ip_gre ipip igmp sit sctp ip6_tunnel (IPv6 over IPv6 tunnel device) decnet Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_policy.c')
-rw-r--r--net/xfrm/xfrm_policy.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 79405daadc52..32c963c90573 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -863,7 +863,6 @@ int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
863 u16 family; 863 u16 family;
864 u8 dir = policy_to_flow_dir(XFRM_POLICY_OUT); 864 u8 dir = policy_to_flow_dir(XFRM_POLICY_OUT);
865 865
866 fl->secid = security_sk_sid(sk, fl, dir);
867restart: 866restart:
868 genid = atomic_read(&flow_cache_genid); 867 genid = atomic_read(&flow_cache_genid);
869 policy = NULL; 868 policy = NULL;
@@ -1039,7 +1038,7 @@ xfrm_decode_session(struct sk_buff *skb, struct flowi *fl, unsigned short family
1039 return -EAFNOSUPPORT; 1038 return -EAFNOSUPPORT;
1040 1039
1041 afinfo->decode_session(skb, fl); 1040 afinfo->decode_session(skb, fl);
1042 err = security_xfrm_decode_session(skb, fl); 1041 err = security_xfrm_decode_session(skb, &fl->secid);
1043 xfrm_policy_put_afinfo(afinfo); 1042 xfrm_policy_put_afinfo(afinfo);
1044 return err; 1043 return err;
1045} 1044}