diff options
| author | Paul Moore <paul.moore@hp.com> | 2006-08-03 19:46:20 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 17:53:32 -0400 |
| commit | 11a03f78fbf15a866ba3bf6359a75cdfd1ced703 (patch) | |
| tree | 49c4c35124c05826a940fba6633dd815985cf8a9 /net | |
| parent | 8802f616f6de8576805f32e47602816f141118f2 (diff) | |
[NetLabel]: core network changes
Changes to the core network stack to support the NetLabel subsystem. This
includes changes to the IPv4 option handling to support CIPSO labels.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/ah4.c | 2 | ||||
| -rw-r--r-- | net/ipv4/ip_options.c | 19 |
2 files changed, 20 insertions, 1 deletions
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index 2b98943e6b02..008e69d2e423 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c | |||
| @@ -35,7 +35,7 @@ static int ip_clear_mutable_options(struct iphdr *iph, u32 *daddr) | |||
| 35 | switch (*optptr) { | 35 | switch (*optptr) { |
| 36 | case IPOPT_SEC: | 36 | case IPOPT_SEC: |
| 37 | case 0x85: /* Some "Extended Security" crap. */ | 37 | case 0x85: /* Some "Extended Security" crap. */ |
| 38 | case 0x86: /* Another "Commercial Security" crap. */ | 38 | case IPOPT_CIPSO: |
| 39 | case IPOPT_RA: | 39 | case IPOPT_RA: |
| 40 | case 0x80|21: /* RFC1770 */ | 40 | case 0x80|21: /* RFC1770 */ |
| 41 | break; | 41 | break; |
diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c index 406056edc02b..e0a93b4fa8cc 100644 --- a/net/ipv4/ip_options.c +++ b/net/ipv4/ip_options.c | |||
| @@ -24,6 +24,7 @@ | |||
| 24 | #include <net/ip.h> | 24 | #include <net/ip.h> |
| 25 | #include <net/icmp.h> | 25 | #include <net/icmp.h> |
| 26 | #include <net/route.h> | 26 | #include <net/route.h> |
| 27 | #include <net/cipso_ipv4.h> | ||
| 27 | 28 | ||
| 28 | /* | 29 | /* |
| 29 | * Write options to IP header, record destination address to | 30 | * Write options to IP header, record destination address to |
| @@ -194,6 +195,13 @@ int ip_options_echo(struct ip_options * dopt, struct sk_buff * skb) | |||
| 194 | dopt->is_strictroute = sopt->is_strictroute; | 195 | dopt->is_strictroute = sopt->is_strictroute; |
| 195 | } | 196 | } |
| 196 | } | 197 | } |
| 198 | if (sopt->cipso) { | ||
| 199 | optlen = sptr[sopt->cipso+1]; | ||
| 200 | dopt->cipso = dopt->optlen+sizeof(struct iphdr); | ||
| 201 | memcpy(dptr, sptr+sopt->cipso, optlen); | ||
| 202 | dptr += optlen; | ||
| 203 | dopt->optlen += optlen; | ||
| 204 | } | ||
| 197 | while (dopt->optlen & 3) { | 205 | while (dopt->optlen & 3) { |
| 198 | *dptr++ = IPOPT_END; | 206 | *dptr++ = IPOPT_END; |
| 199 | dopt->optlen++; | 207 | dopt->optlen++; |
| @@ -434,6 +442,17 @@ int ip_options_compile(struct ip_options * opt, struct sk_buff * skb) | |||
| 434 | if (optptr[2] == 0 && optptr[3] == 0) | 442 | if (optptr[2] == 0 && optptr[3] == 0) |
| 435 | opt->router_alert = optptr - iph; | 443 | opt->router_alert = optptr - iph; |
| 436 | break; | 444 | break; |
| 445 | case IPOPT_CIPSO: | ||
| 446 | if (opt->cipso) { | ||
| 447 | pp_ptr = optptr; | ||
| 448 | goto error; | ||
| 449 | } | ||
| 450 | opt->cipso = optptr - iph; | ||
| 451 | if (cipso_v4_validate(&optptr)) { | ||
| 452 | pp_ptr = optptr; | ||
| 453 | goto error; | ||
| 454 | } | ||
| 455 | break; | ||
| 437 | case IPOPT_SEC: | 456 | case IPOPT_SEC: |
| 438 | case IPOPT_SID: | 457 | case IPOPT_SID: |
| 439 | default: | 458 | default: |