diff options
-rw-r--r-- | include/linux/security.h | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index ff3f857f6957..ac050830a873 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -832,9 +832,11 @@ struct request_sock; | |||
832 | * incoming sk_buff @skb has been associated with a particular socket, @sk. | 832 | * incoming sk_buff @skb has been associated with a particular socket, @sk. |
833 | * @sk contains the sock (not socket) associated with the incoming sk_buff. | 833 | * @sk contains the sock (not socket) associated with the incoming sk_buff. |
834 | * @skb contains the incoming network data. | 834 | * @skb contains the incoming network data. |
835 | * @socket_getpeersec: | 835 | * @socket_getpeersec_stream: |
836 | * This hook allows the security module to provide peer socket security | 836 | * This hook allows the security module to provide peer socket security |
837 | * state to userspace via getsockopt SO_GETPEERSEC. | 837 | * state for unix or connected tcp sockets to userspace via getsockopt |
838 | * SO_GETPEERSEC. For tcp sockets this can be meaningful if the | ||
839 | * socket is associated with an ipsec SA. | ||
838 | * @sock is the local socket. | 840 | * @sock is the local socket. |
839 | * @optval userspace memory where the security state is to be copied. | 841 | * @optval userspace memory where the security state is to be copied. |
840 | * @optlen userspace int where the module should copy the actual length | 842 | * @optlen userspace int where the module should copy the actual length |
@@ -843,6 +845,17 @@ struct request_sock; | |||
843 | * by the caller. | 845 | * by the caller. |
844 | * Return 0 if all is well, otherwise, typical getsockopt return | 846 | * Return 0 if all is well, otherwise, typical getsockopt return |
845 | * values. | 847 | * values. |
848 | * @socket_getpeersec_dgram: | ||
849 | * This hook allows the security module to provide peer socket security | ||
850 | * state for udp sockets on a per-packet basis to userspace via | ||
851 | * getsockopt SO_GETPEERSEC. The application must first have indicated | ||
852 | * the IP_PASSSEC option via getsockopt. It can then retrieve the | ||
853 | * security state returned by this hook for a packet via the SCM_SECURITY | ||
854 | * ancillary message type. | ||
855 | * @skb is the skbuff for the packet being queried | ||
856 | * @secdata is a pointer to a buffer in which to copy the security data | ||
857 | * @seclen is the maximum length for @secdata | ||
858 | * Return 0 on success, error on failure. | ||
846 | * @sk_alloc_security: | 859 | * @sk_alloc_security: |
847 | * Allocate and attach a security structure to the sk->sk_security field, | 860 | * Allocate and attach a security structure to the sk->sk_security field, |
848 | * which is used to copy security attributes between local stream sockets. | 861 | * which is used to copy security attributes between local stream sockets. |