aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/security.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h17
1 files changed, 15 insertions, 2 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index ff3f857f6957..ac050830a873 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -832,9 +832,11 @@ struct request_sock;
832 * incoming sk_buff @skb has been associated with a particular socket, @sk. 832 * incoming sk_buff @skb has been associated with a particular socket, @sk.
833 * @sk contains the sock (not socket) associated with the incoming sk_buff. 833 * @sk contains the sock (not socket) associated with the incoming sk_buff.
834 * @skb contains the incoming network data. 834 * @skb contains the incoming network data.
835 * @socket_getpeersec: 835 * @socket_getpeersec_stream:
836 * This hook allows the security module to provide peer socket security 836 * This hook allows the security module to provide peer socket security
837 * state to userspace via getsockopt SO_GETPEERSEC. 837 * state for unix or connected tcp sockets to userspace via getsockopt
838 * SO_GETPEERSEC. For tcp sockets this can be meaningful if the
839 * socket is associated with an ipsec SA.
838 * @sock is the local socket. 840 * @sock is the local socket.
839 * @optval userspace memory where the security state is to be copied. 841 * @optval userspace memory where the security state is to be copied.
840 * @optlen userspace int where the module should copy the actual length 842 * @optlen userspace int where the module should copy the actual length
@@ -843,6 +845,17 @@ struct request_sock;
843 * by the caller. 845 * by the caller.
844 * Return 0 if all is well, otherwise, typical getsockopt return 846 * Return 0 if all is well, otherwise, typical getsockopt return
845 * values. 847 * values.
848 * @socket_getpeersec_dgram:
849 * This hook allows the security module to provide peer socket security
850 * state for udp sockets on a per-packet basis to userspace via
851 * getsockopt SO_GETPEERSEC. The application must first have indicated
852 * the IP_PASSSEC option via getsockopt. It can then retrieve the
853 * security state returned by this hook for a packet via the SCM_SECURITY
854 * ancillary message type.
855 * @skb is the skbuff for the packet being queried
856 * @secdata is a pointer to a buffer in which to copy the security data
857 * @seclen is the maximum length for @secdata
858 * Return 0 on success, error on failure.
846 * @sk_alloc_security: 859 * @sk_alloc_security:
847 * Allocate and attach a security structure to the sk->sk_security field, 860 * Allocate and attach a security structure to the sk->sk_security field,
848 * which is used to copy security attributes between local stream sockets. 861 * which is used to copy security attributes between local stream sockets.