aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/cipso_ipv4.c51
1 files changed, 30 insertions, 21 deletions
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index 5160c710f2eb..e361ea6f3fc8 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -378,20 +378,18 @@ static int cipso_v4_cache_check(const unsigned char *key,
378 * negative values on failure. 378 * negative values on failure.
379 * 379 *
380 */ 380 */
381int cipso_v4_cache_add(const struct sk_buff *skb, 381int cipso_v4_cache_add(const unsigned char *cipso_ptr,
382 const struct netlbl_lsm_secattr *secattr) 382 const struct netlbl_lsm_secattr *secattr)
383{ 383{
384 int ret_val = -EPERM; 384 int ret_val = -EPERM;
385 u32 bkt; 385 u32 bkt;
386 struct cipso_v4_map_cache_entry *entry = NULL; 386 struct cipso_v4_map_cache_entry *entry = NULL;
387 struct cipso_v4_map_cache_entry *old_entry = NULL; 387 struct cipso_v4_map_cache_entry *old_entry = NULL;
388 unsigned char *cipso_ptr;
389 u32 cipso_ptr_len; 388 u32 cipso_ptr_len;
390 389
391 if (!cipso_v4_cache_enabled || cipso_v4_cache_bucketsize <= 0) 390 if (!cipso_v4_cache_enabled || cipso_v4_cache_bucketsize <= 0)
392 return 0; 391 return 0;
393 392
394 cipso_ptr = CIPSO_V4_OPTPTR(skb);
395 cipso_ptr_len = cipso_ptr[1]; 393 cipso_ptr_len = cipso_ptr[1];
396 394
397 entry = kzalloc(sizeof(*entry), GFP_ATOMIC); 395 entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
@@ -1579,6 +1577,33 @@ static int cipso_v4_parsetag_loc(const struct cipso_v4_doi *doi_def,
1579} 1577}
1580 1578
1581/** 1579/**
1580 * cipso_v4_optptr - Find the CIPSO option in the packet
1581 * @skb: the packet
1582 *
1583 * Description:
1584 * Parse the packet's IP header looking for a CIPSO option. Returns a pointer
1585 * to the start of the CIPSO option on success, NULL if one if not found.
1586 *
1587 */
1588unsigned char *cipso_v4_optptr(const struct sk_buff *skb)
1589{
1590 const struct iphdr *iph = ip_hdr(skb);
1591 unsigned char *optptr = (unsigned char *)&(ip_hdr(skb)[1]);
1592 int optlen;
1593 int taglen;
1594
1595 for (optlen = iph->ihl*4 - sizeof(struct iphdr); optlen > 0; ) {
1596 if (optptr[0] == IPOPT_CIPSO)
1597 return optptr;
1598 taglen = optptr[1];
1599 optlen -= taglen;
1600 optptr += taglen;
1601 }
1602
1603 return NULL;
1604}
1605
1606/**
1582 * cipso_v4_validate - Validate a CIPSO option 1607 * cipso_v4_validate - Validate a CIPSO option
1583 * @option: the start of the option, on error it is set to point to the error 1608 * @option: the start of the option, on error it is set to point to the error
1584 * 1609 *
@@ -2119,8 +2144,8 @@ void cipso_v4_req_delattr(struct request_sock *req)
2119 * on success and negative values on failure. 2144 * on success and negative values on failure.
2120 * 2145 *
2121 */ 2146 */
2122static int cipso_v4_getattr(const unsigned char *cipso, 2147int cipso_v4_getattr(const unsigned char *cipso,
2123 struct netlbl_lsm_secattr *secattr) 2148 struct netlbl_lsm_secattr *secattr)
2124{ 2149{
2125 int ret_val = -ENOMSG; 2150 int ret_val = -ENOMSG;
2126 u32 doi; 2151 u32 doi;
@@ -2305,22 +2330,6 @@ int cipso_v4_skbuff_delattr(struct sk_buff *skb)
2305 return 0; 2330 return 0;
2306} 2331}
2307 2332
2308/**
2309 * cipso_v4_skbuff_getattr - Get the security attributes from the CIPSO option
2310 * @skb: the packet
2311 * @secattr: the security attributes
2312 *
2313 * Description:
2314 * Parse the given packet's CIPSO option and return the security attributes.
2315 * Returns zero on success and negative values on failure.
2316 *
2317 */
2318int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
2319 struct netlbl_lsm_secattr *secattr)
2320{
2321 return cipso_v4_getattr(CIPSO_V4_OPTPTR(skb), secattr);
2322}
2323
2324/* 2333/*
2325 * Setup Functions 2334 * Setup Functions
2326 */ 2335 */
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-10 08:59:59 -0500