1 files changed, 60 insertions, 0 deletions
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 8b820dc98060..cc8047d1f505 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -473,6 +473,66 @@ int netlbl_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr)
 }
 /**
+ * netlbl_skbuff_setattr - Label a packet using the correct protocol
+ * @skb: the packet
+ * @family: protocol family
+ * @secattr: the security attributes
+ *
+ * Description:
+ * Attach the correct label to the given packet using the security attributes
+ * specified in @secattr.  Returns zero on success, negative values on failure.
+ *
+ */
+int netlbl_skbuff_setattr(struct sk_buff *skb,
+                          u16 family,
+                          const struct netlbl_lsm_secattr *secattr)
+{
+        int ret_val;
+        struct iphdr *hdr4;
+        struct netlbl_domaddr4_map *af4_entry;
+        rcu_read_lock();
+        switch (family) {
+        case AF_INET:
+                hdr4 = ip_hdr(skb);
+                af4_entry = netlbl_domhsh_getentry_af4(secattr->domain,
+                                                       hdr4->daddr);
+                if (af4_entry == NULL) {
+                        ret_val = -ENOENT;
+                        goto skbuff_setattr_return;
+                }
+                switch (af4_entry->type) {
+                case NETLBL_NLTYPE_CIPSOV4:
+                        ret_val = cipso_v4_skbuff_setattr(skb,
+                                                   af4_entry->type_def.cipsov4,
+                                                   secattr);
+                        break;
+                case NETLBL_NLTYPE_UNLABELED:
+                        /* just delete the protocols we support for right now
+                         * but we could remove other protocols if needed */
+                        ret_val = cipso_v4_skbuff_delattr(skb);
+                        break;
+                default:
+                        ret_val = -ENOENT;
+                }
+                break;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+        case AF_INET6:
+                /* since we don't support any IPv6 labeling protocols right
+                 * now we can optimize everything away until we do */
+                ret_val = 0;
+                break;
+#endif /* IPv6 */
+        default:
+                ret_val = 0;
+        }
+skbuff_setattr_return:
+        rcu_read_unlock();
+        return ret_val;
+}
+/**
 * netlbl_skbuff_getattr - Determine the security attributes of a packet
 * @skb: the packet
 * @family: protocol family

diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index 8b820dc98060..cc8047d1f505 100644 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c
@@ -473,6 +473,66 @@ int netlbl_sock_getattr(struct sock sk, struct netlbl_lsm_secattr secattr)
473	}	473	}
474		474
475	/**	475	/**
		476	* netlbl_skbuff_setattr - Label a packet using the correct protocol
		477	* @skb: the packet
		478	* @family: protocol family
		479	* @secattr: the security attributes
		480	*
		481	* Description:
		482	* Attach the correct label to the given packet using the security attributes
		483	* specified in @secattr. Returns zero on success, negative values on failure.
		484	*
		485	*/
		486	int netlbl_skbuff_setattr(struct sk_buff *skb,
		487	u16 family,
		488	const struct netlbl_lsm_secattr *secattr)
		489	{
		490	int ret_val;
		491	struct iphdr *hdr4;
		492	struct netlbl_domaddr4_map *af4_entry;
		493
		494	rcu_read_lock();
		495	switch (family) {
		496	case AF_INET:
		497	hdr4 = ip_hdr(skb);
		498	af4_entry = netlbl_domhsh_getentry_af4(secattr->domain,
		499	hdr4->daddr);
		500	if (af4_entry == NULL) {
		501	ret_val = -ENOENT;
		502	goto skbuff_setattr_return;
		503	}
		504	switch (af4_entry->type) {
		505	case NETLBL_NLTYPE_CIPSOV4:
		506	ret_val = cipso_v4_skbuff_setattr(skb,
		507	af4_entry->type_def.cipsov4,
		508	secattr);
		509	break;
		510	case NETLBL_NLTYPE_UNLABELED:
		511	/* just delete the protocols we support for right now
		512	* but we could remove other protocols if needed */
		513	ret_val = cipso_v4_skbuff_delattr(skb);
		514	break;
		515	default:
		516	ret_val = -ENOENT;
		517	}
		518	break;
		519	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
		520	case AF_INET6:
		521	/* since we don't support any IPv6 labeling protocols right
		522	* now we can optimize everything away until we do */
		523	ret_val = 0;
		524	break;
		525	#endif /* IPv6 */
		526	default:
		527	ret_val = 0;
		528	}
		529
		530	skbuff_setattr_return:
		531	rcu_read_unlock();
		532	return ret_val;
		533	}
		534
		535	/**
476	* netlbl_skbuff_getattr - Determine the security attributes of a packet	536	* netlbl_skbuff_getattr - Determine the security attributes of a packet
477	* @skb: the packet	537	* @skb: the packet
478	* @family: protocol family	538	* @family: protocol family