git.kernel.dk Git - linux-2.6-block.git/commit

author	Huw Davies <huw@codeweavers.com>
	Mon, 27 Jun 2016 19:02:46 +0000 (15:02 -0400)
committer	Paul Moore <paul@paul-moore.com>
	Mon, 27 Jun 2016 19:02:46 +0000 (15:02 -0400)
commit	cb72d38211eacda2dd90b09540542b6582da614e
tree	2a9be751e1917ede6f9a56f547eafacfa202d1e7	tree \| snapshot
parent	8f18e675c3335b5f113dbabc4afbab6da41ff61f	commit \| diff

netlabel: Initial support for the CALIPSO netlink protocol.

CALIPSO is a packet labelling protocol for IPv6 which is very similar
to CIPSO.  It is specified in RFC 5570.  Much of the code is based on
the current CIPSO code.

This adds support for adding passthrough-type CALIPSO DOIs through the
NLBL_CALIPSO_C_ADD command.  It requires attributes:

NLBL_CALIPSO_A_TYPE which must be CALIPSO_MAP_PASS.
NLBL_CALIPSO_A_DOI.

In passthrough mode the CALIPSO engine will map MLS secattr levels
and categories directly to the packet label.

At this stage, the major difference between this and the CIPSO
code is that IPv6 may be compiled as a module.  To allow for
this the CALIPSO functions are registered at module init time.

Signed-off-by: Huw Davies <huw@codeweavers.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

include/net/calipso.h	[new file with mode: 0644]	blob
include/net/netlabel.h		diff \| blob \| blame \| history
include/uapi/linux/audit.h		diff \| blob \| blame \| history
net/ipv6/Makefile		diff \| blob \| blame \| history
net/ipv6/af_inet6.c		diff \| blob \| blame \| history
net/ipv6/calipso.c	[new file with mode: 0644]	blob
net/netlabel/Makefile		diff \| blob \| blame \| history
net/netlabel/netlabel_calipso.c	[new file with mode: 0644]	blob
net/netlabel/netlabel_calipso.h	[new file with mode: 0644]	blob
net/netlabel/netlabel_kapi.c		diff \| blob \| blame \| history
net/netlabel/netlabel_mgmt.c		diff \| blob \| blame \| history
net/netlabel/netlabel_user.c		diff \| blob \| blame \| history