OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/include/net
History
Paul Moore 20e2a86485 cipso: handle CIPSO options correctly when NetLabel is disabled 
When NetLabel is not enabled, e.g. CONFIG_NETLABEL=n, and the system
receives a CIPSO tagged packet it is dropped (cipso_v4_validate()
returns non-zero).  In most cases this is the correct and desired
behavior, however, in the case where we are simply forwarding the
traffic, e.g. acting as a network bridge, this becomes a problem.

This patch fixes the forwarding problem by providing the basic CIPSO
validation code directly in ip_options_compile() without the need for
the NetLabel or CIPSO code.  The new validation code can not perform
any of the CIPSO option label/value verification that
cipso_v4_validate() does, but it can verify the basic CIPSO option
format.

The behavior when NetLabel is enabled is unchanged.

Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2012-06-01 14:18:29 -04:00
..
9p 9p: Reduce object size with CONFIG_NET_9P_DEBUG 2012-01-05 10:51:44 -06:00
bluetooth Bluetooth: Create flags for bt_sk() 2012-05-16 16:14:17 -03:00
caif caif-hsi: robust frame aggregation for HSI 2012-04-13 11:37:36 -04:00
irda Fix common misspellings 2011-03-31 11:26:23 -03:00
iucv af_iucv: add shutdown for HS transport 2012-03-07 22:52:24 -08:00
netfilter netfilter: nf_conntrack: use this_cpu_inc() 2012-05-08 19:36:33 +02:00
netns netfilter: nf_ct_helper: allow to disable automatic helper assignment 2012-05-08 19:35:18 +02:00
nfc NFC: HCI drivers don't have to keep track of polling state 2012-05-15 17:31:22 -04:00
phonet net: dont hold rtnl mutex during netlink dump callbacks 2011-05-02 15:26:28 -07:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-05-16 22:17:37 -04:00
tc_act net/sched: add ACT_CSUM action to update packets checksums 2010-08-20 01:42:59 -07:00
act_api.h net: sched: constify tcf_proto and tc_action 2011-07-06 02:52:16 -07:00
addrconf.h ipv6: bool/const conversions phase2 2012-05-19 01:08:16 -04:00
af_ieee802154.h
af_rxrpc.h net: Remove __KERNEL__ cpp checks from include/net 2011-04-24 10:54:56 -07:00
af_unix.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
ah.h ipsec: update MAX_AH_AUTH_LEN to support sha512 2011-01-13 21:48:25 -08:00
arp.h ipv4: Eliminate spurious argument to __ipv4_neigh_lookup 2012-02-15 17:48:35 -05:00
atmclip.h atm: clip: Use device neigh support on top of "arp_tbl". 2011-11-30 18:51:03 -05:00
ax25.h net ax25: Fix the build when sysctl support is disabled. 2012-04-23 22:14:47 -04:00
ax88796.h
cfg80211-wext.h cfg80211: remove unused wext handler exports 2011-08-08 14:26:29 -04:00
cfg80211.h cfg80211: fix cfg80211_can_beacon_sec_chan prototype 2012-05-16 13:08:15 -04:00
checksum.h
cipso_ipv4.h cipso: handle CIPSO options correctly when NetLabel is disabled 2012-06-01 14:18:29 -04:00
cls_cgroup.h Merge commit 'v2.6.36-rc7' into core/rcu 2010-10-07 09:43:45 +02:00
codel.h fq_codel: should use qdisc backlog as threshold 2012-05-16 15:30:26 -04:00
compat.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
datalink.h
dcbevent.h dcb: Add stub routines for !CONFIG_DCB 2011-10-06 15:49:51 -04:00
dcbnl.h net/dcb: Add an optional max rate attribute 2012-04-05 05:08:04 -04:00
dn.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
dn_dev.h decnet: RCU conversion and get rid of dev_base_lock 2010-11-08 13:50:08 -08:00
dn_fib.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
dn_neigh.h
dn_nsp.h net: use __packed annotation 2010-06-03 03:21:52 -07:00
dn_route.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
dsa.h dsa: Include linux/if_ether.h to fix build error 2011-12-01 11:41:06 -05:00
dsfield.h
dst.h ipv6: fix incorrect ipsec fragment 2012-05-27 01:11:22 -04:00
dst_ops.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
esp.h
ethoc.h
fib_rules.h fib_rules: __rcu annotates ctarget 2010-10-27 11:37:32 -07:00
flow.h ipv4: reset flowi parameters on route connect 2012-02-04 19:29:48 -05:00
flow_keys.h flow_dissector: use a 64bit load/store 2011-11-29 13:17:03 -05:00
garp.h garp: remove last synchronize_rcu() call 2011-05-12 17:46:56 -04:00
gen_stats.h Fix common misspellings 2011-03-31 11:26:23 -03:00
genetlink.h net: Deinline __nlmsg_put and genlmsg_put. -7k code on i386 defconfig. 2012-01-30 15:22:06 -05:00
gre.h PPTP: PPP over IPv4 (Point-to-Point Tunneling Protocol) 2010-08-21 23:05:39 -07:00
icmp.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
ieee80211_radiotap.h wireless: move ieee80211chan2mhz macro 2011-11-11 12:32:50 -05:00
ieee802154.h 6LoWPAN: add fragmentation support 2011-11-14 00:19:42 -05:00
ieee802154_netdev.h mac802154: declare reduced mlme operations 2012-05-16 15:16:56 -04:00
if_inet6.h net: delete all instances of special processing for token ring 2012-05-15 20:14:35 -04:00
inet6_connection_sock.h tcp: bind() use stronger condition for bind_conflict 2012-04-14 15:28:55 -04:00
inet6_hashtables.h net: use IS_ENABLED(CONFIG_IPV6) 2011-12-11 18:25:16 -05:00
inet_common.h inet, inet6: make tcp_sendmsg() and tcp_sendpage() through inet_sendmsg() and inet_sendpage() 2010-07-12 20:21:46 -07:00
inet_connection_sock.h ipv6: RTAX_FEATURE_ALLFRAG causes inefficient TCP segment sizing 2012-04-27 00:03:34 -04:00
inet_ecn.h inet: add rfc 3168 extract in front of INET_ECN_encapsulate() 2011-10-22 01:25:23 -04:00
inet_frag.h ip_frag: struct inet_frags match() method returns a bool 2012-05-18 01:40:27 -04:00
inet_hashtables.h atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
inet_sock.h net: implement IP_RECVTOS for IP_PKTOPTIONS 2012-02-13 00:46:41 -05:00
inet_timewait_sock.h inet: remove rcu protection on tw_net 2011-12-14 13:34:55 -05:00
inetpeer.h route: Remove redirect_genid 2012-03-08 00:30:32 -08:00
ip.h net: delete all instances of special processing for token ring 2012-05-15 20:14:35 -04:00
ip6_checksum.h
ip6_fib.h ipv6: clean up rt6_clean_expires 2012-04-17 22:31:59 -04:00
ip6_route.h ipv6: bool/const conversions phase2 2012-05-19 01:08:16 -04:00
ip6_tunnel.h tunnels: add _rcu annotations 2010-10-25 13:09:45 -07:00
ip_fib.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
ip_vs.h ipvs: add support for sync threads 2012-05-08 19:40:33 +02:00
ipcomp.h percpu: add __percpu sparse annotations to net 2010-02-16 23:05:38 -08:00
ipconfig.h
ipip.h tunnel: implement 64 bits statistics 2012-04-14 14:47:05 -04:00
ipv6.h ipv6: bool/const conversions phase2 2012-05-19 01:08:16 -04:00
ipx.h net: Remove __KERNEL__ cpp checks from include/net 2011-04-24 10:54:56 -07:00
iw_handler.h Fix common misspellings 2011-03-31 11:26:23 -03:00
lapb.h lapb: Neaten debugging 2012-05-17 18:45:20 -04:00
lib80211.h include: replace linux/module.h with "struct module" wherever possible 2011-10-31 19:32:32 -04:00
llc.h atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
llc_c_ac.h
llc_c_ev.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
llc_c_st.h
llc_conn.h llc: use a device based hash table to speed up multicast delivery 2009-12-26 20:43:57 -08:00
llc_if.h
llc_pdu.h net: delete all instances of special processing for token ring 2012-05-15 20:14:35 -04:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
mac80211.h mac80211: (selectively) add HT details in radiotap 2012-05-16 12:46:38 -04:00
mac802154.h mac802154: RX data path 2012-05-16 15:16:44 -04:00
mip6.h net: use __packed annotation 2010-06-03 03:21:52 -07:00
mld.h ipv6 mcast: Introduce include/net/mld.h for MLD definitions. 2010-04-23 13:35:55 +09:00
ndisc.h Treat ND option 31 as userland (DNSSL support) 2012-04-12 15:56:57 -04:00
neighbour.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
net_namespace.h net sysctl: Add place holder functions for when sysctl support is compiled out of the kernel. 2012-04-23 19:24:28 -04:00
net_ratelimit.h net: Kill ratelimit.h dependency in linux/net.h 2011-05-27 13:41:33 -04:00
netdma.h
netevent.h net: Remove __KERNEL__ cpp checks from include/net 2011-04-24 10:54:56 -07:00
netlabel.h doc: Update the email address for Paul Moore in various source files 2011-08-01 17:58:33 -07:00
netlink.h netlink: Delete all NLA_PUT*() macros. 2012-04-02 04:33:45 -04:00
netprio_cgroup.h netprio_cgroup: fix wrong memory access when NETPRIO_CGROUP=m 2012-02-10 15:08:57 -05:00
netrom.h include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nexthop.h
nl802154.h
p8022.h
ping.h net: ping: fix build failure 2011-05-17 14:16:58 -04:00
pkt_cls.h net: Fix range checks in tcf_valid_offset(). 2010-12-21 12:43:16 -08:00
pkt_sched.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
protocol.h net: use IS_ENABLED(CONFIG_IPV6) 2011-12-11 18:25:16 -05:00
psnap.h
raw.h include/net/raw.h: Convert raw_seq_private macro to inline 2010-09-08 13:42:22 -07:00
rawv6.h ipv6: bool/const conversions phase2 2012-05-19 01:08:16 -04:00
red.h net_sched: red: Make minor corrections to comments 2012-04-16 23:53:11 -04:00
regulatory.h cfg80211: pass DFS region to drivers through reg_notifier() 2011-11-21 16:20:41 -05:00
request_sock.h tcp: Change possible SYN flooding messages 2011-09-15 14:49:43 -04:00
rose.h rose: Add length checks to CALL_REQUEST parsing 2011-03-27 17:59:04 -07:00
route.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
rtnetlink.h rtnetlink: ops->get_tx_queue() cannot take a const 'tb'. 2012-04-13 14:21:04 -04:00
sch_generic.h net: Make qdisc_skb_cb upper size bound explicit. 2012-02-09 13:50:34 -05:00
scm.h af_unix: dont send SCM_CREDENTIALS by default 2011-09-28 13:29:50 -04:00
secure_seq.h tcp: add const qualifiers where possible 2011-10-21 05:22:42 -04:00
slhc_vj.h
snmp.h Merge branch 'for-3.3' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu 2012-01-09 13:08:28 -08:00
sock.h memcg: decrement static keys at real destroy time 2012-05-29 16:22:28 -07:00
stp.h
tcp.h tcp: bool conversions 2012-05-17 14:59:59 -04:00
tcp_memcontrol.h cgroup: pass struct mem_cgroup instead of struct cgroup to socket memcg 2012-04-10 10:04:07 -07:00
tcp_states.h
timewait_sock.h BUG: headers with BUG/BUG_ON etc. need linux/bug.h 2012-03-04 17:54:34 -05:00
transp_v6.h net: relax PKTINFO non local ipv6 udp xmit check 2011-08-30 17:39:01 -04:00
udp.h net/ipv6/udp: UDP encapsulation: introduce encap_rcv hook into IPv6 2012-04-28 22:21:51 -04:00
udplite.h net: ipv4: Standardize prefixes for message logging 2012-03-12 17:05:21 -07:00
wext.h
wimax.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
wpan-phy.h mac802154: monitor device support 2012-05-16 15:17:08 -04:00
x25.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
x25device.h X25: Add if_x25.h and x25 to device identifiers 2010-04-22 16:12:36 -07:00
xfrm.h xfrm: Convert several xfrm policy match functions to bool. 2012-05-15 15:04:57 -04:00