linux/include/net
Paul Moore 948bf85c1b netlabel: Add functionality to set the security attributes of a packet
This patch builds upon the new NetLabel address selector functionality by
providing the NetLabel KAPI and CIPSO engine support needed to enable the
new packet-based labeling.  The only new addition to the NetLabel KAPI at
this point is shown below:

 * int netlbl_skbuff_setattr(skb, family, secattr)

... and is designed to be called from a Netfilter hook after the packet's
IP header has been populated such as in the FORWARD or LOCAL_OUT hooks.

This patch also provides the necessary SELinux hooks to support this new
functionality.  Smack support is not currently included due to uncertainty
regarding the permissions needed to expand the Smack network access controls.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Reviewed-by: James Morris <jmorris@namei.org>
2008-10-10 10:16:32 -04:00
..
9p 9p: implement proper trans module refcounting and unregistration 2008-09-24 16:22:23 -05:00
bluetooth [Bluetooth] Reject L2CAP connections on an insecure ACL link 2008-09-09 07:19:20 +02:00
irda pkt_sched: Add qdisc_all_tx_empty() 2008-07-08 23:00:25 -07:00
iucv [AF_IUCV]: postpone receival of iucv-packets 2007-10-10 16:54:51 -07:00
netfilter netfilter: accounting rework: ct_extend + 64bit counters (v4) 2008-07-21 10:10:58 -07:00
netns netns: dont alloc ipv6 fib timer list 2008-07-22 14:33:45 -07:00
sctp sctp: Fix kernel panic while process protocol violation parameter 2008-09-30 05:32:24 -07:00
tc_act [PKT_SCHED]: Add stateless NAT 2007-10-10 16:53:11 -07:00
tipc tipc: Remove unneeded parameter to tipc_createport_raw() 2008-07-14 22:42:19 -07:00
act_api.h [NET_SCHED]: act_api: use PTR_ERR in tcf_action_init/tcf_action_get 2008-01-28 15:11:17 -08:00
addrconf.h netns: Add network namespace argument to rt6_fill_node() and ipv6_dev_get_saddr() 2008-08-14 15:33:21 -07:00
af_rxrpc.h [AF_RXRPC]: Add an interface to the AF_RXRPC module for the AFS filesystem to use 2007-04-26 15:50:17 -07:00
af_unix.h [PATCH] f_count may wrap around 2008-07-26 20:53:40 -04:00
ah.h [IPSEC]: Get rid of ipv6_{auth,esp,comp}_hdr 2007-10-10 16:55:55 -07:00
arp.h [NETFILTER]: ebtables: remove casts, use consts 2008-01-31 19:27:33 -08:00
atmclip.h
ax25.h [AX25] ax25_ds_timer: use mod_timer instead of add_timer 2008-02-12 17:53:34 -08:00
ax88796.h ax88796: add 93cx6 eeprom support 2007-10-10 16:53:56 -07:00
cfg80211.h nl80211/cfg80211: support for mesh, sta dumping 2008-03-06 15:30:41 -05:00
checksum.h [NET]: Move netfilter checksum helpers to net/core/utils.c 2008-01-28 14:55:14 -08:00
cipso_ipv4.h netlabel: Add functionality to set the security attributes of a packet 2008-10-10 10:16:32 -04:00
compat.h net: Use standard structures for generic socket address structures. 2008-07-19 22:35:47 -07:00
datalink.h
dn.h [DECNET]: Another unnecessary net/tcp.h inclusion in net/dn.h 2007-07-10 23:02:12 -07:00
dn_dev.h
dn_fib.h [DECNet]: Use rtnl registration interface 2007-04-25 22:27:12 -07:00
dn_neigh.h
dn_nsp.h
dn_route.h [NET]: Wrap netdevice hardware header creation. 2007-10-10 16:52:50 -07:00
dsfield.h [NET]: Constify include/net/dsfield.h 2008-01-28 14:55:58 -08:00
dst.h net: Kill plain NET_XMIT_BYPASS. 2008-08-04 23:04:08 -07:00
esp.h [IPSEC]: Use crypto_aead and authenc in ESP 2008-01-31 19:27:02 -08:00
fib_rules.h net: add fib_rules_ops to flush_cache method 2008-07-05 19:01:28 -07:00
flow.h ipv4: remove unused field in struct flowi (include/net/flow.h). 2008-08-05 01:19:50 -07:00
garp.h vlan: Add GVRP support 2008-07-05 21:26:57 -07:00
gen_stats.h [NET_SCHED]: Convert packet schedulers from rtnetlink to new netlink API 2008-01-28 15:11:10 -08:00
genetlink.h netlink: Improve returned error codes 2008-06-03 16:36:54 -07:00
icmp.h mib: put icmpmsg statistics on struct net 2008-07-18 04:04:22 -07:00
ieee80211.h remove ieee80211_wx_{get,set}_auth() 2008-05-07 15:02:14 -04:00
ieee80211_crypt.h [PATCH] Update my email address from jkmaline@cc.hut.fi to j@w1.fi 2007-04-28 11:01:01 -04:00
ieee80211_radiotap.h include: use get/put_unaligned_* helpers 2008-07-25 10:53:26 -07:00
if_inet6.h ipv6: make struct ipv6_devconf static 2008-07-22 14:21:58 -07:00
inet6_connection_sock.h [TCP]: Restore SKB socket owner setting in tcp_transmit_skb(). 2007-01-26 01:04:55 -08:00
inet6_hashtables.h netns: introduce the net_hash_mix "salt" for hashes 2008-06-16 17:14:11 -07:00
inet_common.h [NETNS]: Inet control socket should not hold a namespace. 2008-04-03 14:28:30 -07:00
inet_connection_sock.h [INET]: Rename inet_csk_ctl_sock_create to inet_ctl_sock_create. 2008-04-03 14:22:32 -07:00
inet_ecn.h [IPV6]: Use appropriate sock tclass setting for routing lookup. 2008-04-13 23:40:51 -07:00
inet_frag.h [NET]: Rename inet_frag.h identifiers COMPLETE, FIRST_IN, LAST_IN to INET_FRAG_* 2008-03-28 16:35:27 -07:00
inet_hashtables.h netns: introduce the net_hash_mix "salt" for hashes 2008-06-16 17:14:11 -07:00
inet_sock.h netns: introduce the net_hash_mix "salt" for hashes 2008-06-16 17:14:11 -07:00
inet_timewait_sock.h netns : fix kernel panic in timewait socket destruction 2008-09-08 13:17:27 -07:00
inetpeer.h net: remove CVS keywords 2008-06-11 21:00:38 -07:00
ip.h [PATCH] sysctl: make sure that /proc/sys/net/ipv4 appears before per-ns ones 2008-07-26 20:53:10 -04:00
ip6_checksum.h [IPV6]: Dumb typo in generic csum_ipv6_magic() 2006-12-22 11:12:07 -08:00
ip6_fib.h [NETNS][IPV6] rt6_info - move rt6_info structure inside the namespace 2008-03-04 13:48:30 -08:00
ip6_route.h netns: Add network namespace argument to rt6_fill_node() and ipv6_dev_get_saddr() 2008-08-14 15:33:21 -07:00
ip6_tunnel.h net: remove CVS keywords 2008-06-11 21:00:38 -07:00
ip_fib.h [IPV4]: Fix compile error building without CONFIG_FS_PROC 2008-02-05 02:54:16 -08:00
ip_vs.h ipvs: Embed estimator object into stats object 2008-08-11 14:00:43 +02:00
ipcomp.h ipsec: ipcomp - Merge IPComp implementations 2008-07-25 02:54:40 -07:00
ipconfig.h net: remove CVS keywords 2008-06-11 21:00:38 -07:00
ipip.h tunnels: Remove stat member from ip_tunnel struct. 2008-05-21 14:16:36 -07:00
ipv6.h net: missing bits of net-namespace / sysctl 2008-07-27 04:40:51 -07:00
ipx.h [SK_BUFF]: Introduce skb_transport_header(skb) 2007-04-25 22:25:31 -07:00
iw_handler.h wext: Emit event stream entries correctly when compat. 2008-06-16 18:50:49 -07:00
lapb.h
llc.h [LLC]: station source mac address 2008-03-28 16:28:36 -07:00
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h [NET]: Make socket creation namespace safe. 2007-10-10 16:49:07 -07:00
llc_if.h [LLC]: Kill static inline llc_addrany 2008-02-29 11:46:17 -08:00
llc_pdu.h [LLC]: skb allocation size for responses 2008-03-31 21:02:47 -07:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h [LLC]: skb allocation size for responses 2008-03-31 21:02:47 -07:00
mac80211.h mac80211: remove kdoc references to IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE 2008-08-18 11:05:14 -04:00
mip6.h [IPV6] MIP6: Use our standard definitions for paddings. 2008-04-12 13:43:22 +09:00
ndisc.h ndisc: Add missing strategies for per-device retrans timer/reachable time settings. 2008-05-19 16:25:42 -07:00
neighbour.h core: add stat to track unresolved discards in neighbor cache 2008-07-16 20:50:49 -07:00
net_namespace.h [PATCH] beginning of sysctl cleanup - ctl_table_set 2008-07-26 20:53:08 -04:00
netdma.h
netevent.h [NET]: Remove unnecessary inclusion of dst.h 2008-01-28 14:53:38 -08:00
netlabel.h netlabel: Add functionality to set the security attributes of a packet 2008-10-10 10:16:32 -04:00
netlink.h netlink: fix overrun in attribute iteration 2008-09-11 19:05:29 -07:00
netrom.h [PATCH] mark struct file_operations const 1 2007-02-12 09:48:44 -08:00
nexthop.h
p8022.h
pkt_cls.h [PKT_SCHED]: Pass real namespace in net scheduler classifiers. 2008-03-27 16:53:37 -07:00
pkt_sched.h pkt_sched: Fix qdisc list locking 2008-08-22 03:31:39 -07:00
protocol.h [NETNS]: Drop packets in the non-initial namespace on the per/protocol basis. 2008-03-24 15:33:00 -07:00
psnap.h
raw.h [RAW]: Add raw_hashinfo member on struct proto. 2008-03-22 16:56:51 -07:00
rawv6.h [IPv6] RAW: Compact the API for the kernel 2008-01-28 14:54:29 -08:00
red.h [NET_SCHED]: turn PSCHED_GET_TIME into inline function 2007-04-25 22:27:55 -07:00
request_sock.h tcp: Fix kernel panic when calling tcp_v(4/6)_md5_do_lookup 2008-08-06 23:50:04 -07:00
rose.h rose: improving AX25 routing frames via ROSE network 2008-06-17 17:08:32 -07:00
route.h net: missing bits of net-namespace / sysctl 2008-07-27 04:40:51 -07:00
rtnetlink.h [RTNL]: Introduce the rtnl_kill_links helper. 2008-04-16 00:46:52 -07:00
sch_generic.h pkt_sched: Fix sch_tree_lock() 2008-08-27 02:27:10 -07:00
scm.h pid namespaces: changes to show virtual ids to user 2007-10-19 11:53:40 -07:00
slhc_vj.h
snmp.h net: remove CVS keywords 2008-06-11 21:00:38 -07:00
sock.h sock: add net to prot->enter_memory_pressure callback 2008-07-16 20:28:10 -07:00
stp.h net: Add STP demux layer 2008-07-05 21:25:39 -07:00
syncppp.h Remove bogus variables from syncppp.[ch] 2008-07-23 23:00:31 +02:00
tcp.h tcp: options clean up 2008-07-19 00:04:31 -07:00
tcp_states.h
timewait_sock.h
transp_v6.h net: change proto destroy method to return void 2008-06-14 17:04:49 -07:00
udp.h mib: put udplite statistics on struct net 2008-07-18 04:03:45 -07:00
udplite.h [UDP]: Revert udplite and code split. 2008-03-06 16:22:02 -08:00
wext.h wext: Dispatch and handle compat ioctls entirely in net/wireless/wext.c 2008-06-16 18:32:46 -07:00
wireless.h mac80211: allow disable FAT in specific configurations 2008-06-03 15:00:26 -04:00
x25.h [X.25]: Adds /proc/sys/net/x25/x25_forward to control forwarding. 2007-02-08 13:34:36 -08:00
x25device.h [SK_BUFF]: Introduce skb_reset_mac_header(skb) 2007-04-25 22:24:32 -07:00
xfrm.h xfrm: convert empty xfrm_audit_* macros to functions 2008-05-03 21:03:01 -07:00