linux/net/ipv4
Paul Moore 446fda4f26 [NetLabel]: CIPSOv4 engine
Add support for the Commercial IP Security Option (CIPSO) to the IPv4
network stack.  CIPSO has become a de-facto standard for
trusted/labeled networking amongst existing Trusted Operating Systems
such as Trusted Solaris, HP-UX CMW, etc.  This implementation is
designed to be used with the NetLabel subsystem to provide explicit
packet labeling to LSM developers.

The CIPSO/IPv4 packet labeling works by the LSM calling a NetLabel API
function which attaches a CIPSO label (IPv4 option) to a given socket;
this in turn attaches the CIPSO label to every packet leaving the
socket without any extra processing on the outbound side.  On the
inbound side the individual packet's sk_buff is examined through a
call to a NetLabel API function to determine if a CIPSO/IPv4 label is
present and if so the security attributes of the CIPSO label are
returned to the caller of the NetLabel API function.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-09-22 14:53:33 -07:00
..
ipvs [IPVS]: remove the debug option go ip_vs_ftp 2006-09-17 23:21:06 -07:00
netfilter [MLSXFRM]: Add flow labeling 2006-09-22 14:53:27 -07:00
af_inet.c [MLSXFRM]: Add flow labeling 2006-09-22 14:53:27 -07:00
ah4.c [NetLabel]: core network changes 2006-09-22 14:53:32 -07:00
arp.c [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
cipso_ipv4.c [NetLabel]: CIPSOv4 engine 2006-09-22 14:53:33 -07:00
datagram.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
devinet.c [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
esp4.c [IPSEC]: Use HMAC template and hash interface 2006-09-21 11:46:18 +10:00
fib_frontend.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
fib_hash.c [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
fib_lookup.h [IPV4]: Prepare FIB core for RCU. 2005-08-29 16:08:31 -07:00
fib_rules.c [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
fib_semantics.c [IPV4]: severe locking bug in fib_semantics.c 2006-08-17 16:44:46 -07:00
fib_trie.c [IPV4] fib_trie: missing ntohl() when calling fib_semantic_match() 2006-09-19 13:42:46 -07:00
icmp.c [MLSXFRM]: Add flow labeling 2006-09-22 14:53:27 -07:00
igmp.c [MCAST]: Fix filter leak on device removal. 2006-08-17 16:29:57 -07:00
inet_connection_sock.c [MLSXFRM]: Auto-labeling of child sockets 2006-09-22 14:53:29 -07:00
inet_diag.c [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
inet_hashtables.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
inet_timewait_sock.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
inetpeer.c [IPV4] inetpeer: Get rid of volatile from peer_total 2006-07-10 14:50:30 -07:00
ip_forward.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
ip_fragment.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
ip_gre.c [IPV4]: Get rid of redundant IPCB->opts initialisation 2006-07-21 14:29:53 -07:00
ip_input.c [IPV4]: Clear the whole IPCB, this clears also IPCB(skb)->flags. 2006-07-24 23:45:16 -07:00
ip_options.c [NetLabel]: core network changes 2006-09-22 14:53:32 -07:00
ip_output.c [MLSXFRM]: Add flow labeling 2006-09-22 14:53:27 -07:00
ip_sockglue.c [AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch 2006-08-02 14:12:06 -07:00
ipcomp.c [CRYPTO] users: Use crypto_comp and crypto_has_* 2006-09-21 11:46:22 +10:00
ipconfig.c [NET]: Convert RTNL to mutex. 2006-03-20 22:23:58 -08:00
ipip.c [IPV4]: Get rid of redundant IPCB->opts initialisation 2006-07-21 14:29:53 -07:00
ipmr.c [IPV4] ipmr: ip multicast route bug fix. 2006-07-25 16:45:12 -07:00
Kconfig [IPSEC] ESP: Use block ciphers where applicable 2006-09-21 11:46:14 +10:00
Makefile [NetLabel]: CIPSOv4 engine 2006-09-22 14:53:33 -07:00
multipath_drr.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
multipath_random.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
multipath_rr.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
multipath_wrandom.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
multipath.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
netfilter.c [NETFILTER]: Add address family specific checksum helpers 2006-04-09 22:25:41 -07:00
proc.c [PATCH] for_each_possible_cpu: network codes 2006-04-11 06:18:31 -07:00
protocol.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
raw.c [MLSXFRM]: Add flow labeling 2006-09-22 14:53:27 -07:00
route.c [IPV4]: Limit rt cache size properly. 2006-08-07 20:44:22 -07:00
syncookies.c [MLSXFRM]: Auto-labeling of child sockets 2006-09-22 14:53:29 -07:00
sysctl_net_ipv4.c [NetLabel]: CIPSOv4 engine 2006-09-22 14:53:33 -07:00
tcp_bic.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
tcp_cong.c [TCP]: Two RFC3465 Appropriate Byte Count fixes. 2006-08-29 21:22:16 -07:00
tcp_cubic.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
tcp_diag.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
tcp_highspeed.c [TCP] tcp_highspeed: Fix AI updates. 2006-07-12 13:58:50 -07:00
tcp_htcp.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
tcp_hybla.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
tcp_input.c [TCP]: Turn ABC off. 2006-09-17 23:21:02 -07:00
tcp_ipv4.c [MLSXFRM]: Auto-labeling of child sockets 2006-09-22 14:53:29 -07:00
tcp_lp.c [TCP] tcp-lp: bug fix for oops in 2.6.18-rc6 2006-09-17 23:21:09 -07:00
tcp_minisocks.c [TCP]: SNMPv2 tcpAttemptFails counter error 2006-08-02 13:38:19 -07:00
tcp_output.c [TCP]: Limit window scaling if window is clamped. 2006-08-22 14:33:57 -07:00
tcp_probe.c [TCP]: Fix botched memory leak fix to tcpprobe_read(). 2006-08-13 18:05:09 -07:00
tcp_scalable.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
tcp_timer.c [TCP]: MTU probing 2006-03-20 17:53:41 -08:00
tcp_vegas.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
tcp_veno.c [TCP]: Minimum congestion window consolidation. 2006-06-17 21:29:29 -07:00
tcp_westwood.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
tcp.c [NET]: Fix more per-cpu typos 2006-08-02 15:02:31 -07:00
tunnel4.c [INET]: Move no-tunnel ICMP error to tunnel4/tunnel6 2006-04-09 22:25:25 -07:00
udp.c [MLSXFRM]: Add flow labeling 2006-09-22 14:53:27 -07:00
xfrm4_input.c [IPSEC] xfrm: Abstract out encapsulation modes 2006-06-17 21:28:39 -07:00
xfrm4_mode_transport.c [IPSEC] proto: Move transport mode input path into xfrm_mode_transport 2006-06-17 21:28:41 -07:00
xfrm4_mode_tunnel.c [IPV4]: Get rid of redundant IPCB->opts initialisation 2006-07-21 14:29:53 -07:00
xfrm4_output.c [NET] gso: Add skb_is_gso 2006-07-08 13:34:32 -07:00
xfrm4_policy.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
xfrm4_state.c [IPSEC] xfrm: Undo afinfo lock proliferation 2006-06-17 21:28:37 -07:00
xfrm4_tunnel.c [IPSEC]: Kill unused decap state argument 2006-04-01 00:52:46 -08:00