"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "net/ipv4/cipso_ipv4.c" between
linux-3.16.62.tar.xz and linux-3.16.63.tar.xz

About: The full source of the Linux kernel 3.16.x (longterm stable)

cipso_ipv4.c  (linux-3.16.62.tar.xz):cipso_ipv4.c  (linux-3.16.63.tar.xz)
skipping to change at line 379 skipping to change at line 379
* @secattr: the packet's security attributes * @secattr: the packet's security attributes
* *
* Description: * Description:
* Add a new entry into the CIPSO label mapping cache. Add the new entry to * Add a new entry into the CIPSO label mapping cache. Add the new entry to
* head of the cache bucket's list, if the cache bucket is out of room remove * head of the cache bucket's list, if the cache bucket is out of room remove
* the last entry in the list first. It is important to note that there is * the last entry in the list first. It is important to note that there is
* currently no checking for duplicate keys. Returns zero on success, * currently no checking for duplicate keys. Returns zero on success,
* negative values on failure. * negative values on failure.
* *
*/ */
int cipso_v4_cache_add(const struct sk_buff *skb, int cipso_v4_cache_add(const unsigned char *cipso_ptr,
const struct netlbl_lsm_secattr *secattr) const struct netlbl_lsm_secattr *secattr)
{ {
int ret_val = -EPERM; int ret_val = -EPERM;
u32 bkt; u32 bkt;
struct cipso_v4_map_cache_entry *entry = NULL; struct cipso_v4_map_cache_entry *entry = NULL;
struct cipso_v4_map_cache_entry *old_entry = NULL; struct cipso_v4_map_cache_entry *old_entry = NULL;
unsigned char *cipso_ptr;
u32 cipso_ptr_len; u32 cipso_ptr_len;
if (!cipso_v4_cache_enabled || cipso_v4_cache_bucketsize <= 0) if (!cipso_v4_cache_enabled || cipso_v4_cache_bucketsize <= 0)
return 0; return 0;
cipso_ptr = CIPSO_V4_OPTPTR(skb);
cipso_ptr_len = cipso_ptr[1]; cipso_ptr_len = cipso_ptr[1];
entry = kzalloc(sizeof(*entry), GFP_ATOMIC); entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
if (entry == NULL) if (entry == NULL)
return -ENOMEM; return -ENOMEM;
entry->key = kmemdup(cipso_ptr, cipso_ptr_len, GFP_ATOMIC); entry->key = kmemdup(cipso_ptr, cipso_ptr_len, GFP_ATOMIC);
if (entry->key == NULL) { if (entry->key == NULL) {
ret_val = -ENOMEM; ret_val = -ENOMEM;
goto cache_add_failure; goto cache_add_failure;
} }
skipping to change at line 1595 skipping to change at line 1593
const unsigned char *tag, const unsigned char *tag,
struct netlbl_lsm_secattr *secattr) struct netlbl_lsm_secattr *secattr)
{ {
secattr->attr.secid = *(u32 *)&tag[2]; secattr->attr.secid = *(u32 *)&tag[2];
secattr->flags |= NETLBL_SECATTR_SECID; secattr->flags |= NETLBL_SECATTR_SECID;
return 0; return 0;
} }
/** /**
* cipso_v4_optptr - Find the CIPSO option in the packet
* @skb: the packet
*
* Description:
* Parse the packet's IP header looking for a CIPSO option. Returns a pointer
* to the start of the CIPSO option on success, NULL if one is not found.
*
*/
unsigned char *cipso_v4_optptr(const struct sk_buff *skb)
{
const struct iphdr *iph = ip_hdr(skb);
unsigned char *optptr = (unsigned char *)&(ip_hdr(skb)[1]);
int optlen;
int taglen;
for (optlen = iph->ihl*4 - sizeof(struct iphdr); optlen > 1; ) {
switch (optptr[0]) {
case IPOPT_END:
return NULL;
case IPOPT_NOOP:
taglen = 1;
break;
default:
taglen = optptr[1];
}
if (!taglen || taglen > optlen)
return NULL;
if (optptr[0] == IPOPT_CIPSO)
return optptr;
optlen -= taglen;
optptr += taglen;
}
return NULL;
}
/**
* cipso_v4_validate - Validate a CIPSO option * cipso_v4_validate - Validate a CIPSO option
* @option: the start of the option, on error it is set to point to the error * @option: the start of the option, on error it is set to point to the error
* *
* Description: * Description:
* This routine is called to validate a CIPSO option, it checks all of the * This routine is called to validate a CIPSO option, it checks all of the
* fields to ensure that they are at least valid, see the draft snippet below * fields to ensure that they are at least valid, see the draft snippet below
* for details. If the option is valid then a zero value is returned and * for details. If the option is valid then a zero value is returned and
* the value of @option is unchanged. If the option is invalid then a * the value of @option is unchanged. If the option is invalid then a
* non-zero value is returned and @option is adjusted to point to the * non-zero value is returned and @option is adjusted to point to the
* offending portion of the option. From the IETF draft ... * offending portion of the option. From the IETF draft ...
skipping to change at line 2139 skipping to change at line 2175
/** /**
* cipso_v4_getattr - Helper function for the cipso_v4_*_getattr functions * cipso_v4_getattr - Helper function for the cipso_v4_*_getattr functions
* @cipso: the CIPSO v4 option * @cipso: the CIPSO v4 option
* @secattr: the security attributes * @secattr: the security attributes
* *
* Description: * Description:
* Inspect @cipso and return the security attributes in @secattr. Returns zero * Inspect @cipso and return the security attributes in @secattr. Returns zero
* on success and negative values on failure. * on success and negative values on failure.
* *
*/ */
static int cipso_v4_getattr(const unsigned char *cipso, int cipso_v4_getattr(const unsigned char *cipso,
struct netlbl_lsm_secattr *secattr) struct netlbl_lsm_secattr *secattr)
{ {
int ret_val = -ENOMSG; int ret_val = -ENOMSG;
u32 doi; u32 doi;
struct cipso_v4_doi *doi_def; struct cipso_v4_doi *doi_def;
if (cipso_v4_cache_check(cipso, cipso[1], secattr) == 0) if (cipso_v4_cache_check(cipso, cipso[1], secattr) == 0)
return 0; return 0;
doi = get_unaligned_be32(&cipso[2]); doi = get_unaligned_be32(&cipso[2]);
rcu_read_lock(); rcu_read_lock();
skipping to change at line 2325 skipping to change at line 2361
cipso_ptr = (unsigned char *)iph + opt->cipso; cipso_ptr = (unsigned char *)iph + opt->cipso;
memset(cipso_ptr, IPOPT_NOOP, cipso_ptr[1]); memset(cipso_ptr, IPOPT_NOOP, cipso_ptr[1]);
opt->cipso = 0; opt->cipso = 0;
opt->is_changed = 1; opt->is_changed = 1;
ip_send_check(iph); ip_send_check(iph);
return 0; return 0;
} }
/**
* cipso_v4_skbuff_getattr - Get the security attributes from the CIPSO option
* @skb: the packet
* @secattr: the security attributes
*
* Description:
* Parse the given packet's CIPSO option and return the security attributes.
* Returns zero on success and negative values on failure.
*
*/
int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
struct netlbl_lsm_secattr *secattr)
{
return cipso_v4_getattr(CIPSO_V4_OPTPTR(skb), secattr);
}
/* /*
* Setup Functions * Setup Functions
*/ */
/** /**
* cipso_v4_init - Initialize the CIPSO module * cipso_v4_init - Initialize the CIPSO module
* *
* Description: * Description:
* Initialize the CIPSO module and prepare it for use. Returns zero on success * Initialize the CIPSO module and prepare it for use. Returns zero on success
* and negative values on failure. * and negative values on failure.
 End of changes. 6 change blocks. 
21 lines changed or deleted 41 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)