linux/include/net
Paul Moore 20e2a86485 cipso: handle CIPSO options correctly when NetLabel is disabled
When NetLabel is not enabled, e.g. CONFIG_NETLABEL=n, and the system
receives a CIPSO tagged packet it is dropped (cipso_v4_validate()
returns non-zero).  In most cases this is the correct and desired
behavior, however, in the case where we are simply forwarding the
traffic, e.g. acting as a network bridge, this becomes a problem.

This patch fixes the forwarding problem by providing the basic CIPSO
validation code directly in ip_options_compile() without the need for
the NetLabel or CIPSO code.  The new validation code can not perform
any of the CIPSO option label/value verification that
cipso_v4_validate() does, but it can verify the basic CIPSO option
format.

The behavior when NetLabel is enabled is unchanged.

Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-01 14:18:29 -04:00
..
9p
bluetooth Bluetooth: Create flags for bt_sk() 2012-05-16 16:14:17 -03:00
caif caif-hsi: robust frame aggregation for HSI 2012-04-13 11:37:36 -04:00
irda
iucv
netfilter netfilter: nf_conntrack: use this_cpu_inc() 2012-05-08 19:36:33 +02:00
netns netfilter: nf_ct_helper: allow to disable automatic helper assignment 2012-05-08 19:35:18 +02:00
nfc NFC: HCI drivers don't have to keep track of polling state 2012-05-15 17:31:22 -04:00
phonet
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-05-16 22:17:37 -04:00
tc_act
act_api.h
addrconf.h ipv6: bool/const conversions phase2 2012-05-19 01:08:16 -04:00
af_ieee802154.h
af_rxrpc.h
af_unix.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
ah.h
arp.h
atmclip.h
ax25.h net ax25: Fix the build when sysctl support is disabled. 2012-04-23 22:14:47 -04:00
ax88796.h
cfg80211-wext.h
cfg80211.h cfg80211: fix cfg80211_can_beacon_sec_chan prototype 2012-05-16 13:08:15 -04:00
checksum.h
cipso_ipv4.h cipso: handle CIPSO options correctly when NetLabel is disabled 2012-06-01 14:18:29 -04:00
cls_cgroup.h
codel.h fq_codel: should use qdisc backlog as threshold 2012-05-16 15:30:26 -04:00
compat.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
datalink.h
dcbevent.h
dcbnl.h net/dcb: Add an optional max rate attribute 2012-04-05 05:08:04 -04:00
dn_dev.h
dn_fib.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
dn_neigh.h
dn_nsp.h
dn_route.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
dn.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
dsa.h
dsfield.h
dst_ops.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
dst.h ipv6: fix incorrect ipsec fragment 2012-05-27 01:11:22 -04:00
esp.h
ethoc.h
fib_rules.h
flow_keys.h
flow.h
garp.h
gen_stats.h
genetlink.h
gre.h
icmp.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
ieee80211_radiotap.h
ieee802154_netdev.h mac802154: declare reduced mlme operations 2012-05-16 15:16:56 -04:00
ieee802154.h
if_inet6.h net: delete all instances of special processing for token ring 2012-05-15 20:14:35 -04:00
inet6_connection_sock.h tcp: bind() use stronger condition for bind_conflict 2012-04-14 15:28:55 -04:00
inet6_hashtables.h
inet_common.h
inet_connection_sock.h ipv6: RTAX_FEATURE_ALLFRAG causes inefficient TCP segment sizing 2012-04-27 00:03:34 -04:00
inet_ecn.h
inet_frag.h ip_frag: struct inet_frags match() method returns a bool 2012-05-18 01:40:27 -04:00
inet_hashtables.h
inet_sock.h
inet_timewait_sock.h
inetpeer.h
ip6_checksum.h
ip6_fib.h ipv6: clean up rt6_clean_expires 2012-04-17 22:31:59 -04:00
ip6_route.h ipv6: bool/const conversions phase2 2012-05-19 01:08:16 -04:00
ip6_tunnel.h
ip_fib.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
ip_vs.h ipvs: add support for sync threads 2012-05-08 19:40:33 +02:00
ip.h net: delete all instances of special processing for token ring 2012-05-15 20:14:35 -04:00
ipcomp.h
ipconfig.h
ipip.h tunnel: implement 64 bits statistics 2012-04-14 14:47:05 -04:00
ipv6.h ipv6: bool/const conversions phase2 2012-05-19 01:08:16 -04:00
ipx.h
iw_handler.h
lapb.h lapb: Neaten debugging 2012-05-17 18:45:20 -04:00
lib80211.h
llc_c_ac.h
llc_c_ev.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h net: delete all instances of special processing for token ring 2012-05-15 20:14:35 -04:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
mac80211.h mac80211: (selectively) add HT details in radiotap 2012-05-16 12:46:38 -04:00
mac802154.h mac802154: RX data path 2012-05-16 15:16:44 -04:00
mip6.h
mld.h
ndisc.h Treat ND option 31 as userland (DNSSL support) 2012-04-12 15:56:57 -04:00
neighbour.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
net_namespace.h net sysctl: Add place holder functions for when sysctl support is compiled out of the kernel. 2012-04-23 19:24:28 -04:00
net_ratelimit.h
netdma.h
netevent.h
netlabel.h
netlink.h netlink: Delete all NLA_PUT*() macros. 2012-04-02 04:33:45 -04:00
netprio_cgroup.h
netrom.h
nexthop.h
nl802154.h
p8022.h
ping.h
pkt_cls.h
pkt_sched.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
protocol.h
psnap.h
raw.h
rawv6.h ipv6: bool/const conversions phase2 2012-05-19 01:08:16 -04:00
red.h net_sched: red: Make minor corrections to comments 2012-04-16 23:53:11 -04:00
regulatory.h
request_sock.h
rose.h
route.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
rtnetlink.h rtnetlink: ops->get_tx_queue() cannot take a const 'tb'. 2012-04-13 14:21:04 -04:00
sch_generic.h
scm.h
secure_seq.h
slhc_vj.h
snmp.h
sock.h memcg: decrement static keys at real destroy time 2012-05-29 16:22:28 -07:00
stp.h
tcp_memcontrol.h cgroup: pass struct mem_cgroup instead of struct cgroup to socket memcg 2012-04-10 10:04:07 -07:00
tcp_states.h
tcp.h tcp: bool conversions 2012-05-17 14:59:59 -04:00
timewait_sock.h
transp_v6.h
udp.h net/ipv6/udp: UDP encapsulation: introduce encap_rcv hook into IPv6 2012-04-28 22:21:51 -04:00
udplite.h
wext.h
wimax.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
wpan-phy.h mac802154: monitor device support 2012-05-16 15:17:08 -04:00
x25.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
x25device.h
xfrm.h xfrm: Convert several xfrm policy match functions to bool. 2012-05-15 15:04:57 -04:00