• Paul Moore's avatar
    [NetLabel]: CIPSOv4 engine · 446fda4f
    Paul Moore authored
    Add support for the Commercial IP Security Option (CIPSO) to the IPv4
    network stack.  CIPSO has become a de-facto standard for
    trusted/labeled networking amongst existing Trusted Operating Systems
    such as Trusted Solaris, HP-UX CMW, etc.  This implementation is
    designed to be used with the NetLabel subsystem to provide explicit
    packet labeling to LSM developers.
    
    The CIPSO/IPv4 packet labeling works by the LSM calling a NetLabel API
    function which attaches a CIPSO label (IPv4 option) to a given socket;
    this in turn attaches the CIPSO label to every packet leaving the
    socket without any extra processing on the outbound side.  On the
    inbound side the individual packet's sk_buff is examined through a
    call to a NetLabel API function to determine if a CIPSO/IPv4 label is
    present and if so the security attributes of the CIPSO label are
    returned to the caller of the NetLabel API function.
    Signed-off-by: default avatarPaul Moore <paul.moore@hp.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    446fda4f
cipso_ipv4.c 43.1 KB