• Huw Davies's avatar
    netlabel: Initial support for the CALIPSO netlink protocol. · cb72d382
    Huw Davies authored
    CALIPSO is a packet labelling protocol for IPv6 which is very similar
    to CIPSO.  It is specified in RFC 5570.  Much of the code is based on
    the current CIPSO code.
    
    This adds support for adding passthrough-type CALIPSO DOIs through the
    NLBL_CALIPSO_C_ADD command.  It requires attributes:
    
     NLBL_CALIPSO_A_TYPE which must be CALIPSO_MAP_PASS.
     NLBL_CALIPSO_A_DOI.
    
    In passthrough mode the CALIPSO engine will map MLS secattr levels
    and categories directly to the packet label.
    
    At this stage, the major difference between this and the CIPSO
    code is that IPv6 may be compiled as a module.  To allow for
    this the CALIPSO functions are registered at module init time.
    Signed-off-by: default avatarHuw Davies <huw@codeweavers.com>
    Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
    cb72d382
netlabel_kapi.c 30.4 KB