diff options
author | Paul Moore <paul.moore@hp.com> | 2006-08-03 16:48:06 -0700 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 14:53:33 -0700 |
commit | 446fda4f26822b2d42ab3396aafcedf38a9ff2b6 (patch) | |
tree | 1e095b7f705fafe0e301b7ce0c61a1f92a2a6a8d /net/ipv4/Makefile | |
parent | 11a03f78fbf15a866ba3bf6359a75cdfd1ced703 (diff) | |
download | kernel_goldelico_gta04-446fda4f26822b2d42ab3396aafcedf38a9ff2b6.zip kernel_goldelico_gta04-446fda4f26822b2d42ab3396aafcedf38a9ff2b6.tar.gz kernel_goldelico_gta04-446fda4f26822b2d42ab3396aafcedf38a9ff2b6.tar.bz2 |
[NetLabel]: CIPSOv4 engine
Add support for the Commercial IP Security Option (CIPSO) to the IPv4
network stack. CIPSO has become a de-facto standard for
trusted/labeled networking amongst existing Trusted Operating Systems
such as Trusted Solaris, HP-UX CMW, etc. This implementation is
designed to be used with the NetLabel subsystem to provide explicit
packet labeling to LSM developers.
The CIPSO/IPv4 packet labeling works by the LSM calling a NetLabel API
function which attaches a CIPSO label (IPv4 option) to a given socket;
this in turn attaches the CIPSO label to every packet leaving the
socket without any extra processing on the outbound side. On the
inbound side the individual packet's sk_buff is examined through a
call to a NetLabel API function to determine if a CIPSO/IPv4 label is
present and if so the security attributes of the CIPSO label are
returned to the caller of the NetLabel API function.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/Makefile')
-rw-r--r-- | net/ipv4/Makefile | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv4/Makefile b/net/ipv4/Makefile index 4878fc5..f66049e 100644 --- a/net/ipv4/Makefile +++ b/net/ipv4/Makefile @@ -47,6 +47,7 @@ obj-$(CONFIG_TCP_CONG_VEGAS) += tcp_vegas.o obj-$(CONFIG_TCP_CONG_VENO) += tcp_veno.o obj-$(CONFIG_TCP_CONG_SCALABLE) += tcp_scalable.o obj-$(CONFIG_TCP_CONG_LP) += tcp_lp.o +obj-$(CONFIG_NETLABEL) += cipso_ipv4.o obj-$(CONFIG_XFRM) += xfrm4_policy.o xfrm4_state.o xfrm4_input.o \ xfrm4_output.o |