aboutsummaryrefslogtreecommitdiffstats
path: root/include/net/netlabel.h
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2008-01-29 08:44:21 -0500
committerJames Morris <jmorris@namei.org>2008-01-30 08:17:28 +1100
commit8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd (patch)
tree802d46ff2b1b1700a3baa726d2aa4aba320376c9 /include/net/netlabel.h
parent5dbe1eb0cfc144a2b0cb1466e22bcb6fc34229a8 (diff)
downloadkernel_samsung_tuna-8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd.zip
kernel_samsung_tuna-8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd.tar.gz
kernel_samsung_tuna-8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd.tar.bz2
NetLabel: Introduce static network labels for unlabeled connections
Most trusted OSs, with the exception of Linux, have the ability to specify static security labels for unlabeled networks. This patch adds this ability to the NetLabel packet labeling framework. If the NetLabel subsystem is called to determine the security attributes of an incoming packet it first checks to see if any recognized NetLabel packet labeling protocols are in-use on the packet. If none can be found then the unlabled connection table is queried and based on the packets incoming interface and address it is matched with a security label as configured by the administrator using the netlabel_tools package. The matching security label is returned to the caller just as if the packet was explicitly labeled using a labeling protocol. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/net/netlabel.h')
-rw-r--r--include/net/netlabel.h6
1 files changed, 5 insertions, 1 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index a3bffb4..b3213c7 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -67,7 +67,11 @@
* NetLabel NETLINK protocol
*/
-#define NETLBL_PROTO_VERSION 1
+/* NetLabel NETLINK protocol version
+ * 1: initial version
+ * 2: added static labels for unlabeled connections
+ */
+#define NETLBL_PROTO_VERSION 2
/* NetLabel NETLINK types/families */
#define NETLBL_NLTYPE_NONE 0