1
linux/include/net
Paul Moore 8cc44579d1 NetLabel: Introduce static network labels for unlabeled connections
Most trusted OSs, with the exception of Linux, have the ability to specify
static security labels for unlabeled networks.  This patch adds this ability to
the NetLabel packet labeling framework.

If the NetLabel subsystem is called to determine the security attributes of an
incoming packet it first checks to see if any recognized NetLabel packet
labeling protocols are in-use on the packet.  If none can be found then the
unlabled connection table is queried and based on the packets incoming
interface and address it is matched with a security label as configured by the
administrator using the netlabel_tools package.  The matching security label is
returned to the caller just as if the packet was explicitly labeled using a
labeling protocol.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
2008-01-30 08:17:28 +11:00
..
9p Use helpers to obtain task pid in printks 2007-10-19 11:53:43 -07:00
bluetooth [NET]: Remove FASTCALL macro 2008-01-28 14:57:23 -08:00
irda [IrDA]: Irport removal - part 1 2008-01-28 15:08:10 -08:00
iucv [AF_IUCV]: postpone receival of iucv-packets 2007-10-10 16:54:51 -07:00
netfilter [NETNS][FRAGS]: Move ctl tables around. 2008-01-28 15:10:34 -08:00
netns [NETNS][FRAGS]: Isolate the secret interval from namespaces. 2008-01-28 15:10:39 -08:00
sctp [NET] CORE: Introducing new memory accounting interface. 2008-01-28 15:00:18 -08:00
tc_act [PKT_SCHED]: Add stateless NAT 2007-10-10 16:53:11 -07:00
tipc [TIPC]: Optimize stream send routine to avoid fragmentation 2007-07-10 22:06:12 -07:00
act_api.h [NET_SCHED]: act_api: use PTR_ERR in tcf_action_init/tcf_action_get 2008-01-28 15:11:17 -08:00
addrconf.h [IPV4]: Enable use of 240/4 address space. 2008-01-28 15:08:44 -08:00
af_rxrpc.h [AF_RXRPC]: Add an interface to the AF_RXRPC module for the AFS filesystem to use 2007-04-26 15:50:17 -07:00
af_unix.h [AF_UNIX]: Remove unused declaration of sysctl_unix_max_dgram_qlen. 2008-01-28 14:57:13 -08:00
ah.h [IPSEC]: Get rid of ipv6_{auth,esp,comp}_hdr 2007-10-10 16:55:55 -07:00
arp.h [IPV4]: Remove unused define in include/net/arp.h (HAVE_ARP_CREATE) 2008-01-28 15:00:16 -08:00
atmclip.h
ax25.h [NET] include/net/: Spelling fixes 2007-12-20 13:56:32 -08:00
ax88796.h ax88796: add 93cx6 eeprom support 2007-10-10 16:53:56 -07:00
cfg80211.h cfg80211/nl80211: implement station attribute retrieval 2008-01-28 14:59:52 -08:00
checksum.h [NET]: Move netfilter checksum helpers to net/core/utils.c 2008-01-28 14:55:14 -08:00
cipso_ipv4.h [NetLabel]: consolidate the struct socket/sock handling to just struct sock 2007-06-08 13:33:09 -07:00
compat.h [NET]: Introduce SIOCGSTAMPNS ioctl to get timestamps with nanosec resolution 2007-04-25 22:24:04 -07:00
datalink.h
dn_dev.h
dn_fib.h [DECNet]: Use rtnl registration interface 2007-04-25 22:27:12 -07:00
dn_neigh.h
dn_nsp.h
dn_route.h [NET]: Wrap netdevice hardware header creation. 2007-10-10 16:52:50 -07:00
dn.h [DECNET]: Another unnecessary net/tcp.h inclusion in net/dn.h 2007-07-10 23:02:12 -07:00
dsfield.h [NET]: Constify include/net/dsfield.h 2008-01-28 14:55:58 -08:00
dst.h [DST]: shrinks sizeof(struct rtable) by 64 bytes on x86_64 2008-01-28 15:10:41 -08:00
esp.h cleanup asm/scatterlist.h includes 2007-11-02 08:47:06 +01:00
fib_rules.h [NETNS]: Process FIB rule action in the context of the namespace. 2008-01-28 15:08:14 -08:00
flow.h [IPV4]: Remove unused multipath cached routing defintion in net/flow.h 2008-01-28 15:00:20 -08:00
gen_stats.h [NET_SCHED]: Convert packet schedulers from rtnetlink to new netlink API 2008-01-28 15:11:10 -08:00
genetlink.h [GENETLINK]: Dynamic multicast groups. 2007-07-18 15:47:52 -07:00
icmp.h [IPV4]: Add ICMPMsgStats MIB (RFC 4293) 2007-10-10 16:51:28 -07:00
ieee80211_crypt.h [PATCH] Update my email address from jkmaline@cc.hut.fi to j@w1.fi 2007-04-28 11:01:01 -04:00
ieee80211_radiotap.h [MAC80211]: Add get_unaligned to ieee80211_get_radiotap_len 2007-10-10 16:47:40 -07:00
ieee80211.h ieee80211: fix misannotations 2008-01-28 15:08:48 -08:00
ieee80211softmac_wx.h
ieee80211softmac.h [IEEE80211]: Fix softmac lockdep reports. 2007-10-10 16:52:22 -07:00
if_inet6.h IPoIB: improve IPv4/IPv6 to IB mcast mapping functions 2008-01-25 14:15:37 -08:00
inet6_connection_sock.h
inet6_hashtables.h [INET]: Use jhash + random secret for ehash. 2007-04-25 22:28:06 -07:00
inet_common.h [INET]: Remove leftover prototypes from include/net/inet_common.h 2007-11-12 21:02:51 -08:00
inet_connection_sock.h
inet_ecn.h [INET]: Give outer DSCP directly to ip*_copy_dscp 2008-01-28 14:53:45 -08:00
inet_frag.h [NETNS][FRAGS]: Make the pernet subsystem for fragments. 2008-01-28 15:10:40 -08:00
inet_hashtables.h [NET]: prot_inuse cleanups and optimizations 2008-01-28 15:00:36 -08:00
inet_sock.h [UDP]: Make use of inet_iif() when doing socket lookups. 2007-10-25 18:54:46 -07:00
inet_timewait_sock.h [INET]: Uninline the inet_twsk_put function. 2008-01-28 14:59:28 -08:00
inetpeer.h [INET]: Use list_head-s in inetpeer.c 2007-11-12 21:27:28 -08:00
ip6_checksum.h
ip6_fib.h [XFRM] IPv6: Fix dst/routing check at transformation. 2008-01-28 14:59:36 -08:00
ip6_route.h [NETNS][IPV6]: Make sysctls route per namespace. 2008-01-28 15:01:20 -08:00
ip6_tunnel.h [NET] include/net/: Spelling fixes 2007-12-20 13:56:32 -08:00
ip_fib.h [NETNS]: Add netns parameter to fib_select_default. 2008-01-28 15:11:03 -08:00
ip_vs.h [IPVS]: Switch to using ctl_paths. 2008-01-28 15:01:08 -08:00
ip.h [NETNS][FRAGS]: Make the mem counter per-namespace. 2008-01-28 15:10:36 -08:00
ipcomp.h [IPSEC]: Get rid of ipv6_{auth,esp,comp}_hdr 2007-10-10 16:55:55 -07:00
ipconfig.h
ipip.h [IPV4]: Add ip_local_out 2008-01-28 14:53:47 -08:00
ipv6.h [NETNS][FRAGS]: Make the mem counter per-namespace. 2008-01-28 15:10:36 -08:00
ipx.h [SK_BUFF]: Introduce skb_transport_header(skb) 2007-04-25 22:25:31 -07:00
iw_handler.h [NL80211]: add netlink interface to cfg80211 2007-10-10 16:52:14 -07:00
lapb.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h [NET]: Make socket creation namespace safe. 2007-10-10 16:49:07 -07:00
llc_if.h
llc_pdu.h [SK_BUFF]: Introduce skb_network_header() 2007-04-25 22:24:59 -07:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
mac80211.h mac80211: add unified BSS configuration 2008-01-28 15:09:43 -08:00
mip6.h [IPV6] MIP6: Loadable module support for MIPv6. 2007-07-10 22:15:42 -07:00
ndisc.h [IPv6]: Export userland ND options through netlink (RDNSS support) 2007-10-10 21:22:05 -07:00
neighbour.h [ARP]: neigh_parms_put(destroy) are essentially local to core/neighbour.c. 2008-01-28 15:02:11 -08:00
net_namespace.h [NETNS]: Namespacing in the generic fib rules code. 2008-01-28 15:01:23 -08:00
netdma.h
netevent.h [NET]: Remove unnecessary inclusion of dst.h 2008-01-28 14:53:38 -08:00
netlabel.h NetLabel: Introduce static network labels for unlabeled connections 2008-01-30 08:17:28 +11:00
netlink.h [NETLINK]: Add nla_append() 2008-01-28 15:11:09 -08:00
netrom.h
nexthop.h
p8022.h
pkt_cls.h [NET_SCHED]: Convert classifiers from rtnetlink to new netlink API 2008-01-28 15:11:11 -08:00
pkt_sched.h [NET_SCHED]: Convert packet schedulers from rtnetlink to new netlink API 2008-01-28 15:11:10 -08:00
protocol.h [IPV6]: make inet6_register_protosw to return an error code 2008-01-28 14:57:12 -08:00
psnap.h
raw.h [NETNS][RAW]: Make /proc/net/raw(6) show per-namespace socket list. 2008-01-28 15:02:06 -08:00
rawv6.h [IPv6] RAW: Compact the API for the kernel 2008-01-28 14:54:29 -08:00
red.h [NET_SCHED]: turn PSCHED_GET_TIME into inline function 2007-04-25 22:27:55 -07:00
request_sock.h [INET]: Fix potential kfree on vmalloc-ed area of request_sock_queue 2007-11-15 02:57:06 -08:00
rose.h [ROSE]: Fix rose.ko oops on unload 2007-10-07 23:44:17 -07:00
route.h [NETNS]: Routing cache virtualization. 2008-01-28 15:11:13 -08:00
rtnetlink.h [NET]: Make the device list and device lookups per namespace. 2007-10-10 16:49:10 -07:00
sch_generic.h [NET_SCHED]: Convert classifiers from rtnetlink to new netlink API 2008-01-28 15:11:11 -08:00
scm.h pid namespaces: changes to show virtual ids to user 2007-10-19 11:53:40 -07:00
slhc_vj.h
snmp.h [XFRM]: Define packet dropping statistics. 2008-01-28 14:59:38 -08:00
sock.h [TCP]: Do not purge sk_forward_alloc entirely in tcp_delack_timer(). 2008-01-28 15:01:42 -08:00
syncppp.h
tcp_states.h
tcp.h [TCP]: Uninline tcp_is_cwnd_limited 2008-01-28 15:01:48 -08:00
timewait_sock.h
transp_v6.h [IPV6]: make the protocol initialization to return an error code 2008-01-28 14:57:13 -08:00
udp.h [NET]: prot_inuse cleanups and optimizations 2008-01-28 15:00:36 -08:00
udplite.h [UDP]: Restore missing inDatagrams increments 2008-01-28 14:56:33 -08:00
wext.h [NET]: Make the device list and device lookups per namespace. 2007-10-10 16:49:10 -07:00
wireless.h [WIRELESS] cfg80211: New wireless config infrastructure. 2007-04-25 22:29:41 -07:00
x25.h
x25device.h [SK_BUFF]: Introduce skb_reset_mac_header(skb) 2007-04-25 22:24:32 -07:00
xfrm.h [XFRM] xfrm_policy_destroy: Rename and relative fixes. 2008-01-28 15:00:46 -08:00