]> err.no Git - linux-2.6/commit
[MLSXFRM]: Add flow labeling
authorVenkat Yekkirala <vyekkirala@TrustedCS.com>
Sat, 5 Aug 2006 06:12:42 +0000 (23:12 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Fri, 22 Sep 2006 21:53:27 +0000 (14:53 -0700)
commitbeb8d13bed80f8388f1a9a107d07ddd342e627e8
tree19d5763b9b3b8ff3969997565e5ec0edd6e4bd33
parent4e2ba18eae7f370c7c3ed96eaca747cc9b39f917
[MLSXFRM]: Add flow labeling

This labels the flows that could utilize IPSec xfrms at the points the
flows are defined so that IPSec policy and SAs at the right label can
be used.

The following protos are currently not handled, but they should
continue to be able to use single-labeled IPSec like they currently
do.

ipmr
ip_gre
ipip
igmp
sit
sctp
ip6_tunnel (IPv6 over IPv6 tunnel device)
decnet

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
26 files changed:
include/linux/security.h
include/net/route.h
net/dccp/ipv4.c
net/dccp/ipv6.c
net/ipv4/af_inet.c
net/ipv4/icmp.c
net/ipv4/inet_connection_sock.c
net/ipv4/ip_output.c
net/ipv4/netfilter/ipt_REJECT.c
net/ipv4/raw.c
net/ipv4/syncookies.c
net/ipv4/udp.c
net/ipv6/af_inet6.c
net/ipv6/datagram.c
net/ipv6/icmp.c
net/ipv6/inet6_connection_sock.c
net/ipv6/ndisc.c
net/ipv6/netfilter/ip6t_REJECT.c
net/ipv6/raw.c
net/ipv6/tcp_ipv6.c
net/ipv6/udp.c
net/xfrm/xfrm_policy.c
security/dummy.c
security/selinux/hooks.c
security/selinux/include/xfrm.h
security/selinux/xfrm.c