diff options
author | Paul Moore <paul.moore@hp.com> | 2006-08-04 03:48:06 +0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-23 01:53:33 +0400 |
commit | 446fda4f26822b2d42ab3396aafcedf38a9ff2b6 (patch) | |
tree | 1e095b7f705fafe0e301b7ce0c61a1f92a2a6a8d /include/linux/sysctl.h | |
parent | 11a03f78fbf15a866ba3bf6359a75cdfd1ced703 (diff) | |
download | linux-446fda4f26822b2d42ab3396aafcedf38a9ff2b6.tar.xz |
[NetLabel]: CIPSOv4 engine
Add support for the Commercial IP Security Option (CIPSO) to the IPv4
network stack. CIPSO has become a de-facto standard for
trusted/labeled networking amongst existing Trusted Operating Systems
such as Trusted Solaris, HP-UX CMW, etc. This implementation is
designed to be used with the NetLabel subsystem to provide explicit
packet labeling to LSM developers.
The CIPSO/IPv4 packet labeling works by the LSM calling a NetLabel API
function which attaches a CIPSO label (IPv4 option) to a given socket;
this in turn attaches the CIPSO label to every packet leaving the
socket without any extra processing on the outbound side. On the
inbound side the individual packet's sk_buff is examined through a
call to a NetLabel API function to determine if a CIPSO/IPv4 label is
present and if so the security attributes of the CIPSO label are
returned to the caller of the NetLabel API function.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux/sysctl.h')
-rw-r--r-- | include/linux/sysctl.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h index e4b1a4d4dcf3..af61d9235409 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h @@ -411,6 +411,10 @@ enum NET_IPV4_TCP_WORKAROUND_SIGNED_WINDOWS=115, NET_TCP_DMA_COPYBREAK=116, NET_TCP_SLOW_START_AFTER_IDLE=117, + NET_CIPSOV4_CACHE_ENABLE=118, + NET_CIPSOV4_CACHE_BUCKET_SIZE=119, + NET_CIPSOV4_RBM_OPTFMT=120, + NET_CIPSOV4_RBM_STRICTVALID=121, }; enum { |