summaryrefslogtreecommitdiff
path: root/include/linux/sysctl.h
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2006-08-04 03:48:06 +0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-23 01:53:33 +0400
commit446fda4f26822b2d42ab3396aafcedf38a9ff2b6 (patch)
tree1e095b7f705fafe0e301b7ce0c61a1f92a2a6a8d /include/linux/sysctl.h
parent11a03f78fbf15a866ba3bf6359a75cdfd1ced703 (diff)
downloadlinux-446fda4f26822b2d42ab3396aafcedf38a9ff2b6.tar.xz
[NetLabel]: CIPSOv4 engine
Add support for the Commercial IP Security Option (CIPSO) to the IPv4 network stack. CIPSO has become a de-facto standard for trusted/labeled networking amongst existing Trusted Operating Systems such as Trusted Solaris, HP-UX CMW, etc. This implementation is designed to be used with the NetLabel subsystem to provide explicit packet labeling to LSM developers. The CIPSO/IPv4 packet labeling works by the LSM calling a NetLabel API function which attaches a CIPSO label (IPv4 option) to a given socket; this in turn attaches the CIPSO label to every packet leaving the socket without any extra processing on the outbound side. On the inbound side the individual packet's sk_buff is examined through a call to a NetLabel API function to determine if a CIPSO/IPv4 label is present and if so the security attributes of the CIPSO label are returned to the caller of the NetLabel API function. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux/sysctl.h')
-rw-r--r--include/linux/sysctl.h4
1 files changed, 4 insertions, 0 deletions
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index e4b1a4d4dcf3..af61d9235409 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -411,6 +411,10 @@ enum
NET_IPV4_TCP_WORKAROUND_SIGNED_WINDOWS=115,
NET_TCP_DMA_COPYBREAK=116,
NET_TCP_SLOW_START_AFTER_IDLE=117,
+ NET_CIPSOV4_CACHE_ENABLE=118,
+ NET_CIPSOV4_CACHE_BUCKET_SIZE=119,
+ NET_CIPSOV4_RBM_OPTFMT=120,
+ NET_CIPSOV4_RBM_STRICTVALID=121,
};
enum {