calipso: Add a label cache.

This works in exactly the same way as the CIPSO label cache. The idea is to allow the lsm to cache the result of a secattr lookup so that it doesn't need to perform the lookup for every skbuff. It introduces two sysctl controls: calipso_cache_enable - enables/disables the cache. calipso_cache_bucket_size - sets the size of a cache bucket. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Huw Davies <huw@codeweavers.com> 2016-06-27 15:06:17 -0400
committer: Paul Moore <paul@paul-moore.com> 2016-06-27 15:06:17 -0400
commit: 4fee5242bf41d9ad641d4c1b821e36eb7ba37fbf (patch)
tree: 6b79290fc0dbeffe30945235ca86576b652c84dd /include/net/calipso.h
parent: calipso: Add validation of CALIPSO option. (diff)
download: linux-dev-4fee5242bf41d9ad641d4c1b821e36eb7ba37fbf.tar.xz
linux-dev-4fee5242bf41d9ad641d4c1b821e36eb7ba37fbf.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/include/net/calipso.h b/include/net/calipso.h
index 85404e2375d8..b1b30cd36601 100644
--- a/include/net/calipso.h
+++ b/include/net/calipso.h
@@ -62,6 +62,12 @@ struct calipso_doi {
 	struct rcu_head rcu;
 };
 
+/*
+ * Sysctl Variables
+ */
+extern int calipso_cache_enabled;
+extern int calipso_cache_bucketsize;
+
 #ifdef CONFIG_NETLABEL
 int __init calipso_init(void);
 void calipso_exit(void);
author	Huw Davies <huw@codeweavers.com>	2016-06-27 15:06:17 -0400
committer	Paul Moore <paul@paul-moore.com>	2016-06-27 15:06:17 -0400
commit	4fee5242bf41d9ad641d4c1b821e36eb7ba37fbf (patch)
tree	6b79290fc0dbeffe30945235ca86576b652c84dd /include/net/calipso.h
parent	calipso: Add validation of CALIPSO option. (diff)
download	linux-dev-4fee5242bf41d9ad641d4c1b821e36eb7ba37fbf.tar.xz linux-dev-4fee5242bf41d9ad641d4c1b821e36eb7ba37fbf.zip