diff options
| author |   Paul Moore <paul.moore@hp.com> | 2008-10-10 10:16:32 -0400 |
|---|---|---|
| committer | Paul Moore <paul.moore@hp.com> | 2008-10-10 10:16:32 -0400 |
| commit | 63c41688743760631188cf0f4ae986a6793ccb0a (patch) | |
| tree | b270091d7b763e8b6c5073d4ca618f0d36065188 /net/netlabel/netlabel_addrlist.h | |
| parent | netlabel: Add a generic way to create ordered linked lists of network addrs (diff) | |
| download | linux-dev-63c41688743760631188cf0f4ae986a6793ccb0a.tar.xz linux-dev-63c41688743760631188cf0f4ae986a6793ccb0a.zip | |
netlabel: Add network address selectors to the NetLabel/LSM domain mapping
This patch extends the NetLabel traffic labeling capabilities to individual
packets based not only on the LSM domain but the by the destination address
as well. The changes here only affect the core NetLabel infrastructre,
changes to the NetLabel KAPI and individial protocol engines are also
required but are split out into a different patch to ease review.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Reviewed-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'net/netlabel/netlabel_addrlist.h')
| -rw-r--r-- | net/netlabel/netlabel_addrlist.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/net/netlabel/netlabel_addrlist.h b/net/netlabel/netlabel_addrlist.h index 0c41df057fa8..0242bead405f 100644 --- a/net/netlabel/netlabel_addrlist.h +++ b/net/netlabel/netlabel_addrlist.h @@ -36,6 +36,7 @@ #include <linux/rcupdate.h> #include <linux/list.h> #include <linux/in6.h> +#include <linux/audit.h> /** * struct netlbl_af4list - NetLabel IPv4 address list @@ -116,6 +117,12 @@ struct netlbl_af4list *netlbl_af4list_remove(__be32 addr, __be32 mask, void netlbl_af4list_remove_entry(struct netlbl_af4list *entry); struct netlbl_af4list *netlbl_af4list_search(__be32 addr, struct list_head *head); +struct netlbl_af4list *netlbl_af4list_search_exact(__be32 addr, + __be32 mask, + struct list_head *head); +void netlbl_af4list_audit_addr(struct audit_buffer *audit_buf, + int src, const char *dev, + __be32 addr, __be32 mask); #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) @@ -169,6 +176,14 @@ struct netlbl_af6list *netlbl_af6list_remove(const struct in6_addr *addr, void netlbl_af6list_remove_entry(struct netlbl_af6list *entry); struct netlbl_af6list *netlbl_af6list_search(const struct in6_addr *addr, struct list_head *head); +struct netlbl_af6list *netlbl_af6list_search_exact(const struct in6_addr *addr, + const struct in6_addr *mask, + struct list_head *head); +void netlbl_af6list_audit_addr(struct audit_buffer *audit_buf, + int src, + const char *dev, + const struct in6_addr *addr, + const struct in6_addr *mask); #endif /* IPV6 */ #endif |