summaryrefslogtreecommitdiffstats
path: root/include/net/route.h
diff options
context:
space:
mode:
authorVenkat Yekkirala <vyekkirala@TrustedCS.com>2006-08-05 08:12:42 +0200
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-22 23:53:27 +0200
commitbeb8d13bed80f8388f1a9a107d07ddd342e627e8 (patch)
tree19d5763b9b3b8ff3969997565e5ec0edd6e4bd33 /include/net/route.h
parent[MLSXFRM]: Add security context to acquire messages using PF_KEY (diff)
downloadlinux-beb8d13bed80f8388f1a9a107d07ddd342e627e8.tar.xz
linux-beb8d13bed80f8388f1a9a107d07ddd342e627e8.zip
[MLSXFRM]: Add flow labeling
This labels the flows that could utilize IPSec xfrms at the points the flows are defined so that IPSec policy and SAs at the right label can be used. The following protos are currently not handled, but they should continue to be able to use single-labeled IPSec like they currently do. ipmr ip_gre ipip igmp sit sctp ip6_tunnel (IPv6 over IPv6 tunnel device) decnet Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/route.h')
-rw-r--r--include/net/route.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/include/net/route.h b/include/net/route.h
index c4a068692dcc..7f93ac0e0899 100644
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -32,6 +32,7 @@
#include <linux/route.h>
#include <linux/ip.h>
#include <linux/cache.h>
+#include <linux/security.h>
#ifndef __KERNEL__
#warning This file is not supposed to be used outside of kernel.
@@ -166,6 +167,7 @@ static inline int ip_route_connect(struct rtable **rp, u32 dst,
ip_rt_put(*rp);
*rp = NULL;
}
+ security_sk_classify_flow(sk, &fl);
return ip_route_output_flow(rp, &fl, sk, 0);
}
@@ -182,6 +184,7 @@ static inline int ip_route_newports(struct rtable **rp, u8 protocol,
fl.proto = protocol;
ip_rt_put(*rp);
*rp = NULL;
+ security_sk_classify_flow(sk, &fl);
return ip_route_output_flow(rp, &fl, sk, 0);
}
return 0;