summaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
authorHuw Davies <huw@codeweavers.com>2016-06-27 21:06:17 +0200
committerPaul Moore <paul@paul-moore.com>2016-06-27 21:06:17 +0200
commit2e532b702834c07f614caf4489feb691e713232a (patch)
tree6214ab300ca11aaa1fe4ff47ee4b551a35794432 /include/net
parentnetlabel: Pass a family parameter to netlbl_skbuff_err(). (diff)
downloadlinux-2e532b702834c07f614caf4489feb691e713232a.tar.xz
linux-2e532b702834c07f614caf4489feb691e713232a.zip
calipso: Add validation of CALIPSO option.
Lengths, checksum and the DOI are checked. Checking of the level and categories are left for the socket layer. CRC validation is performed in the calipso module to avoid unconditionally linking crc_ccitt() into ipv6. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include/net')
-rw-r--r--include/net/calipso.h6
1 files changed, 6 insertions, 0 deletions
diff --git a/include/net/calipso.h b/include/net/calipso.h
index 38dbb4707150..85404e2375d8 100644
--- a/include/net/calipso.h
+++ b/include/net/calipso.h
@@ -65,6 +65,7 @@ struct calipso_doi {
#ifdef CONFIG_NETLABEL
int __init calipso_init(void);
void calipso_exit(void);
+bool calipso_validate(const struct sk_buff *skb, const unsigned char *option);
#else
static inline int __init calipso_init(void)
{
@@ -74,6 +75,11 @@ static inline int __init calipso_init(void)
static inline void calipso_exit(void)
{
}
+static inline bool calipso_validate(const struct sk_buff *skb,
+ const unsigned char *option)
+{
+ return true;
+}
#endif /* CONFIG_NETLABEL */
#endif /* _CALIPSO_H */