github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 22:52:35 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
49ffa112f6
linux/include
History
Paul Moore 49ffa112f6 cipso: handle CIPSO options correctly when NetLabel is disabled 
[ Upstream commit 20e2a86485 ]

When NetLabel is not enabled, e.g. CONFIG_NETLABEL=n, and the system
receives a CIPSO tagged packet it is dropped (cipso_v4_validate()
returns non-zero).  In most cases this is the correct and desired
behavior, however, in the case where we are simply forwarding the
traffic, e.g. acting as a network bridge, this becomes a problem.

This patch fixes the forwarding problem by providing the basic CIPSO
validation code directly in ip_options_compile() without the need for
the NetLabel or CIPSO code.  The new validation code can not perform
any of the CIPSO option label/value verification that
cipso_v4_validate() does, but it can verify the basic CIPSO option
format.

The behavior when NetLabel is enabled is unchanged.

Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-07-16 08:47:36 -07:00
..
acpi ACPI: Store SRAT table revision 2012-01-25 17:24:57 -08:00
asm-generic mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition 2012-06-10 00:32:57 +09:00
crypto
drm drm/radeon/kms: add new BTC PCI ids 2012-06-10 00:33:04 +09:00
keys
linux USB: add NO_D3_DURING_SLEEP flag and revert 151b612847 2012-06-22 11:34:15 -07:00
math-emu
media [media] tuner-core/v4l2-subdev: document that the type field has to be filled in 2011-07-07 15:04:23 -03:00
mtd
net cipso: handle CIPSO options correctly when NetLabel is disabled 2012-07-16 08:47:36 -07:00
pcmcia pcmcia: Make declaration and uses of struct pcmcia_device_id const 2011-05-06 07:46:15 +02:00
rdma Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband 2011-05-26 12:13:57 -07:00
rxrpc
scsi [SCSI] libsas: Add option for SATA soft reset 2011-05-26 22:49:33 -05:00
sound ALSA: sb16 - Fix build errors on MIPS and others with 13bit ioctl size 2011-06-30 15:33:57 +02:00
target target: Set additional sense length field in sense data 2012-01-25 17:25:00 -08:00
trace writeback: fix dereferencing NULL bdi->dev on trace_writeback_queue 2012-02-20 12:48:11 -08:00
video OMAPDSS: HDMI: PHY burnout fix 2012-03-12 10:32:59 -07:00
xen xen/xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. 2012-01-25 17:24:41 -08:00
Kbuild