diff options
| author | Huw Davies <huw@codeweavers.com> | 2016-06-27 15:02:46 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2016-06-27 15:02:46 -0400 |
| commit | cb72d38211eacda2dd90b09540542b6582da614e (patch) | |
| tree | 2a9be751e1917ede6f9a56f547eafacfa202d1e7 /include/uapi | |
| parent | 8f18e675c3335b5f113dbabc4afbab6da41ff61f (diff) | |
netlabel: Initial support for the CALIPSO netlink protocol.
CALIPSO is a packet labelling protocol for IPv6 which is very similar
to CIPSO. It is specified in RFC 5570. Much of the code is based on
the current CIPSO code.
This adds support for adding passthrough-type CALIPSO DOIs through the
NLBL_CALIPSO_C_ADD command. It requires attributes:
NLBL_CALIPSO_A_TYPE which must be CALIPSO_MAP_PASS.
NLBL_CALIPSO_A_DOI.
In passthrough mode the CALIPSO engine will map MLS secattr levels
and categories directly to the packet label.
At this stage, the major difference between this and the CIPSO
code is that IPv6 may be compiled as a module. To allow for
this the CALIPSO functions are registered at module init time.
Signed-off-by: Huw Davies <huw@codeweavers.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include/uapi')
| -rw-r--r-- | include/uapi/linux/audit.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index d820aa979620..82e8aa59446b 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -130,6 +130,8 @@ #define AUDIT_MAC_IPSEC_EVENT 1415 /* Audit an IPSec event */ #define AUDIT_MAC_UNLBL_STCADD 1416 /* NetLabel: add a static label */ #define AUDIT_MAC_UNLBL_STCDEL 1417 /* NetLabel: del a static label */ +#define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */ +#define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */ #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 |