From: [EMAIL PROTECTED]
Date: Mon, 17 Jul 2006 11:52:27 -0400
+ cipso_v4_cache[iter].lock = SPIN_LOCK_UNLOCKED;
Please use: spin_lock_init(cipso_v4_cache[iter].lock);
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
Add support for the Commercial IP Security Option (CIPSO) to the IPv4 network
stack. CIPSO has become a de-facto standard for trusted/labeled networking
amongst existing Trusted Operating Systems such as Trusted Solaris, HP-UX CMW,
etc. This implementation is designed to be used with the
On Friday 14 July 2006 10:03 pm, James Morris wrote:
On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
+/**
+ * cipso_v4_bitmap_walk - Walk a bitmap looking for a bit
+ * cipso_v4_bitmap_setbit - Sets a single bit in a bitmap
Can you use lib/bitmap.c instead?
Looking again at
From: Paul Moore [EMAIL PROTECTED]
Date: Sun, 16 Jul 2006 12:10:44 -0400
On Friday 14 July 2006 10:03 pm, James Morris wrote:
On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
+/**
+ * cipso_v4_bitmap_walk - Walk a bitmap looking for a bit
+ * cipso_v4_bitmap_setbit - Sets a single bit
On Sunday 16 July 2006 9:12 pm, David Miller wrote:
From: Paul Moore [EMAIL PROTECTED]
Date: Sun, 16 Jul 2006 12:10:44 -0400
On Friday 14 July 2006 10:03 pm, James Morris wrote:
On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
+/**
+ * cipso_v4_bitmap_walk - Walk a bitmap looking for
From: Paul Moore [EMAIL PROTECTED]
Date: Sun, 16 Jul 2006 22:42:07 -0400
Right now I use both the bitmap_walk() and bitmap_setbit() routines
to deal with both CIPSO tags straight from the sk_buff as well as
the internal bitmap representation. Padding out the internal
bitmaps would require
On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
+struct sk_buff *cipso_v4_doi_dump_all(const size_t headroom)
+{
+ struct sk_buff *skb;
+ unsigned char *buf;
+ struct cipso_v4_doi *iter;
+ u32 doi_cnt = 0;
+ ssize_t buf_len;
+
+ /* XXX - In both cases, this is kinda
On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
+int cipso_v4_doi_add(struct cipso_v4_doi *doi_def)
+{
+ if (doi_def == NULL || doi_def-doi == CIPSO_V4_DOI_UNKNOWN)
+ return -EINVAL;
+
+ doi_def-valid = 1;
+ INIT_RCU_HEAD(doi_def-rcu);
+
On Friday 14 July 2006 10:03 pm, James Morris wrote:
On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
+/**
+ * cipso_v4_bitmap_walk - Walk a bitmap looking for a bit
+ * cipso_v4_bitmap_setbit - Sets a single bit in a bitmap
Can you use lib/bitmap.c instead?
I looked at using the routines
On Saturday 15 July 2006 9:08 am, James Morris wrote:
On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
+struct sk_buff *cipso_v4_doi_dump_all(const size_t headroom)
+{
+ struct sk_buff *skb;
+ unsigned char *buf;
+ struct cipso_v4_doi *iter;
+ u32 doi_cnt = 0;
+ ssize_t
On Saturday 15 July 2006 9:11 am, James Morris wrote:
On Sat, 15 Jul 2006, James Morris wrote:
+ /* XXX - In both cases, this is kinda ugly as we have to go through
+the list once to determine how large of a buffer we need,
+drop the locks, allocate the buffer, grab the locks,
On Saturday 15 July 2006 9:15 am, James Morris wrote:
On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
+int cipso_v4_doi_add(struct cipso_v4_doi *doi_def)
+{
+ if (doi_def == NULL || doi_def-doi == CIPSO_V4_DOI_UNKNOWN)
+ return -EINVAL;
+
+ doi_def-valid = 1;
+
On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
+int cipso_v4_cache_add(const struct sk_buff *skb,
+const struct netlbl_lsm_secattr *secattr)
+{
It seems that this cache grows without bounds, correct?
Also, how do you handle the case of a change to a cached mapping?
-
On Saturday 15 July 2006 6:39 pm, James Morris wrote:
On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
+int cipso_v4_cache_add(const struct sk_buff *skb,
+ const struct netlbl_lsm_secattr *secattr)
+{
It seems that this cache grows without bounds, correct?
Unless I messed
Add support for the Commercial IP Security Option (CIPSO) to the IPv4 network
stack. CIPSO has become a de-facto standard for trusted/labeled networking
amongst existing Trusted Operating Systems such as Trusted Solaris, HP-UX CMW,
etc. This implementation is designed to be used with the
On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
+int cipso_v4_validate(unsigned char **option)
+{
+ unsigned char *opt = *option;
+ unsigned char *tag;
+ unsigned char opt_iter;
+ unsigned char err_offset = 0;
+ unsigned char locked = 0;
+ u8 opt_len;
+ u8
On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
+
+/* Label mapping cache */
+int cipso_v4_cache_enabled = 1;
+int cipso_v4_cache_bucketsize = 10;
+static struct cipso_v4_map_cache_bkt *cipso_v4_cache = NULL;
+#define CIPSO_V4_CACHE_ENABLED (cipso_v4_cache_enabled \
+
17 matches
Mail list logo
