From: [EMAIL PROTECTED]
Date: Mon, 17 Jul 2006 11:52:27 -0400
> + cipso_v4_cache[iter].lock = SPIN_LOCK_UNLOCKED;
Please use: "spin_lock_init(&cipso_v4_cache[iter].lock);"
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED
Add support for the Commercial IP Security Option (CIPSO) to the IPv4 network
stack. CIPSO has become a de-facto standard for trusted/labeled networking
amongst existing Trusted Operating Systems such as Trusted Solaris, HP-UX CMW,
etc. This implementation is designed to be used with the NetLabel
From: Paul Moore <[EMAIL PROTECTED]>
Date: Sun, 16 Jul 2006 22:42:07 -0400
> Right now I use both the bitmap_walk() and bitmap_setbit() routines
> to deal with both CIPSO tags straight from the sk_buff as well as
> the internal bitmap representation. Padding out the internal
> bitmaps would requi
On Sunday 16 July 2006 9:12 pm, David Miller wrote:
> From: Paul Moore <[EMAIL PROTECTED]>
> Date: Sun, 16 Jul 2006 12:10:44 -0400
>
> > On Friday 14 July 2006 10:03 pm, James Morris wrote:
> > > On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
> > > > +/**
> > > > + * cipso_v4_bitmap_walk - Walk a bi
From: Paul Moore <[EMAIL PROTECTED]>
Date: Sun, 16 Jul 2006 12:10:44 -0400
> On Friday 14 July 2006 10:03 pm, James Morris wrote:
> > On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
> > > +/**
> > > + * cipso_v4_bitmap_walk - Walk a bitmap looking for a bit
> > >
> > > + * cipso_v4_bitmap_setbit - S
On Friday 14 July 2006 10:03 pm, James Morris wrote:
> On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
> > +/**
> > + * cipso_v4_bitmap_walk - Walk a bitmap looking for a bit
> >
> > + * cipso_v4_bitmap_setbit - Sets a single bit in a bitmap
>
> Can you use lib/bitmap.c instead?
Looking again at inc
On Saturday 15 July 2006 6:39 pm, James Morris wrote:
> On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
> > +int cipso_v4_cache_add(const struct sk_buff *skb,
> > + const struct netlbl_lsm_secattr *secattr)
> > +{
>
> It seems that this cache grows without bounds, correct?
Unless I
On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
> +int cipso_v4_cache_add(const struct sk_buff *skb,
> +const struct netlbl_lsm_secattr *secattr)
> +{
It seems that this cache grows without bounds, correct?
Also, how do you handle the case of a change to a cached mapping?
-
On Saturday 15 July 2006 9:15 am, James Morris wrote:
> On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
> > +int cipso_v4_doi_add(struct cipso_v4_doi *doi_def)
> > +{
> > + if (doi_def == NULL || doi_def->doi == CIPSO_V4_DOI_UNKNOWN)
> > + return -EINVAL;
> > +
> > + doi_def->valid = 1;
On Saturday 15 July 2006 9:11 am, James Morris wrote:
> On Sat, 15 Jul 2006, James Morris wrote:
> > > + /* XXX - In both cases, this is kinda ugly as we have to go through
> > > +the list once to determine how large of a buffer we need,
> > > +drop the locks, allocate the buffer, grab the
On Saturday 15 July 2006 9:08 am, James Morris wrote:
> On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
> > +struct sk_buff *cipso_v4_doi_dump_all(const size_t headroom)
> > +{
> > + struct sk_buff *skb;
> > + unsigned char *buf;
> > + struct cipso_v4_doi *iter;
> > + u32 doi_cnt = 0;
> > +
On Friday 14 July 2006 10:18 pm, James Morris wrote:
>
> If you're in a permanent cleanup phase, why bother clearing all of these
> global variables and using temporary pointers?
>
> Why not just simply free each entry? The way this is coded makes it seem
> like you're unsure about the safety of t
On Friday 14 July 2006 10:03 pm, James Morris wrote:
> On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
> > +/**
> > + * cipso_v4_bitmap_walk - Walk a bitmap looking for a bit
> >
> > + * cipso_v4_bitmap_setbit - Sets a single bit in a bitmap
>
> Can you use lib/bitmap.c instead?
I looked at using th
On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
> +int cipso_v4_doi_add(struct cipso_v4_doi *doi_def)
> +{
> + if (doi_def == NULL || doi_def->doi == CIPSO_V4_DOI_UNKNOWN)
> + return -EINVAL;
> +
> + doi_def->valid = 1;
> + INIT_RCU_HEAD(&doi_def->rcu);
> + INIT_LIST_HEAD
On Sat, 15 Jul 2006, James Morris wrote:
> > + /* XXX - In both cases, this is kinda ugly as we have to go through
> > + the list once to determine how large of a buffer we need,
> > + drop the locks, allocate the buffer, grab the locks, and
> > + finally fill the buffer. The pro
On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
> +struct sk_buff *cipso_v4_doi_dump_all(const size_t headroom)
> +{
> + struct sk_buff *skb;
> + unsigned char *buf;
> + struct cipso_v4_doi *iter;
> + u32 doi_cnt = 0;
> + ssize_t buf_len;
> +
> + /* XXX - In both cases, this
On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
> +
> +/* Label mapping cache */
> +int cipso_v4_cache_enabled = 1;
> +int cipso_v4_cache_bucketsize = 10;
> +static struct cipso_v4_map_cache_bkt *cipso_v4_cache = NULL;
> +#define CIPSO_V4_CACHE_ENABLED (cipso_v4_cache_enabled &&\
> +
On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
> +/**
> + * cipso_v4_bitmap_walk - Walk a bitmap looking for a bit
> + * cipso_v4_bitmap_setbit - Sets a single bit in a bitmap
Can you use lib/bitmap.c instead?
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line
On Fri, 14 Jul 2006, [EMAIL PROTECTED] wrote:
> +int cipso_v4_validate(unsigned char **option)
> +{
> + unsigned char *opt = *option;
> + unsigned char *tag;
> + unsigned char opt_iter;
> + unsigned char err_offset = 0;
> + unsigned char locked = 0;
> + u8 opt_len;
> +
Add support for the Commercial IP Security Option (CIPSO) to the IPv4 network
stack. CIPSO has become a de-facto standard for trusted/labeled networking
amongst existing Trusted Operating Systems such as Trusted Solaris, HP-UX CMW,
etc. This implementation is designed to be used with the NetLabel
20 matches
Mail list logo
