From 06b06e217c388b5942045ae7b5567338343d27d9 Mon Sep 17 00:00:00 2001 From: Serge Hallyn Date: Sat, 20 Oct 2007 00:53:30 +0200 Subject: [PATCH] --- yaml --- r: 71848 b: refs/heads/master c: 6da34bae29f51c35b300d89c1bbfe96cdf44d4d5 h: refs/heads/master v: v3 --- [refs] | 2 +- trunk/include/linux/security.h | 17 +++++++++++++++-- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/[refs] b/[refs] index fac739faab08..a00536f6898b 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: 118e78d1cd7023c3b155f861072ba10df0265fda +refs/heads/master: 6da34bae29f51c35b300d89c1bbfe96cdf44d4d5 diff --git a/trunk/include/linux/security.h b/trunk/include/linux/security.h index ff3f857f6957..ac050830a873 100644 --- a/trunk/include/linux/security.h +++ b/trunk/include/linux/security.h @@ -832,9 +832,11 @@ struct request_sock; * incoming sk_buff @skb has been associated with a particular socket, @sk. * @sk contains the sock (not socket) associated with the incoming sk_buff. * @skb contains the incoming network data. - * @socket_getpeersec: + * @socket_getpeersec_stream: * This hook allows the security module to provide peer socket security - * state to userspace via getsockopt SO_GETPEERSEC. + * state for unix or connected tcp sockets to userspace via getsockopt + * SO_GETPEERSEC. For tcp sockets this can be meaningful if the + * socket is associated with an ipsec SA. * @sock is the local socket. * @optval userspace memory where the security state is to be copied. * @optlen userspace int where the module should copy the actual length @@ -843,6 +845,17 @@ struct request_sock; * by the caller. * Return 0 if all is well, otherwise, typical getsockopt return * values. + * @socket_getpeersec_dgram: + * This hook allows the security module to provide peer socket security + * state for udp sockets on a per-packet basis to userspace via + * getsockopt SO_GETPEERSEC. The application must first have indicated + * the IP_PASSSEC option via getsockopt. It can then retrieve the + * security state returned by this hook for a packet via the SCM_SECURITY + * ancillary message type. + * @skb is the skbuff for the packet being queried + * @secdata is a pointer to a buffer in which to copy the security data + * @seclen is the maximum length for @secdata + * Return 0 on success, error on failure. * @sk_alloc_security: * Allocate and attach a security structure to the sk->sk_security field, * which is used to copy security attributes between local stream sockets.