From 81f66bccdd75322995a016f116993f33f094b624 Mon Sep 17 00:00:00 2001 From: Venkat Yekkirala Date: Mon, 24 Jul 2006 23:28:37 -0700 Subject: [PATCH] --- yaml --- r: 34395 b: refs/heads/master c: b6340fcd761acf9249b3acbc95c4dc555d9beb07 h: refs/heads/master i: 34393: c6cea8ca0ec9c6d551a1b3f5d1fcec2c9e5a9426 34391: a2e5bca1ffb4bce966946a21b2d1844266746751 v: v3 --- [refs] | 2 +- trunk/Documentation/networking/secid.txt | 14 ++++++++++++++ trunk/include/net/flow.h | 1 + 3 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 trunk/Documentation/networking/secid.txt diff --git a/[refs] b/[refs] index a08a828a8e95..956c14c4305a 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: 892c141e62982272b9c738b5520ad0e5e1ad7b42 +refs/heads/master: b6340fcd761acf9249b3acbc95c4dc555d9beb07 diff --git a/trunk/Documentation/networking/secid.txt b/trunk/Documentation/networking/secid.txt new file mode 100644 index 000000000000..95ea06784333 --- /dev/null +++ b/trunk/Documentation/networking/secid.txt @@ -0,0 +1,14 @@ +flowi structure: + +The secid member in the flow structure is used in LSMs (e.g. SELinux) to indicate +the label of the flow. This label of the flow is currently used in selecting +matching labeled xfrm(s). + +If this is an outbound flow, the label is derived from the socket, if any, or +the incoming packet this flow is being generated as a response to (e.g. tcp +resets, timewait ack, etc.). It is also conceivable that the label could be +derived from other sources such as process context, device, etc., in special +cases, as may be appropriate. + +If this is an inbound flow, the label is derived from the IPSec security +associations, if any, used by the packet. diff --git a/trunk/include/net/flow.h b/trunk/include/net/flow.h index 04d89f763451..1cee5a83433a 100644 --- a/trunk/include/net/flow.h +++ b/trunk/include/net/flow.h @@ -78,6 +78,7 @@ struct flowi { #define fl_icmp_type uli_u.icmpt.type #define fl_icmp_code uli_u.icmpt.code #define fl_ipsec_spi uli_u.spi + __u32 secid; /* used by xfrm; see secid.txt */ } __attribute__((__aligned__(BITS_PER_LONG/8))); #define FLOW_DIR_IN 0