Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

 *	Check permission when a flow selects a xfrm_policy for processing

 *	Check permission when a flow selects a xfrm_policy for processing

 *	XFRMs on a packet.  The hook is called when selecting either a

 *	XFRMs on a packet.  The hook is called when selecting either a

 *	per-socket policy or a generic xfrm policy.

 *	per-socket policy or a generic xfrm policy.

 *	Return 0 if permission is granted.

 *	Return 0 if permission is granted, -ESRCH otherwise, or -errno

 *	on other errors.

 * @xfrm_state_pol_flow_match:

 * @xfrm_state_pol_flow_match:

 *	@x contains the state to match.

 *	@x contains the state to match.

 *	@xp contains the policy to check for a match.

 *	@xp contains the policy to check for a match.

 * @xfrm_flow_state_match:

 * @xfrm_flow_state_match:

 *	@fl contains the flow key to match.

 *	@fl contains the flow key to match.

 *	@xfrm points to the xfrm_state to match.

 *	@xfrm points to the xfrm_state to match.

 *	@xp points to the xfrm_policy to match.

 *	Return 1 if there is a match.

 *	Return 1 if there is a match.

 * @xfrm_decode_session:

 * @xfrm_decode_session:

 *	@skb points to skb to decode.

 *	@skb points to skb to decode.

	int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 fl_secid, u8 dir);

	int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 fl_secid, u8 dir);

	int (*xfrm_state_pol_flow_match)(struct xfrm_state *x,

	int (*xfrm_state_pol_flow_match)(struct xfrm_state *x,

			struct xfrm_policy *xp, struct flowi *fl);

			struct xfrm_policy *xp, struct flowi *fl);

	int (*xfrm_flow_state_match)(struct flowi *fl, struct xfrm_state *xfrm);

	int (*xfrm_flow_state_match)(struct flowi *fl, struct xfrm_state *xfrm,

			struct xfrm_policy *xp);

	int (*xfrm_decode_session)(struct sk_buff *skb, u32 *secid, int ckall);

	int (*xfrm_decode_session)(struct sk_buff *skb, u32 *secid, int ckall);

#endif	/* CONFIG_SECURITY_NETWORK_XFRM */

#endif	/* CONFIG_SECURITY_NETWORK_XFRM */

	return security_ops->xfrm_policy_alloc_security(xp, sec_ctx, NULL);

	return security_ops->xfrm_policy_alloc_security(xp, sec_ctx, NULL);

}

}

static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk)

{

	return security_ops->xfrm_policy_alloc_security(xp, NULL, sk);

}

static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)

static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)

{

{

	return security_ops->xfrm_policy_clone_security(old, new);

	return security_ops->xfrm_policy_clone_security(old, new);

	return security_ops->xfrm_state_pol_flow_match(x, xp, fl);

	return security_ops->xfrm_state_pol_flow_match(x, xp, fl);

}

}

static inline int security_xfrm_flow_state_match(struct flowi *fl, struct xfrm_state *xfrm)

static inline int security_xfrm_flow_state_match(struct flowi *fl,

			struct xfrm_state *xfrm, struct xfrm_policy *xp)

{

{

	return security_ops->xfrm_flow_state_match(fl, xfrm);

	return security_ops->xfrm_flow_state_match(fl, xfrm, xp);

}

}

static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)

static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)

	return 0;

	return 0;

}

}

static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk)

{

	return 0;

}

static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)

static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)

{

{

	return 0;

	return 0;

}

}

static inline int security_xfrm_flow_state_match(struct flowi *fl,

static inline int security_xfrm_flow_state_match(struct flowi *fl,

                                struct xfrm_state *xfrm)

			struct xfrm_state *xfrm, struct xfrm_policy *xp)

{

{

	return 1;

	return 1;

}

}

#define FLOW_DIR_FWD	2

#define FLOW_DIR_FWD	2

struct sock;

struct sock;

typedef void (*flow_resolve_t)(struct flowi *key, u16 family, u8 dir,

typedef int (*flow_resolve_t)(struct flowi *key, u16 family, u8 dir,

			       void **objp, atomic_t **obj_refp);

			       void **objp, atomic_t **obj_refp);

extern void *flow_cache_lookup(struct flowi *key, u16 family, u8 dir,

extern void *flow_cache_lookup(struct flowi *key, u16 family, u8 dir,

{

{

	if (atomic_dec_and_test(&tw->tw_refcnt)) {

	if (atomic_dec_and_test(&tw->tw_refcnt)) {

		struct module *owner = tw->tw_prot->owner;

		struct module *owner = tw->tw_prot->owner;

		twsk_destructor((struct sock *)tw);

#ifdef SOCK_REFCNT_DEBUG

#ifdef SOCK_REFCNT_DEBUG

		printk(KERN_DEBUG "%s timewait_sock %p released\n",

		printk(KERN_DEBUG "%s timewait_sock %p released\n",

		       tw->tw_prot->name, tw);

		       tw->tw_prot->name, tw);

#include <linux/net.h>

#include <linux/net.h>

#include <linux/skbuff.h>

#include <linux/skbuff.h>

#include <net/netlink.h>

#include <net/netlink.h>

#include <asm/atomic.h>

/*

/*

 * NetLabel - A management interface for maintaining network packet label

 * NetLabel - A management interface for maintaining network packet label

/* LSM security attributes */

/* LSM security attributes */

struct netlbl_lsm_cache {

struct netlbl_lsm_cache {

	atomic_t refcount;

	void (*free) (const void *data);

	void (*free) (const void *data);

	void *data;

	void *data;

};

};

	unsigned char *mls_cat;

	unsigned char *mls_cat;

	size_t mls_cat_len;

	size_t mls_cat_len;

	struct netlbl_lsm_cache cache;

	struct netlbl_lsm_cache *cache;

};

};

/*

/*

 */

 */

/**

 * netlbl_secattr_cache_alloc - Allocate and initialize a secattr cache

 * @flags: the memory allocation flags

 *

 * Description:

 * Allocate and initialize a netlbl_lsm_cache structure.  Returns a pointer

 * on success, NULL on failure.

 *

 */

static inline struct netlbl_lsm_cache *netlbl_secattr_cache_alloc(int flags)

{

	struct netlbl_lsm_cache *cache;

	cache = kzalloc(sizeof(*cache), flags);

	if (cache)

		atomic_set(&cache->refcount, 1);

	return cache;

}

/**

 * netlbl_secattr_cache_free - Frees a netlbl_lsm_cache struct

 * @cache: the struct to free

 *

 * Description:

 * Frees @secattr including all of the internal buffers.

 *

 */

static inline void netlbl_secattr_cache_free(struct netlbl_lsm_cache *cache)

{

	if (!atomic_dec_and_test(&cache->refcount))

		return;

	if (cache->free)

		cache->free(cache->data);

	kfree(cache);

}

/**

/**

 * netlbl_secattr_init - Initialize a netlbl_lsm_secattr struct

 * netlbl_secattr_init - Initialize a netlbl_lsm_secattr struct

 * @secattr: the struct to initialize

 * @secattr: the struct to initialize

/**

/**

 * netlbl_secattr_destroy - Clears a netlbl_lsm_secattr struct

 * netlbl_secattr_destroy - Clears a netlbl_lsm_secattr struct

 * @secattr: the struct to clear

 * @secattr: the struct to clear

 * @clear_cache: cache clear flag

 *

 *

 * Description:

 * Description:

 * Destroys the @secattr struct, including freeing all of the internal buffers.

 * Destroys the @secattr struct, including freeing all of the internal buffers.

 * If @clear_cache is true then free the cache fields, otherwise leave them

 * The struct must be reset with a call to netlbl_secattr_init() before reuse.

 * intact.  The struct must be reset with a call to netlbl_secattr_init()

 * before reuse.

 *

 *

 */

 */

static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr,

static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr)

					  u32 clear_cache)

{

{

	if (clear_cache && secattr->cache.data != NULL && secattr->cache.free)

	if (secattr->cache)

		secattr->cache.free(secattr->cache.data);

		netlbl_secattr_cache_free(secattr->cache);

	kfree(secattr->domain);

	kfree(secattr->domain);

	kfree(secattr->mls_cat);

	kfree(secattr->mls_cat);

}

}

/**

/**

 * netlbl_secattr_free - Frees a netlbl_lsm_secattr struct

 * netlbl_secattr_free - Frees a netlbl_lsm_secattr struct

 * @secattr: the struct to free

 * @secattr: the struct to free

 * @clear_cache: cache clear flag

 *

 *

 * Description:

 * Description:

 * Frees @secattr including all of the internal buffers.  If @clear_cache is

 * Frees @secattr including all of the internal buffers.

 * true then free the cache fields, otherwise leave them intact.

 *

 *

 */

 */

static inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr,

static inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr)

				       u32 clear_cache)

{

{

	netlbl_secattr_destroy(secattr, clear_cache);

	netlbl_secattr_destroy(secattr);

	kfree(secattr);

	kfree(secattr);

}

}

void sctp_write_space(struct sock *sk);

void sctp_write_space(struct sock *sk);

unsigned int sctp_poll(struct file *file, struct socket *sock,

unsigned int sctp_poll(struct file *file, struct socket *sock,

		poll_table *wait);

		poll_table *wait);

void sctp_sock_rfree(struct sk_buff *skb);

/*

/*

 * sctp/primitive.c

 * sctp/primitive.c

	return result;

	return result;

}

}

/* SCTP version of skb_set_owner_r.  We need this one because

 * of the way we have to do receive buffer accounting on bundled

 * chunks.

 */

static inline void sctp_skb_set_owner_r(struct sk_buff *skb, struct sock *sk)

{

	struct sctp_ulpevent *event = sctp_skb2event(skb);

	skb->sk = sk;

	skb->destructor = sctp_sock_rfree;

	atomic_add(event->rmem_len, &sk->sk_rmem_alloc);

}

/* Tests if the list has one and only one entry. */

/* Tests if the list has one and only one entry. */

static inline int sctp_list_single_entry(struct list_head *head)

static inline int sctp_list_single_entry(struct list_head *head)

{

{