Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

#ifdef CONFIG_NETLABEL

void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway);

int cipso_v4_socket_setattr(const struct socket *sock,

int cipso_v4_sock_setattr(struct sock *sk,

			  const struct cipso_v4_doi *doi_def,

			  const struct netlbl_lsm_secattr *secattr);

int cipso_v4_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr);

int cipso_v4_socket_getattr(const struct socket *sock,

			    struct netlbl_lsm_secattr *secattr);

int cipso_v4_skbuff_getattr(const struct sk_buff *skb,

			    struct netlbl_lsm_secattr *secattr);

int cipso_v4_validate(unsigned char **option);

	return;

}

static inline int cipso_v4_socket_setattr(const struct socket *sock,

static inline int cipso_v4_sock_setattr(struct sock *sk,

				      const struct cipso_v4_doi *doi_def,

				      const struct netlbl_lsm_secattr *secattr)

{

	return -ENOSYS;

}

static inline int cipso_v4_socket_getattr(const struct socket *sock,

					  struct netlbl_lsm_secattr *secattr)

{

	return -ENOSYS;

}

static inline int cipso_v4_skbuff_getattr(const struct sk_buff *skb,

					  struct netlbl_lsm_secattr *secattr)

{

 */

#ifdef CONFIG_NETLABEL

int netlbl_socket_setattr(const struct socket *sock,

int netlbl_sock_setattr(struct sock *sk,

			const struct netlbl_lsm_secattr *secattr);

int netlbl_sock_getattr(struct sock *sk,

			struct netlbl_lsm_secattr *secattr);

int netlbl_socket_getattr(const struct socket *sock,

			  struct netlbl_lsm_secattr *secattr);

int netlbl_skbuff_getattr(const struct sk_buff *skb,

			  struct netlbl_lsm_secattr *secattr);

void netlbl_skbuff_err(struct sk_buff *skb, int error);

#else

static inline int netlbl_socket_setattr(const struct socket *sock,

static inline int netlbl_sock_setattr(struct sock *sk,

				     const struct netlbl_lsm_secattr *secattr)

{

	return -ENOSYS;

	return -ENOSYS;

}

static inline int netlbl_socket_getattr(const struct socket *sock,

					struct netlbl_lsm_secattr *secattr)

{

	return -ENOSYS;

}

static inline int netlbl_skbuff_getattr(const struct sk_buff *skb,

					struct netlbl_lsm_secattr *secattr)

{

#include <net/cipso_ipv4.h>

#include <asm/atomic.h>

#include <asm/bug.h>

#include <asm/unaligned.h>

struct cipso_v4_domhsh_entry {

	char *domain;

		return -EFAULT;

	for (iter = 0; iter < enumcat_len; iter += 2) {

		cat = ntohs(*((__be16 *)&enumcat[iter]));

		cat = ntohs(get_unaligned((__be16 *)&enumcat[iter]));

		if (cat <= cat_prev)

			return -EFAULT;

		cat_prev = cat;

	for (iter = 0; iter < net_cat_len; iter += 2) {

		ret_val = netlbl_secattr_catmap_setbit(secattr->mls_cat,

					    ntohs(*((__be16 *)&net_cat[iter])),

				ntohs(get_unaligned((__be16 *)&net_cat[iter])),

				GFP_ATOMIC);

		if (ret_val != 0)

			return ret_val;

		return -EFAULT;

	for (iter = 0; iter < rngcat_len; iter += 4) {

		cat_high = ntohs(*((__be16 *)&rngcat[iter]));

		cat_high = ntohs(get_unaligned((__be16 *)&rngcat[iter]));

		if ((iter + 4) <= rngcat_len)

			cat_low = ntohs(*((__be16 *)&rngcat[iter + 2]));

			cat_low = ntohs(

				get_unaligned((__be16 *)&rngcat[iter + 2]));

		else

			cat_low = 0;

	u16 cat_high;

	for (net_iter = 0; net_iter < net_cat_len; net_iter += 4) {

		cat_high = ntohs(*((__be16 *)&net_cat[net_iter]));

		cat_high = ntohs(get_unaligned((__be16 *)&net_cat[net_iter]));

		if ((net_iter + 4) <= net_cat_len)

			cat_low = ntohs(*((__be16 *)&net_cat[net_iter + 2]));

			cat_low = ntohs(

			      get_unaligned((__be16 *)&net_cat[net_iter + 2]));

		else

			cat_low = 0;

	}

	rcu_read_lock();

	doi_def = cipso_v4_doi_search(ntohl(*((__be32 *)&opt[2])));

	doi_def = cipso_v4_doi_search(ntohl(get_unaligned((__be32 *)&opt[2])));

	if (doi_def == NULL) {

		err_offset = 2;

		goto validate_return_locked;

}

/**

 * cipso_v4_socket_setattr - Add a CIPSO option to a socket

 * @sock: the socket

 * cipso_v4_sock_setattr - Add a CIPSO option to a socket

 * @sk: the socket

 * @doi_def: the CIPSO DOI to use

 * @secattr: the specific security attributes of the socket

 *

 * Description:

 * Set the CIPSO option on the given socket using the DOI definition and

 * security attributes passed to the function.  This function requires

 * exclusive access to @sock->sk, which means it either needs to be in the

 * process of being created or locked via lock_sock(sock->sk).  Returns zero on

 * success and negative values on failure.

 * exclusive access to @sk, which means it either needs to be in the

 * process of being created or locked.  Returns zero on success and negative

 * values on failure.

 *

 */

int cipso_v4_socket_setattr(const struct socket *sock,

int cipso_v4_sock_setattr(struct sock *sk,

			  const struct cipso_v4_doi *doi_def,

			  const struct netlbl_lsm_secattr *secattr)

{

	u32 buf_len = 0;

	u32 opt_len;

	struct ip_options *opt = NULL;

	struct sock *sk;

	struct inet_sock *sk_inet;

	struct inet_connection_sock *sk_conn;

	 * defined yet but it is not a problem as the only users of these

	 * "lite" PF_INET sockets are functions which do an accept() call

	 * afterwards so we will label the socket as part of the accept(). */

	sk = sock->sk;

	if (sk == NULL)

		return 0;

	if (ret_val == 0)

		return ret_val;

	doi = ntohl(*(__be32 *)&cipso_ptr[2]);

	doi = ntohl(get_unaligned((__be32 *)&cipso_ptr[2]));

	rcu_read_lock();

	doi_def = cipso_v4_doi_search(doi);

	if (doi_def == NULL) {

	return ret_val;

}

/**

 * cipso_v4_socket_getattr - Get the security attributes from a socket

 * @sock: the socket

 * @secattr: the security attributes

 *

 * Description:

 * Query @sock to see if there is a CIPSO option attached to the socket and if

 * there is return the CIPSO security attributes in @secattr.  Returns zero on

 * success and negative values on failure.

 *

 */

int cipso_v4_socket_getattr(const struct socket *sock,

			    struct netlbl_lsm_secattr *secattr)

{

	int ret_val;

	lock_sock(sock->sk);

	ret_val = cipso_v4_sock_getattr(sock->sk, secattr);

	release_sock(sock->sk);

	return ret_val;

}

/**

 * cipso_v4_skbuff_getattr - Get the security attributes from the CIPSO option

 * @skb: the packet

	if (cipso_v4_cache_check(cipso_ptr, cipso_ptr[1], secattr) == 0)

		return 0;

	doi = ntohl(*(__be32 *)&cipso_ptr[2]);

	doi = ntohl(get_unaligned((__be32 *)&cipso_ptr[2]));

	rcu_read_lock();

	doi_def = cipso_v4_doi_search(doi);

	if (doi_def == NULL)

		}

	}

	if (destroy) {

	if (destroy)

		inet_free_ifa(ifa1);

		if (!in_dev->ifa_list)

			inetdev_destroy(in_dev);

	}

}

static void inet_del_ifa(struct in_device *in_dev, struct in_ifaddr **ifap,

/**

 * netlbl_socket_setattr - Label a socket using the correct protocol

 * @sock: the socket to label

 * @sk: the socket to label

 * @secattr: the security attributes

 *

 * Description:

 * Attach the correct label to the given socket using the security attributes

 * specified in @secattr.  This function requires exclusive access to

 * @sock->sk, which means it either needs to be in the process of being

 * created or locked via lock_sock(sock->sk).  Returns zero on success,

 * negative values on failure.

 * specified in @secattr.  This function requires exclusive access to @sk,

 * which means it either needs to be in the process of being created or locked.

 * Returns zero on success, negative values on failure.

 *

 */

int netlbl_socket_setattr(const struct socket *sock,

int netlbl_sock_setattr(struct sock *sk,

			const struct netlbl_lsm_secattr *secattr)

{

	int ret_val = -ENOENT;

		goto socket_setattr_return;

	switch (dom_entry->type) {

	case NETLBL_NLTYPE_CIPSOV4:

		ret_val = cipso_v4_socket_setattr(sock,

		ret_val = cipso_v4_sock_setattr(sk,

						dom_entry->type_def.cipsov4,

						secattr);

		break;

	return netlbl_unlabel_getattr(secattr);

}

/**

 * netlbl_socket_getattr - Determine the security attributes of a socket

 * @sock: the socket

 * @secattr: the security attributes

 *

 * Description:

 * Examines the given socket to see any NetLabel style labeling has been

 * applied to the socket, if so it parses the socket label and returns the

 * security attributes in @secattr.  Returns zero on success, negative values

 * on failure.

 *

 */

int netlbl_socket_getattr(const struct socket *sock,

			  struct netlbl_lsm_secattr *secattr)

{

	int ret_val;

	ret_val = cipso_v4_socket_getattr(sock, secattr);

	if (ret_val == 0)

		return 0;

	return netlbl_unlabel_getattr(secattr);

}

/**

 * netlbl_skbuff_getattr - Determine the security attributes of a packet

 * @skb: the packet