mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-16 01:54:00 +00:00
446fda4f26
Add support for the Commercial IP Security Option (CIPSO) to the IPv4 network stack. CIPSO has become a de-facto standard for trusted/labeled networking amongst existing Trusted Operating Systems such as Trusted Solaris, HP-UX CMW, etc. This implementation is designed to be used with the NetLabel subsystem to provide explicit packet labeling to LSM developers. The CIPSO/IPv4 packet labeling works by the LSM calling a NetLabel API function which attaches a CIPSO label (IPv4 option) to a given socket; this in turn attaches the CIPSO label to every packet leaving the socket without any extra processing on the outbound side. On the inbound side the individual packet's sk_buff is examined through a call to a NetLabel API function to determine if a CIPSO/IPv4 label is present and if so the security attributes of the CIPSO label are returned to the caller of the NetLabel API function. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
54 lines
2.2 KiB
Makefile
54 lines
2.2 KiB
Makefile
#
|
|
# Makefile for the Linux TCP/IP (INET) layer.
|
|
#
|
|
|
|
obj-y := route.o inetpeer.o protocol.o \
|
|
ip_input.o ip_fragment.o ip_forward.o ip_options.o \
|
|
ip_output.o ip_sockglue.o inet_hashtables.o \
|
|
inet_timewait_sock.o inet_connection_sock.o \
|
|
tcp.o tcp_input.o tcp_output.o tcp_timer.o tcp_ipv4.o \
|
|
tcp_minisocks.o tcp_cong.o \
|
|
datagram.o raw.o udp.o arp.o icmp.o devinet.o af_inet.o igmp.o \
|
|
sysctl_net_ipv4.o fib_frontend.o fib_semantics.o
|
|
|
|
obj-$(CONFIG_IP_FIB_HASH) += fib_hash.o
|
|
obj-$(CONFIG_IP_FIB_TRIE) += fib_trie.o
|
|
obj-$(CONFIG_PROC_FS) += proc.o
|
|
obj-$(CONFIG_IP_MULTIPLE_TABLES) += fib_rules.o
|
|
obj-$(CONFIG_IP_MROUTE) += ipmr.o
|
|
obj-$(CONFIG_NET_IPIP) += ipip.o
|
|
obj-$(CONFIG_NET_IPGRE) += ip_gre.o
|
|
obj-$(CONFIG_SYN_COOKIES) += syncookies.o
|
|
obj-$(CONFIG_INET_AH) += ah4.o
|
|
obj-$(CONFIG_INET_ESP) += esp4.o
|
|
obj-$(CONFIG_INET_IPCOMP) += ipcomp.o
|
|
obj-$(CONFIG_INET_XFRM_TUNNEL) += xfrm4_tunnel.o
|
|
obj-$(CONFIG_INET_TUNNEL) += tunnel4.o
|
|
obj-$(CONFIG_INET_XFRM_MODE_TRANSPORT) += xfrm4_mode_transport.o
|
|
obj-$(CONFIG_INET_XFRM_MODE_TUNNEL) += xfrm4_mode_tunnel.o
|
|
obj-$(CONFIG_IP_PNP) += ipconfig.o
|
|
obj-$(CONFIG_IP_ROUTE_MULTIPATH_RR) += multipath_rr.o
|
|
obj-$(CONFIG_IP_ROUTE_MULTIPATH_RANDOM) += multipath_random.o
|
|
obj-$(CONFIG_IP_ROUTE_MULTIPATH_WRANDOM) += multipath_wrandom.o
|
|
obj-$(CONFIG_IP_ROUTE_MULTIPATH_DRR) += multipath_drr.o
|
|
obj-$(CONFIG_NETFILTER) += netfilter.o netfilter/
|
|
obj-$(CONFIG_IP_VS) += ipvs/
|
|
obj-$(CONFIG_INET_DIAG) += inet_diag.o
|
|
obj-$(CONFIG_IP_ROUTE_MULTIPATH_CACHED) += multipath.o
|
|
obj-$(CONFIG_INET_TCP_DIAG) += tcp_diag.o
|
|
obj-$(CONFIG_NET_TCPPROBE) += tcp_probe.o
|
|
obj-$(CONFIG_TCP_CONG_BIC) += tcp_bic.o
|
|
obj-$(CONFIG_TCP_CONG_CUBIC) += tcp_cubic.o
|
|
obj-$(CONFIG_TCP_CONG_WESTWOOD) += tcp_westwood.o
|
|
obj-$(CONFIG_TCP_CONG_HSTCP) += tcp_highspeed.o
|
|
obj-$(CONFIG_TCP_CONG_HYBLA) += tcp_hybla.o
|
|
obj-$(CONFIG_TCP_CONG_HTCP) += tcp_htcp.o
|
|
obj-$(CONFIG_TCP_CONG_VEGAS) += tcp_vegas.o
|
|
obj-$(CONFIG_TCP_CONG_VENO) += tcp_veno.o
|
|
obj-$(CONFIG_TCP_CONG_SCALABLE) += tcp_scalable.o
|
|
obj-$(CONFIG_TCP_CONG_LP) += tcp_lp.o
|
|
obj-$(CONFIG_NETLABEL) += cipso_ipv4.o
|
|
|
|
obj-$(CONFIG_XFRM) += xfrm4_policy.o xfrm4_state.o xfrm4_input.o \
|
|
xfrm4_output.o
|