redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/net/ipv4
History
Paul Moore f8687afefc [NetLabel]: protect the CIPSOv4 socket option from setsockopt() 
This patch makes two changes to protect applications from either removing or
tampering with the CIPSOv4 IP option on a socket.  The first is the requirement
that applications have the CAP_NET_RAW capability to set an IPOPT_CIPSO option
on a socket; this prevents untrusted applications from setting their own
CIPSOv4 security attributes on the packets they send.  The second change is to
SELinux and it prevents applications from setting any IPv4 options when there
is an IPOPT_CIPSO option already present on the socket; this prevents
applications from removing CIPSOv4 security attributes from the packets they
send.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2006-10-30 15:24:49 -08:00
..
ipvs [PATCH] ptrdiff_t is %t, not %z 2006-10-10 15:37:23 -07:00
netfilter [NETFILTER]: ip_tables: compat code module refcounting fix 2006-10-30 15:24:47 -08:00
Kconfig [XFRM]: BEET mode 2006-10-04 00:31:09 -07:00
Makefile [XFRM]: BEET mode 2006-10-04 00:31:09 -07:00
af_inet.c [IPV4]: struct ip_options annotations 2006-09-28 18:01:53 -07:00
ah4.c [XFRM]: Add XFRM_MODE_xxx for future use. 2006-09-22 15:05:15 -07:00
arp.c fix file specification in comments 2006-10-03 23:01:26 +02:00
cipso_ipv4.c [NetLabel]: protect the CIPSOv4 socket option from setsockopt() 2006-10-30 15:24:49 -08:00
datagram.c [IPV4]: ip_route_connect() ipv4 address arguments annotated 2006-09-28 17:54:06 -07:00
devinet.c [IPV4]: annotate inetdev.h helpers 2006-09-28 18:01:05 -07:00
esp4.c [XFRM]: BEET mode 2006-10-04 00:31:09 -07:00
fib_frontend.c [IPv4] fib: Remove unused fib_config members 2006-10-18 20:26:36 -07:00
fib_hash.c [IPV4]: trivial fib_hash.c annotations 2006-09-28 18:01:11 -07:00
fib_lookup.h [IPV4]: net/ipv4/fib annotations 2006-09-28 18:02:23 -07:00
fib_rules.c [IPV4]: FRA_{DST,SRC} annotated 2006-09-28 18:02:24 -07:00
fib_semantics.c [IPV4]: net/ipv4/fib annotations 2006-09-28 18:02:23 -07:00
fib_trie.c [IPV4] fib_trie.c: trivial annotations 2006-09-28 18:01:14 -07:00
icmp.c [IPV4] net/ipv4/icmp.c: trivial annotations 2006-09-28 18:02:19 -07:00
igmp.c [IPV4]: trivial igmp annotations 2006-09-28 18:02:02 -07:00
inet_connection_sock.c [IPV4]: inet_rcv_saddr() annotations 2006-09-28 18:02:28 -07:00
inet_diag.c [IPV4]: inet_diag annotations 2006-09-28 18:02:29 -07:00
inet_hashtables.c [IPV4]: annotate inet_lookup() and friends 2006-09-28 18:02:26 -07:00
inet_timewait_sock.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
inetpeer.c [NET]: reduce sizeof(struct inet_peer), cleanup, change in peer_check_expire() 2006-10-15 23:14:17 -07:00
ip_forward.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
ip_fragment.c [IPV4]: ip_fragment.c endianness annotations 2006-09-28 18:01:09 -07:00
ip_gre.c [NET]: Use hton{l,s}() for non-initializers. 2006-10-11 23:59:56 -07:00
ip_input.c [IPV4]: Clear the whole IPCB, this clears also IPCB(skb)->flags. 2006-07-24 23:45:16 -07:00
ip_options.c [NetLabel]: protect the CIPSOv4 socket option from setsockopt() 2006-10-30 15:24:49 -08:00
ip_output.c [IPV4]: struct ip_options annotations 2006-09-28 18:01:53 -07:00
ip_sockglue.c [IPV4]: ip_icmp_error() annotations 2006-09-28 18:02:09 -07:00
ipcomp.c [XFRM]: BEET mode 2006-10-04 00:31:09 -07:00
ipconfig.c [IPV4] ipconfig: fix RARP ic_servaddr breakage 2006-10-24 15:18:36 -07:00
ipip.c [IPV4]: ipip and ip_gre encapsulation bugs 2006-09-22 15:19:43 -07:00
ipmr.c [IPV4]: mroute annotations 2006-09-28 18:02:22 -07:00
multipath.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
multipath_drr.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
multipath_random.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
multipath_rr.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
multipath_wrandom.c [IPV4] bug: broken open-coded inet_make_mask() (multipath_wrandom) 2006-09-28 18:01:17 -07:00
netfilter.c [NETFILTER]: add type parameter to ip_route_me_harder 2006-10-04 00:30:54 -07:00
proc.c [IPV4]: add the UdpSndbufErrors and UdpRcvbufErrors MIBs 2006-09-22 14:54:41 -07:00
protocol.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
raw.c [NET]: fix uaccess handling 2006-10-30 15:24:41 -08:00
route.c [NET]: Do not memcmp() over pad bytes of struct flowi. 2006-10-12 00:49:15 -07:00
syncookies.c [MLSXFRM]: Auto-labeling of child sockets 2006-09-22 14:53:29 -07:00
sysctl_net_ipv4.c [TCP]: default congestion control menu 2006-09-24 20:11:58 -07:00
tcp.c [TCP]: Send ACKs each 2nd received segment. 2006-09-22 15:19:05 -07:00
tcp_bic.c [TCP] tcp_bic: use BUILD_BUG_ON 2006-09-22 15:18:04 -07:00
tcp_cong.c [TCP]: default congestion control menu 2006-09-24 20:11:58 -07:00
tcp_cubic.c [TCP] cubic: scaling error 2006-10-25 23:04:12 -07:00
tcp_diag.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
tcp_highspeed.c [TCP] Congestion control (modulo lp, bic): use BUILD_BUG_ON 2006-09-22 15:18:13 -07:00
tcp_htcp.c [TCP] H-TCP: fix integer overflow 2006-10-25 23:05:52 -07:00
tcp_hybla.c [TCP] Congestion control (modulo lp, bic): use BUILD_BUG_ON 2006-09-22 15:18:13 -07:00
tcp_input.c [TCP]: Kill warning in tcp_clean_rtx_queue(). 2006-10-04 00:31:08 -07:00
tcp_ipv4.c [TCP]: One NET_INC_STATS() could be NET_INC_STATS_BH in tcp_v4_err() 2006-10-20 00:22:25 -07:00
tcp_lp.c [TCP] tcp-lp: prevent chance for oops 2006-09-28 18:03:07 -07:00
tcp_minisocks.c [NET/IPV4/IPV6]: Change some sysctl variables to __read_mostly 2006-09-22 14:55:03 -07:00
tcp_output.c [TCP]: Bound TSO defer time 2006-10-18 20:36:48 -07:00
tcp_probe.c [PATCH] Kprobes: Make kprobe modules more portable 2006-10-02 07:57:16 -07:00
tcp_scalable.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
tcp_timer.c [NET/IPV4/IPV6]: Change some sysctl variables to __read_mostly 2006-09-22 14:55:03 -07:00
tcp_vegas.c [TCP] Congestion control (modulo lp, bic): use BUILD_BUG_ON 2006-09-22 15:18:13 -07:00
tcp_veno.c [TCP] Congestion control (modulo lp, bic): use BUILD_BUG_ON 2006-09-22 15:18:13 -07:00
tcp_westwood.c [TCP] Congestion control (modulo lp, bic): use BUILD_BUG_ON 2006-09-22 15:18:13 -07:00
tunnel4.c [INET]: Move no-tunnel ICMP error to tunnel4/tunnel6 2006-04-09 22:25:25 -07:00
udp.c [UDP]: Fix MSG_PROBE crash 2006-10-04 00:31:00 -07:00
xfrm4_input.c [XFRM]: xfrm_parse_spi() annotations 2006-09-28 18:02:39 -07:00
xfrm4_mode_beet.c [XFRM]: BEET mode 2006-10-04 00:31:09 -07:00
xfrm4_mode_transport.c [IPSEC]: output mode to take an xfrm state as input param 2006-09-22 15:18:48 -07:00
xfrm4_mode_tunnel.c [IPSEC]: output mode to take an xfrm state as input param 2006-09-22 15:18:48 -07:00
xfrm4_output.c [IPSEC]: output mode to take an xfrm state as input param 2006-09-22 15:18:48 -07:00
xfrm4_policy.c IPsec: correct semantics for SELinux policy matching 2006-10-11 23:59:37 -07:00
xfrm4_state.c [XFRM]: ports in struct xfrm_selector annotated 2006-09-28 18:02:33 -07:00
xfrm4_tunnel.c [XFRM]: Add XFRM_MODE_xxx for future use. 2006-09-22 15:05:15 -07:00