)]}' { "log": [ { "commit": "04578dd330f1ec6bc9c4233833bee0d0ca73ff09", "tree": "dc7557207bb86a37d166efa4ca6d29e66b944b45", "parents": [ "e4ac9bc1f6686dcb8c34e2756aa93cc9546fa6ae" ], "author": { "name": "Karsten Keil", "email": "kkeil@suse.de", "time": "Sat Jul 26 18:52:34 2008 +0200" }, "committer": { "name": "Karsten Keil", "email": "kkeil@suse.de", "time": "Sun Jul 27 01:47:00 2008 +0200" }, "message": "Define AF_ISDN and PF_ISDN\n\nDefine the address and protocol family value for mISDN.\n\nSigned-off-by: Karsten Keil \u003ckkeil@suse.de\u003e\n" }, { "commit": "230b183921ecbaa5fedc0d35ad6ba7bb64b6e06a", "tree": "2ea0a3bde5deab4b90ca9ed58e23b020494f25a0", "parents": [ "53b7997fd5c62408d10b9aafb38974ce90fd2356" ], "author": { "name": "YOSHIFUJI Hideaki", "email": "yoshfuji@linux-ipv6.org", "time": "Sat Jul 19 22:35:47 2008 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Jul 19 22:35:47 2008 -0700" }, "message": "net: Use standard structures for generic socket address structures.\n\nUse sockaddr_storage{} for generic socket address storage\nand ensures proper alignment.\nUse sockaddr{} for pointers to omit several casts.\n\nSigned-off-by: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "b8e1f9b5c37e77cc8f978a58859b35fe5edd5542", "tree": "3c39da61f10eeb8b8e200ec68770128f1b57f25d", "parents": [ "790a35328991b01181ff5624bdb084053b6fac54" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@openvz.org", "time": "Sat Dec 08 00:12:33 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jan 28 14:56:57 2008 -0800" }, "message": "[NET] sysctl: make sysctl_somaxconn per-namespace\n\nJust move the variable on the struct net and adjust\nits usage.\n\nOthers sysctls from sys.net.core table are more\ndifficult to virtualize (i.e. make them per-namespace),\nbut I\u0027ll look at them as well a bit later.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@oenvz.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "cd05acfe65ed2cf2db683fa9a6adb8d35635263b", "tree": "73cf8541f3ad48bce5078209fb1cc7383e8c2a3b", "parents": [ "8dbde28d9711475adfe0e9c88505e38743cdc2a7" ], "author": { "name": "Oliver Hartkopp", "email": "oliver.hartkopp@volkswagen.de", "time": "Sun Dec 16 15:59:24 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Jan 28 14:54:09 2008 -0800" }, "message": "[CAN]: Allocate protocol numbers for PF_CAN\n\nThis patch adds a protocol/address family number, ARP hardware type,\nethernet packet type, and a line discipline number for the SocketCAN\nimplementation.\n\nSigned-off-by: Oliver Hartkopp \u003coliver.hartkopp@volkswagen.de\u003e\nSigned-off-by: Urs Thuermann \u003curs.thuermann@volkswagen.de\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "2cb3377a295aade1f2e192d4bea948b2196fb162", "tree": "6eaa14cdba8b6ed500592b541f00eac6a9ac5d9a", "parents": [ "b6a0dc822497e1c0b9e8c4add270cc27fce48454" ], "author": { "name": "Marcel Holtmann", "email": "marcel@holtmann.org", "time": "Sat Oct 20 15:28:08 2007 +0200" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Oct 22 02:59:48 2007 -0700" }, "message": "[Bluetooth] Add constant for Bluetooth socket options level\n\nAssign the next free socket options level to be used by the Bluetooth\nprotocol and address family.\n\nSigned-off-by: Marcel Holtmann \u003cmarcel@holtmann.org\u003e\n" }, { "commit": "4a19542e5f694cd408a32c3d9dc593ba9366e2d7", "tree": "12f5fd603b516b4e24ec4850d5589273d24be569", "parents": [ "f23513e8d96cf5e6cf8d2ff0cb5dd6bbc33995e4" ], "author": { "name": "Ulrich Drepper", "email": "drepper@redhat.com", "time": "Sun Jul 15 23:40:34 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Mon Jul 16 09:05:45 2007 -0700" }, "message": "O_CLOEXEC for SCM_RIGHTS\n\nPart two in the O_CLOEXEC saga: adding support for file descriptors received\nthrough Unix domain sockets.\n\nThe patch is once again pretty minimal, it introduces a new flag for recvmsg\nand passes it just like the existing MSG_CMSG_COMPAT flag. I think this bit\nis not used otherwise but the networking people will know better.\n\nThis new flag is not recognized by recvfrom and recv. These functions cannot\nbe used for that purpose and the asymmetry this introduces is not worse than\nthe already existing MSG_CMSG_COMPAT situations.\n\nThe patch must be applied on the patch which introduced O_CLOEXEC. It has to\nremove static from the new get_unused_fd_flags function but since scm.c cannot\nlive in a module the function still hasn\u0027t to be exported.\n\nHere\u0027s a test program to make sure the code works. It\u0027s so much longer than\nthe actual patch...\n\n#include \u003cerrno.h\u003e\n#include \u003cerror.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003csys/un.h\u003e\n\n#ifndef O_CLOEXEC\n# define O_CLOEXEC 02000000\n#endif\n#ifndef MSG_CMSG_CLOEXEC\n# define MSG_CMSG_CLOEXEC 0x40000000\n#endif\n\nint\nmain (int argc, char *argv[])\n{\n if (argc \u003e 1)\n {\n int fd \u003d atol (argv[1]);\n printf (\"child: fd \u003d %d\\n\", fd);\n if (fcntl (fd, F_GETFD) \u003d\u003d 0 || errno !\u003d EBADF)\n {\n puts (\"file descriptor valid in child\");\n return 1;\n }\n return 0;\n\n }\n\n struct sockaddr_un sun;\n strcpy (sun.sun_path, \"./testsocket\");\n sun.sun_family \u003d AF_UNIX;\n\n char databuf[] \u003d \"hello\";\n struct iovec iov[1];\n iov[0].iov_base \u003d databuf;\n iov[0].iov_len \u003d sizeof (databuf);\n\n union\n {\n struct cmsghdr hdr;\n char bytes[CMSG_SPACE (sizeof (int))];\n } buf;\n struct msghdr msg \u003d { .msg_iov \u003d iov, .msg_iovlen \u003d 1,\n .msg_control \u003d buf.bytes,\n .msg_controllen \u003d sizeof (buf) };\n struct cmsghdr *cmsg \u003d CMSG_FIRSTHDR (\u0026msg);\n\n cmsg-\u003ecmsg_level \u003d SOL_SOCKET;\n cmsg-\u003ecmsg_type \u003d SCM_RIGHTS;\n cmsg-\u003ecmsg_len \u003d CMSG_LEN (sizeof (int));\n\n msg.msg_controllen \u003d cmsg-\u003ecmsg_len;\n\n pid_t child \u003d fork ();\n if (child \u003d\u003d -1)\n error (1, errno, \"fork\");\n if (child \u003d\u003d 0)\n {\n int sock \u003d socket (PF_UNIX, SOCK_STREAM, 0);\n if (sock \u003c 0)\n error (1, errno, \"socket\");\n\n if (bind (sock, (struct sockaddr *) \u0026sun, sizeof (sun)) \u003c 0)\n error (1, errno, \"bind\");\n if (listen (sock, SOMAXCONN) \u003c 0)\n error (1, errno, \"listen\");\n\n int conn \u003d accept (sock, NULL, NULL);\n if (conn \u003d\u003d -1)\n error (1, errno, \"accept\");\n\n *(int *) CMSG_DATA (cmsg) \u003d sock;\n if (sendmsg (conn, \u0026msg, MSG_NOSIGNAL) \u003c 0)\n error (1, errno, \"sendmsg\");\n\n return 0;\n }\n\n /* For a test suite this should be more robust like a\n barrier in shared memory. */\n sleep (1);\n\n int sock \u003d socket (PF_UNIX, SOCK_STREAM, 0);\n if (sock \u003c 0)\n error (1, errno, \"socket\");\n\n if (connect (sock, (struct sockaddr *) \u0026sun, sizeof (sun)) \u003c 0)\n error (1, errno, \"connect\");\n unlink (sun.sun_path);\n\n *(int *) CMSG_DATA (cmsg) \u003d -1;\n\n if (recvmsg (sock, \u0026msg, MSG_CMSG_CLOEXEC) \u003c 0)\n error (1, errno, \"recvmsg\");\n\n int fd \u003d *(int *) CMSG_DATA (cmsg);\n if (fd \u003d\u003d -1)\n error (1, 0, \"no descriptor received\");\n\n char fdname[20];\n snprintf (fdname, sizeof (fdname), \"%d\", fd);\n execl (\"/proc/self/exe\", argv[0], fdname, NULL);\n puts (\"execl failed\");\n return 1;\n}\n\n[akpm@linux-foundation.org: Fix fastcall inconsistency noted by Michael Buesch]\n[akpm@linux-foundation.org: build fix]\nSigned-off-by: Ulrich Drepper \u003cdrepper@redhat.com\u003e\nCc: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Michael Buesch \u003cmb@bu3sch.de\u003e\nCc: Michael Kerrisk \u003cmtk-manpages@gmx.net\u003e\nAcked-by: David S. Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "cf14a4d06742d59ecb2d837a3f53bb24d1ff9acb", "tree": "78b8058dd7bd8b1cfba243d7d478495e0ba9281b", "parents": [ "342f0234c71b40da785dd6a7ce1dd481ecbfdb81" ], "author": { "name": "James Chapman", "email": "jchapman@katalix.com", "time": "Wed Jun 27 15:43:43 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Tue Jul 10 22:15:58 2007 -0700" }, "message": "[L2TP]: Changes to existing ppp and socket kernel headers for L2TP\n\nAdd struct sockaddr_pppol2tp to carry L2TP-specific address\ninformation for the PPPoX (PPPoL2TP) socket. Unfortunately we can\u0027t\nuse the union inside struct sockaddr_pppox because the L2TP-specific\ndata is larger than the current size of the union and we must preserve\nthe size of struct sockaddr_pppox for binary compatibility.\n\nAlso add a PPPIOCGL2TPSTATS ioctl to allow userspace to obtain\nL2TP counters and state from the kernel.\n\nAdd new if_pppol2tp.h header.\n\n[ Modified to use aligned_u64 in statistics structure -DaveM ]\n\nSigned-off-by: James Chapman \u003cjchapman@katalix.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "17926a79320afa9b95df6b977b40cca6d8713cea", "tree": "5cedff43b69520ad17b86783d3752053686ec99c", "parents": [ "e19dff1fdd99a25819af74cf0710e147fff4fd3a" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Apr 26 15:48:28 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Apr 26 15:48:28 2007 -0700" }, "message": "[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both\n\nProvide AF_RXRPC sockets that can be used to talk to AFS servers, or serve\nanswers to AFS clients. KerberosIV security is fully supported. The patches\nand some example test programs can be found in:\n\n\thttp://people.redhat.com/~dhowells/rxrpc/\n\nThis will eventually replace the old implementation of kernel-only RxRPC\ncurrently resident in net/rxrpc/.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "304c209c9b02b0386024d037fa49b273caa0575b", "tree": "a3d3d5903abe7cee4c465e1377c26cf4a1ca02d1", "parents": [ "2c12a74cc4aeaebc378aa40ee11c7761a8ed05e0" ], "author": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Feb 26 15:45:15 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Wed Feb 28 09:41:59 2007 -0800" }, "message": "[NET]: Revert socket.h/stat.h ifdef hacks.\n\nThis reverts 57a87bb0720a5cf7a9ece49a8c8ed288398fd1bb.\n\nAs H. Peter Anvin states, this change broke klibc and it\u0027s\nnot very easy to fix things up without duplicating everything\ninto userspace.\n\nIn the longer term we should have a better solution to this\nproblem, but for now let\u0027s unbreak things.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "57a87bb0720a5cf7a9ece49a8c8ed288398fd1bb", "tree": "eb90add73a66e6452ad6990f422803e0679dbd9a", "parents": [ "4564f9e5fd00767d11fcf61e0d52787706dfcc87" ], "author": { "name": "Mike Frysinger", "email": "vapier.adi@gmail.com", "time": "Sat Feb 10 01:45:01 2007 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Sun Feb 11 10:51:26 2007 -0800" }, "message": "[PATCH] scrub non-__GLIBC__ checks in linux/socket.h and linux/stat.h\n\nUserspace should be worrying about userspace, so having the socket.h\nand stat.h pollute the namespace in the non-glibc case is wrong and\npretty much prevents any other libc from utilizing these headers\nsanely unless they set up the __GLIBC__ define themselves (which\nsucks)\n\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "eac3731bd04c7131478722a3c148b78774553116", "tree": "66c1ce279bbd586e3fcf417cfd6057db3df296ae", "parents": [ "5da5e658debb7deddbfe5c133c76db3be0a3e12c" ], "author": { "name": "Jennifer Hunt", "email": "jenhunt@us.ibm.com", "time": "Thu Feb 08 13:51:54 2007 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Feb 08 13:51:54 2007 -0800" }, "message": "[S390]: Add AF_IUCV socket support\n\nFrom: Jennifer Hunt \u003cjenhunt@us.ibm.com\u003e\n\nThis patch adds AF_IUCV socket support.\n\nSigned-off-by: Frank Pavlic \u003cfpavlic@de.ibm.com\u003e\nSigned-off-by: Martin Schwidefsky \u003cschwidefsky@de.ibm.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "44bb93633f57a55979f3c2589b10fd6a2bfc7c08", "tree": "09dff6f9e3c9d21c8d06f3a1ec73609a1942c9da", "parents": [ "868c86bcb5bdea7ed8d45979b17bb919af9254db" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Tue Nov 14 21:36:14 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:23:32 2006 -0800" }, "message": "[NET]: Annotate csum_partial() callers in net/*\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "ba4e58eca8aa9473b44fdfd312f26c4a2e7798b3", "tree": "700f8f989f48da480beb83b983637cfd2b5a3f67", "parents": [ "6051e2f4fb68fc8e5343db58fa680ece376f405c" ], "author": { "name": "Gerrit Renker", "email": "gerrit@erg.abdn.ac.uk", "time": "Mon Nov 27 11:10:57 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Sat Dec 02 21:22:46 2006 -0800" }, "message": "[NET]: Supporting UDP-Lite (RFC 3828) in Linux\n\nThis is a revision of the previously submitted patch, which alters\nthe way files are organized and compiled in the following manner:\n\n\t* UDP and UDP-Lite now use separate object files\n\t* source file dependencies resolved via header files\n\t net/ipv{4,6}/udp_impl.h\n\t* order of inclusion files in udp.c/udplite.c adapted\n\t accordingly\n\n[NET/IPv4]: Support for the UDP-Lite protocol (RFC 3828)\n\nThis patch adds support for UDP-Lite to the IPv4 stack, provided as an\nextension to the existing UDPv4 code:\n * generic routines are all located in net/ipv4/udp.c\n * UDP-Lite specific routines are in net/ipv4/udplite.c\n * MIB/statistics support in /proc/net/snmp and /proc/net/udplite\n * shared API with extensions for partial checksum coverage\n\n[NET/IPv6]: Extension for UDP-Lite over IPv6\n\nIt extends the existing UDPv6 code base with support for UDP-Lite\nin the same manner as per UDPv4. In particular,\n * UDPv6 generic and shared code is in net/ipv6/udp.c\n * UDP-Litev6 specific extensions are in net/ipv6/udplite.c\n * MIB/statistics support in /proc/net/snmp6 and /proc/net/udplite6\n * support for IPV6_ADDRFORM\n * aligned the coding style of protocol initialisation with af_inet6.c\n * made the error handling in udpv6_queue_rcv_skb consistent;\n to return `-1\u0027 on error on all error cases\n * consolidation of shared code\n\n[NET]: UDP-Lite Documentation and basic XFRM/Netfilter support\n\nThe UDP-Lite patch further provides\n * API documentation for UDP-Lite\n * basic xfrm support\n * basic netfilter support for IPv4 and IPv6 (LOG target)\n\nSigned-off-by: Gerrit Renker \u003cgerrit@erg.abdn.ac.uk\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "089f26d5e31b7bf42a9a8fefec08b30cd27f4b0e", "tree": "5e15cfd59d2056ea3e796ebcb60270bb125416f6", "parents": [ "d85004eb15a635b3937e91d1dbadb1d37541983c" ], "author": { "name": "David Woodhouse", "email": "dwmw2@infradead.org", "time": "Tue Apr 25 15:29:01 2006 +0100" }, "committer": { "name": "David Woodhouse", "email": "dwmw2@infradead.org", "time": "Tue Apr 25 15:29:01 2006 +0100" }, "message": "Don\u0027t include \u003clinux/config.h\u003e and \u003clinux/linkage.h\u003e from linux/socket.h\n\nSigned-off-by: David Woodhouse \u003cdwmw2@infradead.org\u003e\n" }, { "commit": "2c7946a7bf45ae86736ab3b43d0085e43947945c", "tree": "b956f301033ebaefe8d2701b257edfd947f537f3", "parents": [ "be33690d8fcf40377f16193c463681170eb6b295" ], "author": { "name": "Catherine Zhang", "email": "cxzhang@watson.ibm.com", "time": "Mon Mar 20 22:41:23 2006 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Mar 20 22:41:23 2006 -0800" }, "message": "[SECURITY]: TCP/UDP getpeersec\n\nThis patch implements an application of the LSM-IPSec networking\ncontrols whereby an application can determine the label of the\nsecurity association its TCP or UDP sockets are currently connected to\nvia getsockopt and the auxiliary data mechanism of recvmsg.\n\nPatch purpose:\n\nThis patch enables a security-aware application to retrieve the\nsecurity context of an IPSec security association a particular TCP or\nUDP socket is using. The application can then use this security\ncontext to determine the security context for processing on behalf of\nthe peer at the other end of this connection. In the case of UDP, the\nsecurity context is for each individual packet. An example\napplication is the inetd daemon, which could be modified to start\ndaemons running at security contexts dependent on the remote client.\n\nPatch design approach:\n\n- Design for TCP\nThe patch enables the SELinux LSM to set the peer security context for\na socket based on the security context of the IPSec security\nassociation. The application may retrieve this context using\ngetsockopt. When called, the kernel determines if the socket is a\nconnected (TCP_ESTABLISHED) TCP socket and, if so, uses the dst_entry\ncache on the socket to retrieve the security associations. If a\nsecurity association has a security context, the context string is\nreturned, as for UNIX domain sockets.\n\n- Design for UDP\nUnlike TCP, UDP is connectionless. This requires a somewhat different\nAPI to retrieve the peer security context. With TCP, the peer\nsecurity context stays the same throughout the connection, thus it can\nbe retrieved at any time between when the connection is established\nand when it is torn down. With UDP, each read/write can have\ndifferent peer and thus the security context might change every time.\nAs a result the security context retrieval must be done TOGETHER with\nthe packet retrieval.\n\nThe solution is to build upon the existing Unix domain socket API for\nretrieving user credentials. Linux offers the API for obtaining user\ncredentials via ancillary messages (i.e., out of band/control messages\nthat are bundled together with a normal message).\n\nPatch implementation details:\n\n- Implementation for TCP\nThe security context can be retrieved by applications using getsockopt\nwith the existing SO_PEERSEC flag. As an example (ignoring error\nchecking):\n\ngetsockopt(sockfd, SOL_SOCKET, SO_PEERSEC, optbuf, \u0026optlen);\nprintf(\"Socket peer context is: %s\\n\", optbuf);\n\nThe SELinux function, selinux_socket_getpeersec, is extended to check\nfor labeled security associations for connected (TCP_ESTABLISHED \u003d\u003d\nsk-\u003esk_state) TCP sockets only. If so, the socket has a dst_cache of\nstruct dst_entry values that may refer to security associations. If\nthese have security associations with security contexts, the security\ncontext is returned.\n\ngetsockopt returns a buffer that contains a security context string or\nthe buffer is unmodified.\n\n- Implementation for UDP\nTo retrieve the security context, the application first indicates to\nthe kernel such desire by setting the IP_PASSSEC option via\ngetsockopt. Then the application retrieves the security context using\nthe auxiliary data mechanism.\n\nAn example server application for UDP should look like this:\n\ntoggle \u003d 1;\ntoggle_len \u003d sizeof(toggle);\n\nsetsockopt(sockfd, SOL_IP, IP_PASSSEC, \u0026toggle, \u0026toggle_len);\nrecvmsg(sockfd, \u0026msg_hdr, 0);\nif (msg_hdr.msg_controllen \u003e sizeof(struct cmsghdr)) {\n cmsg_hdr \u003d CMSG_FIRSTHDR(\u0026msg_hdr);\n if (cmsg_hdr-\u003ecmsg_len \u003c\u003d CMSG_LEN(sizeof(scontext)) \u0026\u0026\n cmsg_hdr-\u003ecmsg_level \u003d\u003d SOL_IP \u0026\u0026\n cmsg_hdr-\u003ecmsg_type \u003d\u003d SCM_SECURITY) {\n memcpy(\u0026scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));\n }\n}\n\nip_setsockopt is enhanced with a new socket option IP_PASSSEC to allow\na server socket to receive security context of the peer. A new\nancillary message type SCM_SECURITY.\n\nWhen the packet is received we get the security context from the\nsec_path pointer which is contained in the sk_buff, and copy it to the\nancillary message space. An additional LSM hook,\nselinux_socket_getpeersec_udp, is defined to retrieve the security\ncontext from the SELinux space. The existing function,\nselinux_socket_getpeersec does not suit our purpose, because the\nsecurity context is copied directly to user space, rather than to\nkernel space.\n\nTesting:\n\nWe have tested the patch by setting up TCP and UDP connections between\napplications on two machines using the IPSec policies that result in\nlabeled security associations being built. For TCP, we can then\nextract the peer security context using getsockopt on either end. For\nUDP, the receiving end can retrieve the security context using the\nauxiliary data mechanism of recvmsg.\n\nSigned-off-by: Catherine Zhang \u003ccxzhang@watson.ibm.com\u003e\nAcked-by: James Morris \u003cjmorris@namei.org\u003e\nAcked-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "b97bf3fd8f6a16966d4f18983b2c40993ff937d4", "tree": "59959f8a0f3087455efdcb430846686f303c5991", "parents": [ "58cba4650a7a414eabd2b40cc9d8e45fcdf192d9" ], "author": { "name": "Per Liden", "email": "per.liden@nospam.ericsson.com", "time": "Mon Jan 02 19:04:38 2006 +0100" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Thu Jan 12 14:06:31 2006 -0800" }, "message": "[TIPC] Initial merge\n\nTIPC (Transparent Inter Process Communication) is a protocol designed for\nintra cluster communication. For more information see\nhttp://tipc.sourceforge.net\n\nSigned-off-by: Per Liden \u003cper.liden@nospam.ericsson.com\u003e\n" }, { "commit": "77d76ea310b50a9c8ff15bd290fcb4ed4961adf2", "tree": "7d6e8b2426d4b3debe5ddf838ab2a2ef13f1b106", "parents": [ "7708610b1bff4a0ba8a73733d3c7c4bda9f94b21" ], "author": { "name": "Andi Kleen", "email": "ak@suse.de", "time": "Thu Dec 22 12:43:42 2005 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Tue Jan 03 13:11:14 2006 -0800" }, "message": "[NET]: Small cleanup to socket initialization\n\nsock_init can be done as a core_initcall instead of calling\nit directly in init/main.c\n\nAlso I removed an out of date #ifdef.\n\nSigned-off-by: Andi Kleen \u003cak@suse.de\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "20380731bc2897f2952ae055420972ded4cd786e", "tree": "abd31e5ebfadcf4f9024634eec8b11855029e512", "parents": [ "9deff7f2365958c5c5aa8cb5a0dd651c4dd83f8f" ], "author": { "name": "Arnaldo Carvalho de Melo", "email": "acme@mandriva.com", "time": "Tue Aug 16 02:18:02 2005 -0300" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Aug 29 16:01:32 2005 -0700" }, "message": "[NET]: Fix sparse warnings\n\nOf this type, mostly:\n\nCHECK net/ipv6/netfilter.c\nnet/ipv6/netfilter.c:96:12: warning: symbol \u0027ipv6_netfilter_init\u0027 was not declared. Should it be static?\nnet/ipv6/netfilter.c:101:6: warning: symbol \u0027ipv6_netfilter_fini\u0027 was not declared. Should it be static?\n\nSigned-off-by: Arnaldo Carvalho de Melo \u003cacme@mandriva.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "9a4595bc7e67962f13232ee55a64e063062c3a99", "tree": "9691d77701cad7e0d4fb62390acf525f3adb9d60", "parents": [ "f7fa9b10edbb9391bdd4ec8e8b3d621d0664b198" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Mon Aug 15 12:32:15 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Aug 29 16:01:07 2005 -0700" }, "message": "[NETLINK]: Add set/getsockopt options to support more than 32 groups\n\nNETLINK_ADD_MEMBERSHIP/NETLINK_DROP_MEMBERSHIP are used to join/leave\ngroups, NETLINK_PKTINFO is used to enable nl_pktinfo control messages\nfor received packets to get the extended destination group number.\n\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7c657876b63cb1d8a2ec06f8fc6c37bb8412e66c", "tree": "3cb2732870c9cf8f976cb6fa57e0223f1c648e2a", "parents": [ "c4365c9235f80128c3c3d5993074173941b1c1f0" ], "author": { "name": "Arnaldo Carvalho de Melo", "email": "acme@ghostprotocols.net", "time": "Tue Aug 09 20:14:34 2005 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@sunset.davemloft.net", "time": "Mon Aug 29 15:49:46 2005 -0700" }, "message": "[DCCP]: Initial implementation\n\nDevelopment to this point was done on a subversion repository at:\n\nhttp://oops.ghostprotocols.net:81/cgi-bin/viewcvs.cgi/dccp-2.6/\n\nThis repository will be kept at this site for the foreseable future,\nso that interested parties can see the history of this code,\nattributions, etc.\n\nIf I ever decide to take this offline I\u0027ll provide the full history at\nsome other suitable place.\n\nSigned-off-by: Arnaldo Carvalho de Melo \u003cacme@ghostprotocols.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "tree": "0bba044c4ce775e45a88a51686b5d9f90697ea9d", "parents": [], "author": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@ppc970.osdl.org", "time": "Sat Apr 16 15:20:36 2005 -0700" }, "message": "Linux-2.6.12-rc2\n\nInitial git repository build. I\u0027m not bothering with the full history,\neven though we have it. We can create a separate \"historical\" git\narchive of that later if we want to, and in the meantime it\u0027s about\n3.2GB when imported into git - space that would just make the early\ngit days unnecessarily complicated, when we don\u0027t have a lot of good\ninfrastructure for it.\n\nLet it rip!\n" } ] }