[LSM-IPSec]: Security association restriction.

[mirror_ubuntu-zesty-kernel.git] / include / linux / pfkeyv2.h

diff --git a/include/linux/pfkeyv2.h b/include/linux/pfkeyv2.h
index 724066778affe84f50bbdf8d6a08a245e26132f4..6351c4055acea365d682d33c89f42b5b8a16b035 100644 (file)
--- a/include/linux/pfkeyv2.h
+++ b/include/linux/pfkeyv2.h
@@ -216,6 +216,16 @@ struct sadb_x_nat_t_port {
 } __attribute__((packed));
 /* sizeof(struct sadb_x_nat_t_port) == 8 */
 
+/* Generic LSM security context */
+struct sadb_x_sec_ctx {
+       uint16_t        sadb_x_sec_len;
+       uint16_t        sadb_x_sec_exttype;
+       uint8_t         sadb_x_ctx_alg;  /* LSMs: e.g., selinux == 1 */
+       uint8_t         sadb_x_ctx_doi;
+       uint16_t        sadb_x_ctx_len;
+} __attribute__((packed));
+/* sizeof(struct sadb_sec_ctx) = 8 */
+
 /* Message types */
 #define SADB_RESERVED          0
 #define SADB_GETSPI            1
@@ -325,7 +335,8 @@ struct sadb_x_nat_t_port {
 #define SADB_X_EXT_NAT_T_SPORT         21
 #define SADB_X_EXT_NAT_T_DPORT         22
 #define SADB_X_EXT_NAT_T_OA            23
-#define SADB_EXT_MAX                   23
+#define SADB_X_EXT_SEC_CTX             24
+#define SADB_EXT_MAX                   24
 
 /* Identity Extension values */
 #define SADB_IDENTTYPE_RESERVED        0