netlabel: Add an address family to domain hash entries.

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The reason is to allow different labelling protocols for
different address families with the same domain.

This requires the addition of an address family attribute
in the netlink communication protocol. It is used in several
messages:

NLBL_MGMT_C_ADD and NLBL_MGMT_C_ADDDEF take it as an optional
attribute for the unlabelled protocol. It may be one of AF_INET,
AF_INET6 or AF_UNSPEC (to specify both address families). If it
is missing, it defaults to AF_UNSPEC.

NLBL_MGMT_C_LISTALL and NLBL_MGMT_C_LISTDEF return it as part of
the enumeration of each item. Addtionally, it may be sent to
LISTDEF to specify which address family to return.

Signed-off-by: Huw Davies <huw@codeweavers.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

authored by

Huw Davies and committed by

Paul Moore 9 years ago 8f18e675 96a8f7f8

+192 -58

6 changed files

expand all

net

netlabel

netlabel_domainhash.c

netlabel_domainhash.h

netlabel_kapi.c

netlabel_mgmt.c

netlabel_mgmt.h

netlabel_unlabeled.c

+137 -45

net/netlabel/netlabel_domainhash.c

··· 56 56 #define netlbl_domhsh_rcu_deref(p) \ 57 57 rcu_dereference_check(p, lockdep_is_held(&netlbl_domhsh_lock)) 58 58 static struct netlbl_domhsh_tbl __rcu *netlbl_domhsh; 59 - static struct netlbl_dom_map __rcu *netlbl_domhsh_def; 59 + static struct netlbl_dom_map __rcu *netlbl_domhsh_def_ipv4; 60 + static struct netlbl_dom_map __rcu *netlbl_domhsh_def_ipv6; 60 61 61 62 /* 62 63 * Domain Hash Table Helper Functions ··· 127 126 return val & (netlbl_domhsh_rcu_deref(netlbl_domhsh)->size - 1); 128 127 } 129 128 129 + static bool netlbl_family_match(u16 f1, u16 f2) 130 + { 131 + return (f1 == f2) || (f1 == AF_UNSPEC) || (f2 == AF_UNSPEC); 132 + } 133 + 130 134 /** 131 135 * netlbl_domhsh_search - Search for a domain entry 132 136 * @domain: the domain 137 + * @family: the address family 133 138 * 134 139 * Description: 135 140 * Searches the domain hash table and returns a pointer to the hash table 136 - * entry if found, otherwise NULL is returned. The caller is responsible for 141 + * entry if found, otherwise NULL is returned. @family may be %AF_UNSPEC 142 + * which matches any address family entries. The caller is responsible for 137 143 * ensuring that the hash table is protected with either a RCU read lock or the 138 144 * hash table lock. 139 145 * 140 146 */ 141 - static struct netlbl_dom_map *netlbl_domhsh_search(const char *domain) 147 + static struct netlbl_dom_map *netlbl_domhsh_search(const char *domain, 148 + u16 family) 142 149 { 143 150 u32 bkt; 144 151 struct list_head *bkt_list; ··· 156 147 bkt = netlbl_domhsh_hash(domain); 157 148 bkt_list = &netlbl_domhsh_rcu_deref(netlbl_domhsh)->tbl[bkt]; 158 149 list_for_each_entry_rcu(iter, bkt_list, list) 159 - if (iter->valid && strcmp(iter->domain, domain) == 0) 150 + if (iter->valid && 151 + netlbl_family_match(iter->family, family) && 152 + strcmp(iter->domain, domain) == 0) 160 153 return iter; 161 154 } 162 155 ··· 168 157 /** 169 158 * netlbl_domhsh_search_def - Search for a domain entry 170 159 * @domain: the domain 171 - * @def: return default if no match is found 160 + * @family: the address family 172 161 * 173 162 * Description: 174 163 * Searches the domain hash table and returns a pointer to the hash table 175 164 * entry if an exact match is found, if an exact match is not present in the 176 165 * hash table then the default entry is returned if valid otherwise NULL is 177 - * returned. The caller is responsible ensuring that the hash table is 166 + * returned. @family may be %AF_UNSPEC which matches any address family 167 + * entries. The caller is responsible ensuring that the hash table is 178 168 * protected with either a RCU read lock or the hash table lock. 179 169 * 180 170 */ 181 - static struct netlbl_dom_map *netlbl_domhsh_search_def(const char *domain) 171 + static struct netlbl_dom_map *netlbl_domhsh_search_def(const char *domain, 172 + u16 family) 182 173 { 183 174 struct netlbl_dom_map *entry; 184 175 185 - entry = netlbl_domhsh_search(domain); 186 - if (entry == NULL) { 187 - entry = netlbl_domhsh_rcu_deref(netlbl_domhsh_def); 188 - if (entry != NULL && !entry->valid) 189 - entry = NULL; 176 + entry = netlbl_domhsh_search(domain, family); 177 + if (entry != NULL) 178 + return entry; 179 + if (family == AF_INET || family == AF_UNSPEC) { 180 + entry = netlbl_domhsh_rcu_deref(netlbl_domhsh_def_ipv4); 181 + if (entry != NULL && entry->valid) 182 + return entry; 183 + } 184 + if (family == AF_INET6 || family == AF_UNSPEC) { 185 + entry = netlbl_domhsh_rcu_deref(netlbl_domhsh_def_ipv6); 186 + if (entry != NULL && entry->valid) 187 + return entry; 190 188 } 191 189 192 - return entry; 190 + return NULL; 193 191 } 194 192 195 193 /** ··· 284 264 if (entry == NULL) 285 265 return -EINVAL; 286 266 267 + if (entry->family != AF_INET && entry->family != AF_INET6 && 268 + (entry->family != AF_UNSPEC || 269 + entry->def.type != NETLBL_NLTYPE_UNLABELED)) 270 + return -EINVAL; 271 + 287 272 switch (entry->def.type) { 288 273 case NETLBL_NLTYPE_UNLABELED: 289 274 if (entry->def.cipso != NULL || entry->def.addrsel != NULL) 290 275 return -EINVAL; 291 276 break; 292 277 case NETLBL_NLTYPE_CIPSOV4: 293 - if (entry->def.cipso == NULL) 278 + if (entry->family != AF_INET || 279 + entry->def.cipso == NULL) 294 280 return -EINVAL; 295 281 break; 296 282 case NETLBL_NLTYPE_ADDRSELECT: ··· 384 358 * 385 359 * Description: 386 360 * Adds a new entry to the domain hash table and handles any updates to the 387 - * lower level protocol handler (i.e. CIPSO). Returns zero on success, 388 - * negative on failure. 361 + * lower level protocol handler (i.e. CIPSO). @entry->family may be set to 362 + * %AF_UNSPEC which will add an entry that matches all address families. This 363 + * is only useful for the unlabelled type and will only succeed if there is no 364 + * existing entry for any address family with the same domain. Returns zero 365 + * on success, negative on failure. 389 366 * 390 367 */ 391 368 int netlbl_domhsh_add(struct netlbl_dom_map *entry, 392 369 struct netlbl_audit *audit_info) 393 370 { 394 371 int ret_val = 0; 395 - struct netlbl_dom_map *entry_old; 372 + struct netlbl_dom_map *entry_old, *entry_b; 396 373 struct netlbl_af4list *iter4; 397 374 struct netlbl_af4list *tmp4; 398 375 #if IS_ENABLED(CONFIG_IPV6) ··· 414 385 rcu_read_lock(); 415 386 spin_lock(&netlbl_domhsh_lock); 416 387 if (entry->domain != NULL) 417 - entry_old = netlbl_domhsh_search(entry->domain); 388 + entry_old = netlbl_domhsh_search(entry->domain, entry->family); 418 389 else 419 - entry_old = netlbl_domhsh_search_def(entry->domain); 390 + entry_old = netlbl_domhsh_search_def(entry->domain, 391 + entry->family); 420 392 if (entry_old == NULL) { 421 393 entry->valid = 1; 422 394 ··· 427 397 &rcu_dereference(netlbl_domhsh)->tbl[bkt]); 428 398 } else { 429 399 INIT_LIST_HEAD(&entry->list); 430 - rcu_assign_pointer(netlbl_domhsh_def, entry); 400 + switch (entry->family) { 401 + case AF_INET: 402 + rcu_assign_pointer(netlbl_domhsh_def_ipv4, 403 + entry); 404 + break; 405 + case AF_INET6: 406 + rcu_assign_pointer(netlbl_domhsh_def_ipv6, 407 + entry); 408 + break; 409 + case AF_UNSPEC: 410 + if (entry->def.type != 411 + NETLBL_NLTYPE_UNLABELED) { 412 + ret_val = -EINVAL; 413 + goto add_return; 414 + } 415 + entry_b = kzalloc(sizeof(*entry_b), GFP_ATOMIC); 416 + if (entry_b == NULL) { 417 + ret_val = -ENOMEM; 418 + goto add_return; 419 + } 420 + entry_b->family = AF_INET6; 421 + entry_b->def.type = NETLBL_NLTYPE_UNLABELED; 422 + entry_b->valid = 1; 423 + entry->family = AF_INET; 424 + rcu_assign_pointer(netlbl_domhsh_def_ipv4, 425 + entry); 426 + rcu_assign_pointer(netlbl_domhsh_def_ipv6, 427 + entry_b); 428 + break; 429 + default: 430 + /* Already checked in 431 + * netlbl_domhsh_validate(). */ 432 + ret_val = -EINVAL; 433 + goto add_return; 434 + } 431 435 } 432 436 433 437 if (entry->def.type == NETLBL_NLTYPE_ADDRSELECT) { ··· 577 513 spin_lock(&netlbl_domhsh_lock); 578 514 if (entry->valid) { 579 515 entry->valid = 0; 580 - if (entry != rcu_dereference(netlbl_domhsh_def)) 581 - list_del_rcu(&entry->list); 516 + if (entry == rcu_dereference(netlbl_domhsh_def_ipv4)) 517 + RCU_INIT_POINTER(netlbl_domhsh_def_ipv4, NULL); 518 + else if (entry == rcu_dereference(netlbl_domhsh_def_ipv6)) 519 + RCU_INIT_POINTER(netlbl_domhsh_def_ipv6, NULL); 582 520 else 583 - RCU_INIT_POINTER(netlbl_domhsh_def, NULL); 521 + list_del_rcu(&entry->list); 584 522 } else 585 523 ret_val = -ENOENT; 586 524 spin_unlock(&netlbl_domhsh_lock); ··· 649 583 rcu_read_lock(); 650 584 651 585 if (domain) 652 - entry_map = netlbl_domhsh_search(domain); 586 + entry_map = netlbl_domhsh_search(domain, AF_INET); 653 587 else 654 - entry_map = netlbl_domhsh_search_def(domain); 588 + entry_map = netlbl_domhsh_search_def(domain, AF_INET); 655 589 if (entry_map == NULL || 656 590 entry_map->def.type != NETLBL_NLTYPE_ADDRSELECT) 657 591 goto remove_af4_failure; ··· 691 625 /** 692 626 * netlbl_domhsh_remove - Removes an entry from the domain hash table 693 627 * @domain: the domain to remove 628 + * @family: address family 694 629 * @audit_info: NetLabel audit information 695 630 * 696 631 * Description: 697 632 * Removes an entry from the domain hash table and handles any updates to the 698 - * lower level protocol handler (i.e. CIPSO). Returns zero on success, 699 - * negative on failure. 633 + * lower level protocol handler (i.e. CIPSO). @family may be %AF_UNSPEC which 634 + * removes all address family entries. Returns zero on success, negative on 635 + * failure. 700 636 * 701 637 */ 702 - int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info) 638 + int netlbl_domhsh_remove(const char *domain, u16 family, 639 + struct netlbl_audit *audit_info) 703 640 { 704 - int ret_val; 641 + int ret_val = -EINVAL; 705 642 struct netlbl_dom_map *entry; 706 643 707 644 rcu_read_lock(); 708 - if (domain) 709 - entry = netlbl_domhsh_search(domain); 710 - else 711 - entry = netlbl_domhsh_search_def(domain); 712 - ret_val = netlbl_domhsh_remove_entry(entry, audit_info); 645 + 646 + if (family == AF_INET || family == AF_UNSPEC) { 647 + if (domain) 648 + entry = netlbl_domhsh_search(domain, AF_INET); 649 + else 650 + entry = netlbl_domhsh_search_def(domain, AF_INET); 651 + ret_val = netlbl_domhsh_remove_entry(entry, audit_info); 652 + if (ret_val && ret_val != -ENOENT) 653 + goto done; 654 + } 655 + if (family == AF_INET6 || family == AF_UNSPEC) { 656 + int ret_val2; 657 + 658 + if (domain) 659 + entry = netlbl_domhsh_search(domain, AF_INET6); 660 + else 661 + entry = netlbl_domhsh_search_def(domain, AF_INET6); 662 + ret_val2 = netlbl_domhsh_remove_entry(entry, audit_info); 663 + if (ret_val2 != -ENOENT) 664 + ret_val = ret_val2; 665 + } 666 + done: 713 667 rcu_read_unlock(); 714 668 715 669 return ret_val; ··· 737 651 738 652 /** 739 653 * netlbl_domhsh_remove_default - Removes the default entry from the table 654 + * @family: address family 740 655 * @audit_info: NetLabel audit information 741 656 * 742 657 * Description: 743 - * Removes/resets the default entry for the domain hash table and handles any 744 - * updates to the lower level protocol handler (i.e. CIPSO). Returns zero on 745 - * success, non-zero on failure. 658 + * Removes/resets the default entry corresponding to @family from the domain 659 + * hash table and handles any updates to the lower level protocol handler 660 + * (i.e. CIPSO). @family may be %AF_UNSPEC which removes all address family 661 + * entries. Returns zero on success, negative on failure. 746 662 * 747 663 */ 748 - int netlbl_domhsh_remove_default(struct netlbl_audit *audit_info) 664 + int netlbl_domhsh_remove_default(u16 family, struct netlbl_audit *audit_info) 749 665 { 750 - return netlbl_domhsh_remove(NULL, audit_info); 666 + return netlbl_domhsh_remove(NULL, family, audit_info); 751 667 } 752 668 753 669 /** 754 670 * netlbl_domhsh_getentry - Get an entry from the domain hash table 755 671 * @domain: the domain name to search for 672 + * @family: address family 756 673 * 757 674 * Description: 758 675 * Look through the domain hash table searching for an entry to match @domain, 759 - * return a pointer to a copy of the entry or NULL. The caller is responsible 760 - * for ensuring that rcu_read_[un]lock() is called. 676 + * with address family @family, return a pointer to a copy of the entry or 677 + * NULL. The caller is responsible for ensuring that rcu_read_[un]lock() is 678 + * called. 761 679 * 762 680 */ 763 - struct netlbl_dom_map *netlbl_domhsh_getentry(const char *domain) 681 + struct netlbl_dom_map *netlbl_domhsh_getentry(const char *domain, u16 family) 764 682 { 765 - return netlbl_domhsh_search_def(domain); 683 + if (family == AF_UNSPEC) 684 + return NULL; 685 + return netlbl_domhsh_search_def(domain, family); 766 686 } 767 687 768 688 /** ··· 788 696 struct netlbl_dom_map *dom_iter; 789 697 struct netlbl_af4list *addr_iter; 790 698 791 - dom_iter = netlbl_domhsh_search_def(domain); 699 + dom_iter = netlbl_domhsh_search_def(domain, AF_INET); 792 700 if (dom_iter == NULL) 793 701 return NULL; 794 702 ··· 818 726 struct netlbl_dom_map *dom_iter; 819 727 struct netlbl_af6list *addr_iter; 820 728 821 - dom_iter = netlbl_domhsh_search_def(domain); 729 + dom_iter = netlbl_domhsh_search_def(domain, AF_INET6); 822 730 if (dom_iter == NULL) 823 731 return NULL; 824 732

+5 -3

net/netlabel/netlabel_domainhash.h

··· 70 70 71 71 struct netlbl_dom_map { 72 72 char *domain; 73 + u16 family; 73 74 struct netlbl_dommap_def def; 74 75 75 76 u32 valid; ··· 92 91 const struct in_addr *addr, 93 92 const struct in_addr *mask, 94 93 struct netlbl_audit *audit_info); 95 - int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info); 96 - int netlbl_domhsh_remove_default(struct netlbl_audit *audit_info); 97 - struct netlbl_dom_map *netlbl_domhsh_getentry(const char *domain); 94 + int netlbl_domhsh_remove(const char *domain, u16 family, 95 + struct netlbl_audit *audit_info); 96 + int netlbl_domhsh_remove_default(u16 family, struct netlbl_audit *audit_info); 97 + struct netlbl_dom_map *netlbl_domhsh_getentry(const char *domain, u16 family); 98 98 struct netlbl_dommap_def *netlbl_domhsh_getentry_af4(const char *domain, 99 99 __be32 addr); 100 100 #if IS_ENABLED(CONFIG_IPV6)

+4 -2

net/netlabel/netlabel_kapi.c

··· 72 72 struct netlbl_audit *audit_info) 73 73 { 74 74 if (addr == NULL && mask == NULL) { 75 - return netlbl_domhsh_remove(domain, audit_info); 75 + return netlbl_domhsh_remove(domain, family, audit_info); 76 76 } else if (addr != NULL && mask != NULL) { 77 77 switch (family) { 78 78 case AF_INET: ··· 119 119 if (entry->domain == NULL) 120 120 goto cfg_unlbl_map_add_failure; 121 121 } 122 + entry->family = family; 122 123 123 124 if (addr == NULL && mask == NULL) 124 125 entry->def.type = NETLBL_NLTYPE_UNLABELED; ··· 346 345 entry = kzalloc(sizeof(*entry), GFP_ATOMIC); 347 346 if (entry == NULL) 348 347 goto out_entry; 348 + entry->family = AF_INET; 349 349 if (domain != NULL) { 350 350 entry->domain = kstrdup(domain, GFP_ATOMIC); 351 351 if (entry->domain == NULL) ··· 775 773 struct netlbl_dom_map *dom_entry; 776 774 777 775 rcu_read_lock(); 778 - dom_entry = netlbl_domhsh_getentry(secattr->domain); 776 + dom_entry = netlbl_domhsh_getentry(secattr->domain, family); 779 777 if (dom_entry == NULL) { 780 778 ret_val = -ENOENT; 781 779 goto socket_setattr_return;

+26 -3

net/netlabel/netlabel_mgmt.c

··· 72 72 [NLBL_MGMT_A_PROTOCOL] = { .type = NLA_U32 }, 73 73 [NLBL_MGMT_A_VERSION] = { .type = NLA_U32 }, 74 74 [NLBL_MGMT_A_CV4DOI] = { .type = NLA_U32 }, 75 + [NLBL_MGMT_A_FAMILY] = { .type = NLA_U16 }, 75 76 }; 76 77 77 78 /* ··· 120 119 121 120 switch (entry->def.type) { 122 121 case NETLBL_NLTYPE_UNLABELED: 122 + if (info->attrs[NLBL_MGMT_A_FAMILY]) 123 + entry->family = 124 + nla_get_u16(info->attrs[NLBL_MGMT_A_FAMILY]); 125 + else 126 + entry->family = AF_UNSPEC; 123 127 break; 124 128 case NETLBL_NLTYPE_CIPSOV4: 125 129 if (!info->attrs[NLBL_MGMT_A_CV4DOI]) ··· 134 128 cipsov4 = cipso_v4_doi_getdef(tmp_val); 135 129 if (cipsov4 == NULL) 136 130 goto add_free_domain; 131 + entry->family = AF_INET; 137 132 entry->def.cipso = cipsov4; 138 133 break; 139 134 default: 140 135 goto add_free_domain; 141 136 } 137 + 138 + if ((entry->family == AF_INET && info->attrs[NLBL_MGMT_A_IPV6ADDR]) || 139 + (entry->family == AF_INET6 && info->attrs[NLBL_MGMT_A_IPV4ADDR])) 140 + goto add_doi_put_def; 142 141 143 142 if (info->attrs[NLBL_MGMT_A_IPV4ADDR]) { 144 143 struct in_addr *addr; ··· 189 178 goto add_free_addrmap; 190 179 } 191 180 181 + entry->family = AF_INET; 192 182 entry->def.type = NETLBL_NLTYPE_ADDRSELECT; 193 183 entry->def.addrsel = addrmap; 194 184 #if IS_ENABLED(CONFIG_IPV6) ··· 239 227 goto add_free_addrmap; 240 228 } 241 229 230 + entry->family = AF_INET6; 242 231 entry->def.type = NETLBL_NLTYPE_ADDRSELECT; 243 232 entry->def.addrsel = addrmap; 244 233 #endif /* IPv6 */ ··· 290 277 if (ret_val != 0) 291 278 return ret_val; 292 279 } 280 + 281 + ret_val = nla_put_u16(skb, NLBL_MGMT_A_FAMILY, entry->family); 282 + if (ret_val != 0) 283 + return ret_val; 293 284 294 285 switch (entry->def.type) { 295 286 case NETLBL_NLTYPE_ADDRSELECT: ··· 435 418 netlbl_netlink_auditinfo(skb, &audit_info); 436 419 437 420 domain = nla_data(info->attrs[NLBL_MGMT_A_DOMAIN]); 438 - return netlbl_domhsh_remove(domain, &audit_info); 421 + return netlbl_domhsh_remove(domain, AF_UNSPEC, &audit_info); 439 422 } 440 423 441 424 /** ··· 553 536 554 537 netlbl_netlink_auditinfo(skb, &audit_info); 555 538 556 - return netlbl_domhsh_remove_default(&audit_info); 539 + return netlbl_domhsh_remove_default(AF_UNSPEC, &audit_info); 557 540 } 558 541 559 542 /** ··· 573 556 struct sk_buff *ans_skb = NULL; 574 557 void *data; 575 558 struct netlbl_dom_map *entry; 559 + u16 family; 560 + 561 + if (info->attrs[NLBL_MGMT_A_FAMILY]) 562 + family = nla_get_u16(info->attrs[NLBL_MGMT_A_FAMILY]); 563 + else 564 + family = AF_INET; 576 565 577 566 ans_skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 578 567 if (ans_skb == NULL) ··· 589 566 goto listdef_failure; 590 567 591 568 rcu_read_lock(); 592 - entry = netlbl_domhsh_getentry(NULL); 569 + entry = netlbl_domhsh_getentry(NULL, family); 593 570 if (entry == NULL) { 594 571 ret_val = -ENOENT; 595 572 goto listdef_failure_lock;

+19 -5

net/netlabel/netlabel_mgmt.h

··· 58 58 * 59 59 * NLBL_MGMT_A_CV4DOI 60 60 * 61 - * If using NETLBL_NLTYPE_UNLABELED no other attributes are required. 61 + * If using NETLBL_NLTYPE_UNLABELED no other attributes are required, 62 + * however the following attribute may optionally be sent: 63 + * 64 + * NLBL_MGMT_A_FAMILY 62 65 * 63 66 * o REMOVE: 64 67 * Sent by an application to remove a domain mapping from the NetLabel ··· 80 77 * Required attributes: 81 78 * 82 79 * NLBL_MGMT_A_DOMAIN 80 + * NLBL_MGMT_A_FAMILY 83 81 * 84 82 * If the IP address selectors are not used the following attribute is 85 83 * required: ··· 112 108 * 113 109 * NLBL_MGMT_A_CV4DOI 114 110 * 115 - * If using NETLBL_NLTYPE_UNLABELED no other attributes are required. 111 + * If using NETLBL_NLTYPE_UNLABELED no other attributes are required, 112 + * however the following attribute may optionally be sent: 113 + * 114 + * NLBL_MGMT_A_FAMILY 116 115 * 117 116 * o REMOVEDEF: 118 117 * Sent by an application to remove the default domain mapping from the ··· 124 117 * o LISTDEF: 125 118 * This message can be sent either from an application or by the kernel in 126 119 * response to an application generated LISTDEF message. When sent by an 127 - * application there is no payload. On success the kernel should send a 128 - * response using the following format. 120 + * application there may be an optional payload. 129 121 * 130 - * If the IP address selectors are not used the following attribute is 122 + * NLBL_MGMT_A_FAMILY 123 + * 124 + * On success the kernel should send a response using the following format: 125 + * 126 + * If the IP address selectors are not used the following attributes are 131 127 * required: 132 128 * 133 129 * NLBL_MGMT_A_PROTOCOL 130 + * NLBL_MGMT_A_FAMILY 134 131 * 135 132 * If the IP address selectors are used then the following attritbute is 136 133 * required: ··· 220 209 /* (NLA_NESTED) 221 210 * the selector list, there must be at least one 222 211 * NLBL_MGMT_A_ADDRSELECTOR attribute */ 212 + NLBL_MGMT_A_FAMILY, 213 + /* (NLA_U16) 214 + * The address family */ 223 215 __NLBL_MGMT_A_MAX, 224 216 }; 225 217 #define NLBL_MGMT_A_MAX (__NLBL_MGMT_A_MAX - 1)

net/netlabel/netlabel_unlabeled.c

··· 1537 1537 entry = kzalloc(sizeof(*entry), GFP_KERNEL); 1538 1538 if (entry == NULL) 1539 1539 return -ENOMEM; 1540 + entry->family = AF_UNSPEC; 1540 1541 entry->def.type = NETLBL_NLTYPE_UNLABELED; 1541 1542 ret_val = netlbl_domhsh_add_default(entry, &audit_info); 1542 1543 if (ret_val != 0)