SELinux-sctp.rst - OpenGrok cross reference for /kernel/linux/linux-4.19/Documentation/security/SELinux-sctp.rst

Lines Matching +full:multi +full:- +full:socket
7 ``Documentation/security/LSM-sctp.rst`` describes the following SCTP security
17 -----------------------------
18 Passes the ``@ep`` and ``@chunk->skb`` of the association INIT packet to the
22     @ep - pointer to sctp endpoint structure.
23     @skb - pointer to skbuff of association packet.
26      IF this is the first association on ``@ep->base.sk``, then set the peer
28      assigned to ``@ep->base.sk`` that may support multiple associations.
30      ELSE validate the ``@ep->base.sk peer_sid`` against the ``@skb peer sid``
33      Set the sctp ``@ep sid`` to socket's sid (from ``ep->base.sk``) with
35      TCP style sockets and peeled off connections as they cause a new socket
39      options are set on the socket.
43 -----------------------------
47   ------------------------------------------------------------------
50   |----------------------------|-----------------------------------|
54   ------------------------------------------------------------------
56   ------------------------------------------------------------------
59   |----------------------------|-----------------------------------|
64   ------------------------------------------------------------------
67 ``Documentation/security/LSM-sctp.rst`` gives a summary of the ``@optname``
73 -------------------------
74 Called whenever a new socket is created by **accept**\(2) (i.e. a TCP style
75 socket) or when a socket is 'peeled off' e.g userspace calls
81     @ep - pointer to current sctp endpoint structure.
82     @sk - pointer to current sock structure.
83     @sk - pointer to new sock structure.
87 ---------------------------------
91     @sk  - pointer to sock structure.
92     @skb - pointer to skbuff of the COOKIE ACK packet.
100     class sctp_socket inherits socket { node_bind }
113     portcon sctp 1024-1036 system_u:object_r:sctp_ports_t:s0
118 An SCTP socket will only have one peer label assigned to it. This will be
120 associations on this socket will have their packet peer label compared to
123 socket peer sid against the received packets peer sid to determine whether
131       (multi-homing) on a single socket, it is possible to configure policy
133       socket peer label is determined by the first associations transport
143       label (see **netlabel-config**\(8) helper script for details).
146       set of posts tagged "netlabel" at: http://www.paul-moore.com/blog/t.
148    6) CIPSO is only supported for IPv4 addressing: ``socket(AF_INET, ...)``
149       CALIPSO is only supported for IPv6 addressing: ``socket(AF_INET6, ...)``
156    7) IPSEC is not supported as RFC 3554 - sctp/ipsec support has not been