calipso: Add a label cache.

This works in exactly the same way as the CIPSO label cache. The idea is to allow the lsm to cache the result of a secattr lookup so that it doesn't need to perform the lookup for every skbuff. It introduces two sysctl controls: calipso_cache_enable - enables/disables the cache. calipso_cache_bucket_size - sets the size of a cache bucket. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Huw Davies <huw@codeweavers.com> 2016-06-27 15:06:17 -0400
committer: Paul Moore <paul@paul-moore.com> 2016-06-27 15:06:17 -0400
commit: 4fee5242bf41d9ad641d4c1b821e36eb7ba37fbf (patch)
tree: 6b79290fc0dbeffe30945235ca86576b652c84dd /net/netlabel/netlabel_calipso.h
parent: 2e532b702834c07f614caf4489feb691e713232a (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netlabel/netlabel_calipso.h b/net/netlabel/netlabel_calipso.h
index 66ba92e9289f..9fd291cd0fc5 100644
--- a/net/netlabel/netlabel_calipso.h
+++ b/net/netlabel/netlabel_calipso.h
@@ -144,5 +144,8 @@ int calipso_skbuff_setattr(struct sk_buff *skb,
 			   const struct calipso_doi *doi_def,
 			   const struct netlbl_lsm_secattr *secattr);
 int calipso_skbuff_delattr(struct sk_buff *skb);
+void calipso_cache_invalidate(void);
+int calipso_cache_add(const unsigned char *calipso_ptr,
+		      const struct netlbl_lsm_secattr *secattr);
 
 #endif
author	Huw Davies <huw@codeweavers.com>	2016-06-27 15:06:17 -0400
committer	Paul Moore <paul@paul-moore.com>	2016-06-27 15:06:17 -0400
commit	4fee5242bf41d9ad641d4c1b821e36eb7ba37fbf (patch)
tree	6b79290fc0dbeffe30945235ca86576b652c84dd /net/netlabel/netlabel_calipso.h
parent	2e532b702834c07f614caf4489feb691e713232a (diff)