calipso: Add validation of CALIPSO option.
Lengths, checksum and the DOI are checked. Checking of the
level and categories are left for the socket layer.
CRC validation is performed in the calipso module to avoid
unconditionally linking crc_ccitt() into ipv6.
Signed-off-by: Huw Davies <huw@codeweavers.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
diff --git a/include/net/calipso.h b/include/net/calipso.h
index 38dbb47..85404e2 100644
--- a/include/net/calipso.h
+++ b/include/net/calipso.h
@@ -65,6 +65,7 @@
#ifdef CONFIG_NETLABEL
int __init calipso_init(void);
void calipso_exit(void);
+bool calipso_validate(const struct sk_buff *skb, const unsigned char *option);
#else
static inline int __init calipso_init(void)
{
@@ -74,6 +75,11 @@
static inline void calipso_exit(void)
{
}
+static inline bool calipso_validate(const struct sk_buff *skb,
+ const unsigned char *option)
+{
+ return true;
+}
#endif /* CONFIG_NETLABEL */
#endif /* _CALIPSO_H */