summaryrefslogtreecommitdiff
path: root/Documentation/security/SCTP.rst
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/security/SCTP.rst')
-rw-r--r--Documentation/security/SCTP.rst22
1 files changed, 12 insertions, 10 deletions
diff --git a/Documentation/security/SCTP.rst b/Documentation/security/SCTP.rst
index 406cc68b8808..d5fd6ccc3dcb 100644
--- a/Documentation/security/SCTP.rst
+++ b/Documentation/security/SCTP.rst
@@ -15,7 +15,10 @@ For security module support, three SCTP specific hooks have been implemented::
security_sctp_assoc_request()
security_sctp_bind_connect()
security_sctp_sk_clone()
- security_sctp_assoc_established()
+
+Also the following security hook has been utilised::
+
+ security_inet_conn_established()
The usage of these hooks are described below with the SELinux implementation
described in the `SCTP SELinux Support`_ chapter.
@@ -119,12 +122,11 @@ calls **sctp_peeloff**\(3).
@newsk - pointer to new sock structure.
-security_sctp_assoc_established()
+security_inet_conn_established()
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Called when a COOKIE ACK is received, and the peer secid will be
-saved into ``@asoc->peer_secid`` for client::
+Called when a COOKIE ACK is received::
- @asoc - pointer to sctp association structure.
+ @sk - pointer to sock structure.
@skb - pointer to skbuff of the COOKIE ACK packet.
@@ -132,7 +134,7 @@ Security Hooks used for Association Establishment
-------------------------------------------------
The following diagram shows the use of ``security_sctp_bind_connect()``,
-``security_sctp_assoc_request()``, ``security_sctp_assoc_established()`` when
+``security_sctp_assoc_request()``, ``security_inet_conn_established()`` when
establishing an association.
::
@@ -170,7 +172,7 @@ establishing an association.
<------------------------------------------- COOKIE ACK
| |
sctp_sf_do_5_1E_ca |
- Call security_sctp_assoc_established() |
+ Call security_inet_conn_established() |
to set the peer label. |
| |
| If SCTP_SOCKET_TCP or peeled off
@@ -196,7 +198,7 @@ hooks with the SELinux specifics expanded below::
security_sctp_assoc_request()
security_sctp_bind_connect()
security_sctp_sk_clone()
- security_sctp_assoc_established()
+ security_inet_conn_established()
security_sctp_assoc_request()
@@ -269,12 +271,12 @@ sockets sid and peer sid to that contained in the ``@asoc sid`` and
@newsk - pointer to new sock structure.
-security_sctp_assoc_established()
+security_inet_conn_established()
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Called when a COOKIE ACK is received where it sets the connection's peer sid
to that in ``@skb``::
- @asoc - pointer to sctp association structure.
+ @sk - pointer to sock structure.
@skb - pointer to skbuff of the COOKIE ACK packet.