calipso: Add a label cache. This works in exactly the same way as the CIPSO label cache. The idea is to allow the lsm to cache the result of a secattr lookup so that it doesn't need to perform the lookup for every skbuff. It introduces two sysctl controls: calipso_cache_enable - enables/disables the cache. calipso_cache_bucket_size - sets the size of a cache bucket. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>

commit: 4fee5242bf41d9ad641d4c1b821e36eb7ba37fbf [log] [tgz]
author: Huw Davies <huw@codeweavers.com> Mon Jun 27 15:06:17 2016 -0400
committer: Paul Moore <paul@paul-moore.com> Mon Jun 27 15:06:17 2016 -0400
tree: 6b79290fc0dbeffe30945235ca86576b652c84dd
parent: 2e532b702834c07f614caf4489feb691e713232a [diff] [blame]
diff --git a/include/net/calipso.h b/include/net/calipso.h
index 85404e2..b1b30cd 100644
--- a/include/net/calipso.h
+++ b/include/net/calipso.h

@@ -62,6 +62,12 @@
 	struct rcu_head rcu;
 };
 
+/*
+ * Sysctl Variables
+ */
+extern int calipso_cache_enabled;
+extern int calipso_cache_bucketsize;
+
 #ifdef CONFIG_NETLABEL
 int __init calipso_init(void);
 void calipso_exit(void);
commit	4fee5242bf41d9ad641d4c1b821e36eb7ba37fbf	[log] [tgz]
author	Huw Davies <huw@codeweavers.com>	Mon Jun 27 15:06:17 2016 -0400
committer	Paul Moore <paul@paul-moore.com>	Mon Jun 27 15:06:17 2016 -0400
tree	6b79290fc0dbeffe30945235ca86576b652c84dd
parent	2e532b702834c07f614caf4489feb691e713232a [diff] [blame]