Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
awilliam
GitHub Repository: awilliam/linux-vfio
 Path: blob/master/net/netlabel/netlabel_cipso_v4.h
15109 views
1
/*

2
 * NetLabel CIPSO/IPv4 Support

3
 *

4
 * This file defines the CIPSO/IPv4 functions for the NetLabel system.  The

5
 * NetLabel system manages static and dynamic label mappings for network

6
 * protocols such as CIPSO and RIPSO.

7
 *

8
 * Author: Paul Moore <[email protected]>

9
 *

10
 */

11


12
/*

13
 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006

14
 *

15
 * This program is free software;  you can redistribute it and/or modify

16
 * it under the terms of the GNU General Public License as published by

17
 * the Free Software Foundation; either version 2 of the License, or

18
 * (at your option) any later version.

19
 *

20
 * This program is distributed in the hope that it will be useful,

21
 * but WITHOUT ANY WARRANTY;  without even the implied warranty of

22
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See

23
 * the GNU General Public License for more details.

24
 *

25
 * You should have received a copy of the GNU General Public License

26
 * along with this program;  if not, write to the Free Software

27
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

28
 *

29
 */

30


31
#ifndef _NETLABEL_CIPSO_V4

32
#define _NETLABEL_CIPSO_V4

33


34
#include <net/netlabel.h>

35


36
/*

37
 * The following NetLabel payloads are supported by the CIPSO subsystem.

38
 *

39
 * o ADD:

40
 *   Sent by an application to add a new DOI mapping table.

41
 *

42
 *   Required attributes:

43
 *

44
 *     NLBL_CIPSOV4_A_DOI

45
 *     NLBL_CIPSOV4_A_MTYPE

46
 *     NLBL_CIPSOV4_A_TAGLST

47
 *

48
 *   If using CIPSO_V4_MAP_TRANS the following attributes are required:

49
 *

50
 *     NLBL_CIPSOV4_A_MLSLVLLST

51
 *     NLBL_CIPSOV4_A_MLSCATLST

52
 *

53
 *   If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes

54
 *   are required.

55
 *

56
 * o REMOVE:

57
 *   Sent by an application to remove a specific DOI mapping table from the

58
 *   CIPSO V4 system.

59
 *

60
 *   Required attributes:

61
 *

62
 *     NLBL_CIPSOV4_A_DOI

63
 *

64
 * o LIST:

65
 *   Sent by an application to list the details of a DOI definition.  On

66
 *   success the kernel should send a response using the following format.

67
 *

68
 *   Required attributes:

69
 *

70
 *     NLBL_CIPSOV4_A_DOI

71
 *

72
 *   The valid response message format depends on the type of the DOI mapping,

73
 *   the defined formats are shown below.

74
 *

75
 *   Required attributes:

76
 *

77
 *     NLBL_CIPSOV4_A_MTYPE

78
 *     NLBL_CIPSOV4_A_TAGLST

79
 *

80
 *   If using CIPSO_V4_MAP_TRANS the following attributes are required:

81
 *

82
 *     NLBL_CIPSOV4_A_MLSLVLLST

83
 *     NLBL_CIPSOV4_A_MLSCATLST

84
 *

85
 *   If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes

86
 *   are required.

87
 *

88
 * o LISTALL:

89
 *   This message is sent by an application to list the valid DOIs on the

90
 *   system.  When sent by an application there is no payload and the

91
 *   NLM_F_DUMP flag should be set.  The kernel should respond with a series of

92
 *   the following messages.

93
 *

94
 *   Required attributes:

95
 *

96
 *    NLBL_CIPSOV4_A_DOI

97
 *    NLBL_CIPSOV4_A_MTYPE

98
 *

99
 */

100


101
/* NetLabel CIPSOv4 commands */

102
enum {

103
	NLBL_CIPSOV4_C_UNSPEC,

104
	NLBL_CIPSOV4_C_ADD,

105
	NLBL_CIPSOV4_C_REMOVE,

106
	NLBL_CIPSOV4_C_LIST,

107
	NLBL_CIPSOV4_C_LISTALL,

108
	__NLBL_CIPSOV4_C_MAX,

109
};

110


111
/* NetLabel CIPSOv4 attributes */

112
enum {

113
	NLBL_CIPSOV4_A_UNSPEC,

114
	NLBL_CIPSOV4_A_DOI,

115
	/* (NLA_U32)

116
	 * the DOI value */

117
	NLBL_CIPSOV4_A_MTYPE,

118
	/* (NLA_U32)

119
	 * the mapping table type (defined in the cipso_ipv4.h header as

120
	 * CIPSO_V4_MAP_*) */

121
	NLBL_CIPSOV4_A_TAG,

122
	/* (NLA_U8)

123
	 * a CIPSO tag type, meant to be used within a NLBL_CIPSOV4_A_TAGLST

124
	 * attribute */

125
	NLBL_CIPSOV4_A_TAGLST,

126
	/* (NLA_NESTED)

127
	 * the CIPSO tag list for the DOI, there must be at least one

128
	 * NLBL_CIPSOV4_A_TAG attribute, tags listed first are given higher

129
	 * priorirty when sending packets */

130
	NLBL_CIPSOV4_A_MLSLVLLOC,

131
	/* (NLA_U32)

132
	 * the local MLS sensitivity level */

133
	NLBL_CIPSOV4_A_MLSLVLREM,

134
	/* (NLA_U32)

135
	 * the remote MLS sensitivity level */

136
	NLBL_CIPSOV4_A_MLSLVL,

137
	/* (NLA_NESTED)

138
	 * a MLS sensitivity level mapping, must contain only one attribute of

139
	 * each of the following types: NLBL_CIPSOV4_A_MLSLVLLOC and

140
	 * NLBL_CIPSOV4_A_MLSLVLREM */

141
	NLBL_CIPSOV4_A_MLSLVLLST,

142
	/* (NLA_NESTED)

143
	 * the CIPSO level mappings, there must be at least one

144
	 * NLBL_CIPSOV4_A_MLSLVL attribute */

145
	NLBL_CIPSOV4_A_MLSCATLOC,

146
	/* (NLA_U32)

147
	 * the local MLS category */

148
	NLBL_CIPSOV4_A_MLSCATREM,

149
	/* (NLA_U32)

150
	 * the remote MLS category */

151
	NLBL_CIPSOV4_A_MLSCAT,

152
	/* (NLA_NESTED)

153
	 * a MLS category mapping, must contain only one attribute of each of

154
	 * the following types: NLBL_CIPSOV4_A_MLSCATLOC and

155
	 * NLBL_CIPSOV4_A_MLSCATREM */

156
	NLBL_CIPSOV4_A_MLSCATLST,

157
	/* (NLA_NESTED)

158
	 * the CIPSO category mappings, there must be at least one

159
	 * NLBL_CIPSOV4_A_MLSCAT attribute */

160
	__NLBL_CIPSOV4_A_MAX,

161
};

162
#define NLBL_CIPSOV4_A_MAX (__NLBL_CIPSOV4_A_MAX - 1)

163


164
/* NetLabel protocol functions */

165
int netlbl_cipsov4_genl_init(void);

166


167
/* Free the memory associated with a CIPSOv4 DOI definition */

168
void netlbl_cipsov4_doi_free(struct rcu_head *entry);

169


170
#endif

171


172