/* SPDX-License-Identifier: GPL-2.0-or-later */1/*2* NetLabel CIPSO/IPv4 Support3*4* This file defines the CIPSO/IPv4 functions for the NetLabel system. The5* NetLabel system manages static and dynamic label mappings for network6* protocols such as CIPSO and RIPSO.7*8* Author: Paul Moore <[email protected]>9*/1011/*12* (c) Copyright Hewlett-Packard Development Company, L.P., 200613*/1415#ifndef _NETLABEL_CIPSO_V416#define _NETLABEL_CIPSO_V41718#include <net/netlabel.h>1920/*21* The following NetLabel payloads are supported by the CIPSO subsystem.22*23* o ADD:24* Sent by an application to add a new DOI mapping table.25*26* Required attributes:27*28* NLBL_CIPSOV4_A_DOI29* NLBL_CIPSOV4_A_MTYPE30* NLBL_CIPSOV4_A_TAGLST31*32* If using CIPSO_V4_MAP_TRANS the following attributes are required:33*34* NLBL_CIPSOV4_A_MLSLVLLST35* NLBL_CIPSOV4_A_MLSCATLST36*37* If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes38* are required.39*40* o REMOVE:41* Sent by an application to remove a specific DOI mapping table from the42* CIPSO V4 system.43*44* Required attributes:45*46* NLBL_CIPSOV4_A_DOI47*48* o LIST:49* Sent by an application to list the details of a DOI definition. On50* success the kernel should send a response using the following format.51*52* Required attributes:53*54* NLBL_CIPSOV4_A_DOI55*56* The valid response message format depends on the type of the DOI mapping,57* the defined formats are shown below.58*59* Required attributes:60*61* NLBL_CIPSOV4_A_MTYPE62* NLBL_CIPSOV4_A_TAGLST63*64* If using CIPSO_V4_MAP_TRANS the following attributes are required:65*66* NLBL_CIPSOV4_A_MLSLVLLST67* NLBL_CIPSOV4_A_MLSCATLST68*69* If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes70* are required.71*72* o LISTALL:73* This message is sent by an application to list the valid DOIs on the74* system. When sent by an application there is no payload and the75* NLM_F_DUMP flag should be set. The kernel should respond with a series of76* the following messages.77*78* Required attributes:79*80* NLBL_CIPSOV4_A_DOI81* NLBL_CIPSOV4_A_MTYPE82*83*/8485/* NetLabel CIPSOv4 commands */86enum {87NLBL_CIPSOV4_C_UNSPEC,88NLBL_CIPSOV4_C_ADD,89NLBL_CIPSOV4_C_REMOVE,90NLBL_CIPSOV4_C_LIST,91NLBL_CIPSOV4_C_LISTALL,92__NLBL_CIPSOV4_C_MAX,93};9495/* NetLabel CIPSOv4 attributes */96enum {97NLBL_CIPSOV4_A_UNSPEC,98NLBL_CIPSOV4_A_DOI,99/* (NLA_U32)100* the DOI value */101NLBL_CIPSOV4_A_MTYPE,102/* (NLA_U32)103* the mapping table type (defined in the cipso_ipv4.h header as104* CIPSO_V4_MAP_*) */105NLBL_CIPSOV4_A_TAG,106/* (NLA_U8)107* a CIPSO tag type, meant to be used within a NLBL_CIPSOV4_A_TAGLST108* attribute */109NLBL_CIPSOV4_A_TAGLST,110/* (NLA_NESTED)111* the CIPSO tag list for the DOI, there must be at least one112* NLBL_CIPSOV4_A_TAG attribute, tags listed first are given higher113* priorirty when sending packets */114NLBL_CIPSOV4_A_MLSLVLLOC,115/* (NLA_U32)116* the local MLS sensitivity level */117NLBL_CIPSOV4_A_MLSLVLREM,118/* (NLA_U32)119* the remote MLS sensitivity level */120NLBL_CIPSOV4_A_MLSLVL,121/* (NLA_NESTED)122* a MLS sensitivity level mapping, must contain only one attribute of123* each of the following types: NLBL_CIPSOV4_A_MLSLVLLOC and124* NLBL_CIPSOV4_A_MLSLVLREM */125NLBL_CIPSOV4_A_MLSLVLLST,126/* (NLA_NESTED)127* the CIPSO level mappings, there must be at least one128* NLBL_CIPSOV4_A_MLSLVL attribute */129NLBL_CIPSOV4_A_MLSCATLOC,130/* (NLA_U32)131* the local MLS category */132NLBL_CIPSOV4_A_MLSCATREM,133/* (NLA_U32)134* the remote MLS category */135NLBL_CIPSOV4_A_MLSCAT,136/* (NLA_NESTED)137* a MLS category mapping, must contain only one attribute of each of138* the following types: NLBL_CIPSOV4_A_MLSCATLOC and139* NLBL_CIPSOV4_A_MLSCATREM */140NLBL_CIPSOV4_A_MLSCATLST,141/* (NLA_NESTED)142* the CIPSO category mappings, there must be at least one143* NLBL_CIPSOV4_A_MLSCAT attribute */144__NLBL_CIPSOV4_A_MAX,145};146#define NLBL_CIPSOV4_A_MAX (__NLBL_CIPSOV4_A_MAX - 1)147148/* NetLabel protocol functions */149int netlbl_cipsov4_genl_init(void);150151#endif152153154