/* SPDX-License-Identifier: GPL-2.0-or-later */1/*2* NetLabel Management Support3*4* This file defines the management functions for the NetLabel system. The5* NetLabel system manages static and dynamic label mappings for network6* protocols such as CIPSO and RIPSO.7*8* Author: Paul Moore <[email protected]>9*/1011/*12* (c) Copyright Hewlett-Packard Development Company, L.P., 200613*/1415#ifndef _NETLABEL_MGMT_H16#define _NETLABEL_MGMT_H1718#include <net/netlabel.h>19#include <linux/atomic.h>2021/*22* The following NetLabel payloads are supported by the management interface.23*24* o ADD:25* Sent by an application to add a domain mapping to the NetLabel system.26*27* Required attributes:28*29* NLBL_MGMT_A_DOMAIN30* NLBL_MGMT_A_PROTOCOL31*32* If IPv4 is specified the following attributes are required:33*34* NLBL_MGMT_A_IPV4ADDR35* NLBL_MGMT_A_IPV4MASK36*37* If IPv6 is specified the following attributes are required:38*39* NLBL_MGMT_A_IPV6ADDR40* NLBL_MGMT_A_IPV6MASK41*42* If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required:43*44* NLBL_MGMT_A_CV4DOI45*46* If using NETLBL_NLTYPE_UNLABELED no other attributes are required,47* however the following attribute may optionally be sent:48*49* NLBL_MGMT_A_FAMILY50*51* o REMOVE:52* Sent by an application to remove a domain mapping from the NetLabel53* system.54*55* Required attributes:56*57* NLBL_MGMT_A_DOMAIN58*59* o LISTALL:60* This message can be sent either from an application or by the kernel in61* response to an application generated LISTALL message. When sent by an62* application there is no payload and the NLM_F_DUMP flag should be set.63* The kernel should respond with a series of the following messages.64*65* Required attributes:66*67* NLBL_MGMT_A_DOMAIN68* NLBL_MGMT_A_FAMILY69*70* If the IP address selectors are not used the following attribute is71* required:72*73* NLBL_MGMT_A_PROTOCOL74*75* If the IP address selectors are used then the following attritbute is76* required:77*78* NLBL_MGMT_A_SELECTORLIST79*80* If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following81* attributes are required:82*83* NLBL_MGMT_A_CV4DOI84*85* If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other86* attributes are required.87*88* o ADDDEF:89* Sent by an application to set the default domain mapping for the NetLabel90* system.91*92* Required attributes:93*94* NLBL_MGMT_A_PROTOCOL95*96* If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required:97*98* NLBL_MGMT_A_CV4DOI99*100* If using NETLBL_NLTYPE_UNLABELED no other attributes are required,101* however the following attribute may optionally be sent:102*103* NLBL_MGMT_A_FAMILY104*105* o REMOVEDEF:106* Sent by an application to remove the default domain mapping from the107* NetLabel system, there is no payload.108*109* o LISTDEF:110* This message can be sent either from an application or by the kernel in111* response to an application generated LISTDEF message. When sent by an112* application there may be an optional payload.113*114* NLBL_MGMT_A_FAMILY115*116* On success the kernel should send a response using the following format:117*118* If the IP address selectors are not used the following attributes are119* required:120*121* NLBL_MGMT_A_PROTOCOL122* NLBL_MGMT_A_FAMILY123*124* If the IP address selectors are used then the following attritbute is125* required:126*127* NLBL_MGMT_A_SELECTORLIST128*129* If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following130* attributes are required:131*132* NLBL_MGMT_A_CV4DOI133*134* If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other135* attributes are required.136*137* o PROTOCOLS:138* Sent by an application to request a list of configured NetLabel protocols139* in the kernel. When sent by an application there is no payload and the140* NLM_F_DUMP flag should be set. The kernel should respond with a series of141* the following messages.142*143* Required attributes:144*145* NLBL_MGMT_A_PROTOCOL146*147* o VERSION:148* Sent by an application to request the NetLabel version. When sent by an149* application there is no payload. This message type is also used by the150* kernel to respond to an VERSION request.151*152* Required attributes:153*154* NLBL_MGMT_A_VERSION155*156*/157158/* NetLabel Management commands */159enum {160NLBL_MGMT_C_UNSPEC,161NLBL_MGMT_C_ADD,162NLBL_MGMT_C_REMOVE,163NLBL_MGMT_C_LISTALL,164NLBL_MGMT_C_ADDDEF,165NLBL_MGMT_C_REMOVEDEF,166NLBL_MGMT_C_LISTDEF,167NLBL_MGMT_C_PROTOCOLS,168NLBL_MGMT_C_VERSION,169__NLBL_MGMT_C_MAX,170};171172/* NetLabel Management attributes */173enum {174NLBL_MGMT_A_UNSPEC,175NLBL_MGMT_A_DOMAIN,176/* (NLA_NUL_STRING)177* the NULL terminated LSM domain string */178NLBL_MGMT_A_PROTOCOL,179/* (NLA_U32)180* the NetLabel protocol type (defined by NETLBL_NLTYPE_*) */181NLBL_MGMT_A_VERSION,182/* (NLA_U32)183* the NetLabel protocol version number (defined by184* NETLBL_PROTO_VERSION) */185NLBL_MGMT_A_CV4DOI,186/* (NLA_U32)187* the CIPSOv4 DOI value */188NLBL_MGMT_A_IPV6ADDR,189/* (NLA_BINARY, struct in6_addr)190* an IPv6 address */191NLBL_MGMT_A_IPV6MASK,192/* (NLA_BINARY, struct in6_addr)193* an IPv6 address mask */194NLBL_MGMT_A_IPV4ADDR,195/* (NLA_BINARY, struct in_addr)196* an IPv4 address */197NLBL_MGMT_A_IPV4MASK,198/* (NLA_BINARY, struct in_addr)199* and IPv4 address mask */200NLBL_MGMT_A_ADDRSELECTOR,201/* (NLA_NESTED)202* an IP address selector, must contain an address, mask, and protocol203* attribute plus any protocol specific attributes */204NLBL_MGMT_A_SELECTORLIST,205/* (NLA_NESTED)206* the selector list, there must be at least one207* NLBL_MGMT_A_ADDRSELECTOR attribute */208NLBL_MGMT_A_FAMILY,209/* (NLA_U16)210* The address family */211NLBL_MGMT_A_CLPDOI,212/* (NLA_U32)213* the CALIPSO DOI value */214__NLBL_MGMT_A_MAX,215};216#define NLBL_MGMT_A_MAX (__NLBL_MGMT_A_MAX - 1)217218/* NetLabel protocol functions */219int netlbl_mgmt_genl_init(void);220221/* NetLabel configured protocol reference counter */222extern atomic_t netlabel_mgmt_protocount;223224#endif225226227