Back to home page

OSCL-LXR
 
 

     

0001 /* SPDX-License-Identifier: GPL-2.0-or-later */
0002 /*
0003  * NetLabel CIPSO/IPv4 Support
0004  *
0005  * This file defines the CIPSO/IPv4 functions for the NetLabel system.  The
0006  * NetLabel system manages static and dynamic label mappings for network
0007  * protocols such as CIPSO and RIPSO.
0008  *
0009  * Author: Paul Moore <paul@paul-moore.com>
0010  */
0011 
0012 /*
0013  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
0014  */
0015 
0016 #ifndef _NETLABEL_CIPSO_V4
0017 #define _NETLABEL_CIPSO_V4
0018 
0019 #include <net/netlabel.h>
0020 
0021 /*
0022  * The following NetLabel payloads are supported by the CIPSO subsystem.
0023  *
0024  * o ADD:
0025  *   Sent by an application to add a new DOI mapping table.
0026  *
0027  *   Required attributes:
0028  *
0029  *     NLBL_CIPSOV4_A_DOI
0030  *     NLBL_CIPSOV4_A_MTYPE
0031  *     NLBL_CIPSOV4_A_TAGLST
0032  *
0033  *   If using CIPSO_V4_MAP_TRANS the following attributes are required:
0034  *
0035  *     NLBL_CIPSOV4_A_MLSLVLLST
0036  *     NLBL_CIPSOV4_A_MLSCATLST
0037  *
0038  *   If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
0039  *   are required.
0040  *
0041  * o REMOVE:
0042  *   Sent by an application to remove a specific DOI mapping table from the
0043  *   CIPSO V4 system.
0044  *
0045  *   Required attributes:
0046  *
0047  *     NLBL_CIPSOV4_A_DOI
0048  *
0049  * o LIST:
0050  *   Sent by an application to list the details of a DOI definition.  On
0051  *   success the kernel should send a response using the following format.
0052  *
0053  *   Required attributes:
0054  *
0055  *     NLBL_CIPSOV4_A_DOI
0056  *
0057  *   The valid response message format depends on the type of the DOI mapping,
0058  *   the defined formats are shown below.
0059  *
0060  *   Required attributes:
0061  *
0062  *     NLBL_CIPSOV4_A_MTYPE
0063  *     NLBL_CIPSOV4_A_TAGLST
0064  *
0065  *   If using CIPSO_V4_MAP_TRANS the following attributes are required:
0066  *
0067  *     NLBL_CIPSOV4_A_MLSLVLLST
0068  *     NLBL_CIPSOV4_A_MLSCATLST
0069  *
0070  *   If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
0071  *   are required.
0072  *
0073  * o LISTALL:
0074  *   This message is sent by an application to list the valid DOIs on the
0075  *   system.  When sent by an application there is no payload and the
0076  *   NLM_F_DUMP flag should be set.  The kernel should respond with a series of
0077  *   the following messages.
0078  *
0079  *   Required attributes:
0080  *
0081  *    NLBL_CIPSOV4_A_DOI
0082  *    NLBL_CIPSOV4_A_MTYPE
0083  *
0084  */
0085 
0086 /* NetLabel CIPSOv4 commands */
0087 enum {
0088     NLBL_CIPSOV4_C_UNSPEC,
0089     NLBL_CIPSOV4_C_ADD,
0090     NLBL_CIPSOV4_C_REMOVE,
0091     NLBL_CIPSOV4_C_LIST,
0092     NLBL_CIPSOV4_C_LISTALL,
0093     __NLBL_CIPSOV4_C_MAX,
0094 };
0095 
0096 /* NetLabel CIPSOv4 attributes */
0097 enum {
0098     NLBL_CIPSOV4_A_UNSPEC,
0099     NLBL_CIPSOV4_A_DOI,
0100     /* (NLA_U32)
0101      * the DOI value */
0102     NLBL_CIPSOV4_A_MTYPE,
0103     /* (NLA_U32)
0104      * the mapping table type (defined in the cipso_ipv4.h header as
0105      * CIPSO_V4_MAP_*) */
0106     NLBL_CIPSOV4_A_TAG,
0107     /* (NLA_U8)
0108      * a CIPSO tag type, meant to be used within a NLBL_CIPSOV4_A_TAGLST
0109      * attribute */
0110     NLBL_CIPSOV4_A_TAGLST,
0111     /* (NLA_NESTED)
0112      * the CIPSO tag list for the DOI, there must be at least one
0113      * NLBL_CIPSOV4_A_TAG attribute, tags listed first are given higher
0114      * priorirty when sending packets */
0115     NLBL_CIPSOV4_A_MLSLVLLOC,
0116     /* (NLA_U32)
0117      * the local MLS sensitivity level */
0118     NLBL_CIPSOV4_A_MLSLVLREM,
0119     /* (NLA_U32)
0120      * the remote MLS sensitivity level */
0121     NLBL_CIPSOV4_A_MLSLVL,
0122     /* (NLA_NESTED)
0123      * a MLS sensitivity level mapping, must contain only one attribute of
0124      * each of the following types: NLBL_CIPSOV4_A_MLSLVLLOC and
0125      * NLBL_CIPSOV4_A_MLSLVLREM */
0126     NLBL_CIPSOV4_A_MLSLVLLST,
0127     /* (NLA_NESTED)
0128      * the CIPSO level mappings, there must be at least one
0129      * NLBL_CIPSOV4_A_MLSLVL attribute */
0130     NLBL_CIPSOV4_A_MLSCATLOC,
0131     /* (NLA_U32)
0132      * the local MLS category */
0133     NLBL_CIPSOV4_A_MLSCATREM,
0134     /* (NLA_U32)
0135      * the remote MLS category */
0136     NLBL_CIPSOV4_A_MLSCAT,
0137     /* (NLA_NESTED)
0138      * a MLS category mapping, must contain only one attribute of each of
0139      * the following types: NLBL_CIPSOV4_A_MLSCATLOC and
0140      * NLBL_CIPSOV4_A_MLSCATREM */
0141     NLBL_CIPSOV4_A_MLSCATLST,
0142     /* (NLA_NESTED)
0143      * the CIPSO category mappings, there must be at least one
0144      * NLBL_CIPSOV4_A_MLSCAT attribute */
0145     __NLBL_CIPSOV4_A_MAX,
0146 };
0147 #define NLBL_CIPSOV4_A_MAX (__NLBL_CIPSOV4_A_MAX - 1)
0148 
0149 /* NetLabel protocol functions */
0150 int netlbl_cipsov4_genl_init(void);
0151 
0152 /* Free the memory associated with a CIPSOv4 DOI definition */
0153 void netlbl_cipsov4_doi_free(struct rcu_head *entry);
0154 
0155 #endif
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!