1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ |
2 | /* |
3 | * NetLabel CALIPSO Support |
4 | * |
5 | * This file defines the CALIPSO functions for the NetLabel system. The |
6 | * NetLabel system manages static and dynamic label mappings for network |
7 | * protocols such as CIPSO and RIPSO. |
8 | * |
9 | * Authors: Paul Moore <paul@paul-moore.com> |
10 | * Huw Davies <huw@codeweavers.com> |
11 | */ |
12 | |
13 | /* (c) Copyright Hewlett-Packard Development Company, L.P., 2006 |
14 | * (c) Copyright Huw Davies <huw@codeweavers.com>, 2015 |
15 | */ |
16 | |
17 | #ifndef _NETLABEL_CALIPSO |
18 | #define _NETLABEL_CALIPSO |
19 | |
20 | #include <net/netlabel.h> |
21 | #include <net/calipso.h> |
22 | |
23 | /* The following NetLabel payloads are supported by the CALIPSO subsystem. |
24 | * |
25 | * o ADD: |
26 | * Sent by an application to add a new DOI mapping table. |
27 | * |
28 | * Required attributes: |
29 | * |
30 | * NLBL_CALIPSO_A_DOI |
31 | * NLBL_CALIPSO_A_MTYPE |
32 | * |
33 | * If using CALIPSO_MAP_PASS no additional attributes are required. |
34 | * |
35 | * o REMOVE: |
36 | * Sent by an application to remove a specific DOI mapping table from the |
37 | * CALIPSO system. |
38 | * |
39 | * Required attributes: |
40 | * |
41 | * NLBL_CALIPSO_A_DOI |
42 | * |
43 | * o LIST: |
44 | * Sent by an application to list the details of a DOI definition. On |
45 | * success the kernel should send a response using the following format. |
46 | * |
47 | * Required attributes: |
48 | * |
49 | * NLBL_CALIPSO_A_DOI |
50 | * |
51 | * The valid response message format depends on the type of the DOI mapping, |
52 | * the defined formats are shown below. |
53 | * |
54 | * Required attributes: |
55 | * |
56 | * NLBL_CALIPSO_A_MTYPE |
57 | * |
58 | * If using CALIPSO_MAP_PASS no additional attributes are required. |
59 | * |
60 | * o LISTALL: |
61 | * This message is sent by an application to list the valid DOIs on the |
62 | * system. When sent by an application there is no payload and the |
63 | * NLM_F_DUMP flag should be set. The kernel should respond with a series of |
64 | * the following messages. |
65 | * |
66 | * Required attributes: |
67 | * |
68 | * NLBL_CALIPSO_A_DOI |
69 | * NLBL_CALIPSO_A_MTYPE |
70 | * |
71 | */ |
72 | |
73 | /* NetLabel CALIPSO commands */ |
74 | enum { |
75 | NLBL_CALIPSO_C_UNSPEC, |
76 | NLBL_CALIPSO_C_ADD, |
77 | NLBL_CALIPSO_C_REMOVE, |
78 | NLBL_CALIPSO_C_LIST, |
79 | NLBL_CALIPSO_C_LISTALL, |
80 | __NLBL_CALIPSO_C_MAX, |
81 | }; |
82 | |
83 | /* NetLabel CALIPSO attributes */ |
84 | enum { |
85 | NLBL_CALIPSO_A_UNSPEC, |
86 | NLBL_CALIPSO_A_DOI, |
87 | /* (NLA_U32) |
88 | * the DOI value */ |
89 | NLBL_CALIPSO_A_MTYPE, |
90 | /* (NLA_U32) |
91 | * the mapping table type (defined in the calipso.h header as |
92 | * CALIPSO_MAP_*) */ |
93 | __NLBL_CALIPSO_A_MAX, |
94 | }; |
95 | |
96 | #define NLBL_CALIPSO_A_MAX (__NLBL_CALIPSO_A_MAX - 1) |
97 | |
98 | /* NetLabel protocol functions */ |
99 | #if IS_ENABLED(CONFIG_IPV6) |
100 | int netlbl_calipso_genl_init(void); |
101 | #else |
102 | static inline int netlbl_calipso_genl_init(void) |
103 | { |
104 | return 0; |
105 | } |
106 | #endif |
107 | |
108 | int calipso_doi_add(struct calipso_doi *doi_def, |
109 | struct netlbl_audit *audit_info); |
110 | void calipso_doi_free(struct calipso_doi *doi_def); |
111 | int calipso_doi_remove(u32 doi, struct netlbl_audit *audit_info); |
112 | struct calipso_doi *calipso_doi_getdef(u32 doi); |
113 | void calipso_doi_putdef(struct calipso_doi *doi_def); |
114 | int calipso_doi_walk(u32 *skip_cnt, |
115 | int (*callback)(struct calipso_doi *doi_def, void *arg), |
116 | void *cb_arg); |
117 | int calipso_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr); |
118 | int calipso_sock_setattr(struct sock *sk, |
119 | const struct calipso_doi *doi_def, |
120 | const struct netlbl_lsm_secattr *secattr); |
121 | void calipso_sock_delattr(struct sock *sk); |
122 | int calipso_req_setattr(struct request_sock *req, |
123 | const struct calipso_doi *doi_def, |
124 | const struct netlbl_lsm_secattr *secattr); |
125 | void calipso_req_delattr(struct request_sock *req); |
126 | unsigned char *calipso_optptr(const struct sk_buff *skb); |
127 | int calipso_getattr(const unsigned char *calipso, |
128 | struct netlbl_lsm_secattr *secattr); |
129 | int calipso_skbuff_setattr(struct sk_buff *skb, |
130 | const struct calipso_doi *doi_def, |
131 | const struct netlbl_lsm_secattr *secattr); |
132 | int calipso_skbuff_delattr(struct sk_buff *skb); |
133 | void calipso_cache_invalidate(void); |
134 | int calipso_cache_add(const unsigned char *calipso_ptr, |
135 | const struct netlbl_lsm_secattr *secattr); |
136 | |
137 | #endif |
138 | |