net/netlabel/netlabel_cipso_v4.h - kernel/msm-4.9 - Gitiles

 /*
  * NetLabel CIPSO/IPv4 Support
  *
  * This file defines the CIPSO/IPv4 functions for the NetLabel system.  The
  * NetLabel system manages static and dynamic label mappings for network
  * protocols such as CIPSO and RIPSO.
  *
  * Author: Paul Moore <paul@paul-moore.com>
  *
  */

 /*
  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
  *
  * This program is free software;  you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
  *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY;  without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
  * the GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
  * along with this program;  if not, see <http://www.gnu.org/licenses/>.
  *
  */

 #ifndef _NETLABEL_CIPSO_V4
 #define _NETLABEL_CIPSO_V4

 #include <net/netlabel.h>

 /*
  * The following NetLabel payloads are supported by the CIPSO subsystem.
  *
  * o ADD:
  *   Sent by an application to add a new DOI mapping table.
  *
  *   Required attributes:
  *
  *     NLBL_CIPSOV4_A_DOI
  *     NLBL_CIPSOV4_A_MTYPE
  *     NLBL_CIPSOV4_A_TAGLST
  *
  *   If using CIPSO_V4_MAP_TRANS the following attributes are required:
  *
  *     NLBL_CIPSOV4_A_MLSLVLLST
  *     NLBL_CIPSOV4_A_MLSCATLST
  *
  *   If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
  *   are required.
  *
  * o REMOVE:
  *   Sent by an application to remove a specific DOI mapping table from the
  *   CIPSO V4 system.
  *
  *   Required attributes:
  *
  *     NLBL_CIPSOV4_A_DOI
  *
  * o LIST:
  *   Sent by an application to list the details of a DOI definition.  On
  *   success the kernel should send a response using the following format.
  *
  *   Required attributes:
  *
  *     NLBL_CIPSOV4_A_DOI
  *
  *   The valid response message format depends on the type of the DOI mapping,
  *   the defined formats are shown below.
  *
  *   Required attributes:
  *
  *     NLBL_CIPSOV4_A_MTYPE
  *     NLBL_CIPSOV4_A_TAGLST
  *
  *   If using CIPSO_V4_MAP_TRANS the following attributes are required:
  *
  *     NLBL_CIPSOV4_A_MLSLVLLST
  *     NLBL_CIPSOV4_A_MLSCATLST
  *
  *   If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
  *   are required.
  *
  * o LISTALL:
  *   This message is sent by an application to list the valid DOIs on the
  *   system.  When sent by an application there is no payload and the
  *   NLM_F_DUMP flag should be set.  The kernel should respond with a series of
  *   the following messages.
  *
  *   Required attributes:
  *
  *    NLBL_CIPSOV4_A_DOI
  *    NLBL_CIPSOV4_A_MTYPE
  *
  */

 /* NetLabel CIPSOv4 commands */
 enum {
 	NLBL_CIPSOV4_C_UNSPEC,
 	NLBL_CIPSOV4_C_ADD,
 	NLBL_CIPSOV4_C_REMOVE,
 	NLBL_CIPSOV4_C_LIST,
 	NLBL_CIPSOV4_C_LISTALL,
 	__NLBL_CIPSOV4_C_MAX,
 };

 /* NetLabel CIPSOv4 attributes */
 enum {
 	NLBL_CIPSOV4_A_UNSPEC,
 	NLBL_CIPSOV4_A_DOI,
 	/* (NLA_U32)
 	 * the DOI value */
 	NLBL_CIPSOV4_A_MTYPE,
 	/* (NLA_U32)
 	 * the mapping table type (defined in the cipso_ipv4.h header as
 	 * CIPSO_V4_MAP_*) */
 	NLBL_CIPSOV4_A_TAG,
 	/* (NLA_U8)
 	 * a CIPSO tag type, meant to be used within a NLBL_CIPSOV4_A_TAGLST
 	 * attribute */
 	NLBL_CIPSOV4_A_TAGLST,
 	/* (NLA_NESTED)
 	 * the CIPSO tag list for the DOI, there must be at least one
 	 * NLBL_CIPSOV4_A_TAG attribute, tags listed first are given higher
 	 * priorirty when sending packets */
 	NLBL_CIPSOV4_A_MLSLVLLOC,
 	/* (NLA_U32)
 	 * the local MLS sensitivity level */
 	NLBL_CIPSOV4_A_MLSLVLREM,
 	/* (NLA_U32)
 	 * the remote MLS sensitivity level */
 	NLBL_CIPSOV4_A_MLSLVL,
 	/* (NLA_NESTED)
 	 * a MLS sensitivity level mapping, must contain only one attribute of
 	 * each of the following types: NLBL_CIPSOV4_A_MLSLVLLOC and
 	 * NLBL_CIPSOV4_A_MLSLVLREM */
 	NLBL_CIPSOV4_A_MLSLVLLST,
 	/* (NLA_NESTED)
 	 * the CIPSO level mappings, there must be at least one
 	 * NLBL_CIPSOV4_A_MLSLVL attribute */
 	NLBL_CIPSOV4_A_MLSCATLOC,
 	/* (NLA_U32)
 	 * the local MLS category */
 	NLBL_CIPSOV4_A_MLSCATREM,
 	/* (NLA_U32)
 	 * the remote MLS category */
 	NLBL_CIPSOV4_A_MLSCAT,
 	/* (NLA_NESTED)
 	 * a MLS category mapping, must contain only one attribute of each of
 	 * the following types: NLBL_CIPSOV4_A_MLSCATLOC and
 	 * NLBL_CIPSOV4_A_MLSCATREM */
 	NLBL_CIPSOV4_A_MLSCATLST,
 	/* (NLA_NESTED)
 	 * the CIPSO category mappings, there must be at least one
 	 * NLBL_CIPSOV4_A_MLSCAT attribute */
 	__NLBL_CIPSOV4_A_MAX,
 };
 #define NLBL_CIPSOV4_A_MAX (__NLBL_CIPSOV4_A_MAX - 1)

 /* NetLabel protocol functions */
 int netlbl_cipsov4_genl_init(void);

 /* Free the memory associated with a CIPSOv4 DOI definition */
 void netlbl_cipsov4_doi_free(struct rcu_head *entry);

 #endif
	/*
	* NetLabel CIPSO/IPv4 Support
	*
	* This file defines the CIPSO/IPv4 functions for the NetLabel system. The
	* NetLabel system manages static and dynamic label mappings for network
	* protocols such as CIPSO and RIPSO.
	*
	* Author: Paul Moore <paul@paul-moore.com>
	*
	*/

	/*
	* (c) Copyright Hewlett-Packard Development Company, L.P., 2006
	*
	* This program is free software; you can redistribute it and/or modify
	* it under the terms of the GNU General Public License as published by
	* the Free Software Foundation; either version 2 of the License, or
	* (at your option) any later version.
	*
	* This program is distributed in the hope that it will be useful,
	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
	* the GNU General Public License for more details.
	*
	* You should have received a copy of the GNU General Public License
	* along with this program; if not, see <http://www.gnu.org/licenses/>.
	*
	*/

	#ifndef _NETLABEL_CIPSO_V4
	#define _NETLABEL_CIPSO_V4

	#include <net/netlabel.h>

	/*
	* The following NetLabel payloads are supported by the CIPSO subsystem.
	*
	* o ADD:
	* Sent by an application to add a new DOI mapping table.
	*
	* Required attributes:
	*
	* NLBL_CIPSOV4_A_DOI
	* NLBL_CIPSOV4_A_MTYPE
	* NLBL_CIPSOV4_A_TAGLST
	*
	* If using CIPSO_V4_MAP_TRANS the following attributes are required:
	*
	* NLBL_CIPSOV4_A_MLSLVLLST
	* NLBL_CIPSOV4_A_MLSCATLST
	*
	* If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
	* are required.
	*
	* o REMOVE:
	* Sent by an application to remove a specific DOI mapping table from the
	* CIPSO V4 system.
	*
	* Required attributes:
	*
	* NLBL_CIPSOV4_A_DOI
	*
	* o LIST:
	* Sent by an application to list the details of a DOI definition. On
	* success the kernel should send a response using the following format.
	*
	* Required attributes:
	*
	* NLBL_CIPSOV4_A_DOI
	*
	* The valid response message format depends on the type of the DOI mapping,
	* the defined formats are shown below.
	*
	* Required attributes:
	*
	* NLBL_CIPSOV4_A_MTYPE
	* NLBL_CIPSOV4_A_TAGLST
	*
	* If using CIPSO_V4_MAP_TRANS the following attributes are required:
	*
	* NLBL_CIPSOV4_A_MLSLVLLST
	* NLBL_CIPSOV4_A_MLSCATLST
	*
	* If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
	* are required.
	*
	* o LISTALL:
	* This message is sent by an application to list the valid DOIs on the
	* system. When sent by an application there is no payload and the
	* NLM_F_DUMP flag should be set. The kernel should respond with a series of
	* the following messages.
	*
	* Required attributes:
	*
	* NLBL_CIPSOV4_A_DOI
	* NLBL_CIPSOV4_A_MTYPE
	*
	*/

	/* NetLabel CIPSOv4 commands */
	enum {
	NLBL_CIPSOV4_C_UNSPEC,
	NLBL_CIPSOV4_C_ADD,
	NLBL_CIPSOV4_C_REMOVE,
	NLBL_CIPSOV4_C_LIST,
	NLBL_CIPSOV4_C_LISTALL,
	__NLBL_CIPSOV4_C_MAX,
	};

	/* NetLabel CIPSOv4 attributes */
	enum {
	NLBL_CIPSOV4_A_UNSPEC,
	NLBL_CIPSOV4_A_DOI,
	/* (NLA_U32)
	* the DOI value */
	NLBL_CIPSOV4_A_MTYPE,
	/* (NLA_U32)
	* the mapping table type (defined in the cipso_ipv4.h header as
	* CIPSO_V4_MAP_) /
	NLBL_CIPSOV4_A_TAG,
	/* (NLA_U8)
	* a CIPSO tag type, meant to be used within a NLBL_CIPSOV4_A_TAGLST
	* attribute */
	NLBL_CIPSOV4_A_TAGLST,
	/* (NLA_NESTED)
	* the CIPSO tag list for the DOI, there must be at least one
	* NLBL_CIPSOV4_A_TAG attribute, tags listed first are given higher
	* priorirty when sending packets */
	NLBL_CIPSOV4_A_MLSLVLLOC,
	/* (NLA_U32)
	* the local MLS sensitivity level */
	NLBL_CIPSOV4_A_MLSLVLREM,
	/* (NLA_U32)
	* the remote MLS sensitivity level */
	NLBL_CIPSOV4_A_MLSLVL,
	/* (NLA_NESTED)
	* a MLS sensitivity level mapping, must contain only one attribute of
	* each of the following types: NLBL_CIPSOV4_A_MLSLVLLOC and
	* NLBL_CIPSOV4_A_MLSLVLREM */
	NLBL_CIPSOV4_A_MLSLVLLST,
	/* (NLA_NESTED)
	* the CIPSO level mappings, there must be at least one
	* NLBL_CIPSOV4_A_MLSLVL attribute */
	NLBL_CIPSOV4_A_MLSCATLOC,
	/* (NLA_U32)
	* the local MLS category */
	NLBL_CIPSOV4_A_MLSCATREM,
	/* (NLA_U32)
	* the remote MLS category */
	NLBL_CIPSOV4_A_MLSCAT,
	/* (NLA_NESTED)
	* a MLS category mapping, must contain only one attribute of each of
	* the following types: NLBL_CIPSOV4_A_MLSCATLOC and
	* NLBL_CIPSOV4_A_MLSCATREM */
	NLBL_CIPSOV4_A_MLSCATLST,
	/* (NLA_NESTED)
	* the CIPSO category mappings, there must be at least one
	* NLBL_CIPSOV4_A_MLSCAT attribute */
	__NLBL_CIPSOV4_A_MAX,
	};
	#define NLBL_CIPSOV4_A_MAX (__NLBL_CIPSOV4_A_MAX - 1)

	/* NetLabel protocol functions */
	int netlbl_cipsov4_genl_init(void);

	/* Free the memory associated with a CIPSOv4 DOI definition */
	void netlbl_cipsov4_doi_free(struct rcu_head *entry);

	#endif