11ccea77eSThomas Gleixner /* SPDX-License-Identifier: GPL-2.0-or-later */
2cb72d382SHuw Davies /*
3cb72d382SHuw Davies * NetLabel CALIPSO Support
4cb72d382SHuw Davies *
5cb72d382SHuw Davies * This file defines the CALIPSO functions for the NetLabel system. The
6cb72d382SHuw Davies * NetLabel system manages static and dynamic label mappings for network
7cb72d382SHuw Davies * protocols such as CIPSO and RIPSO.
8cb72d382SHuw Davies *
9cb72d382SHuw Davies * Authors: Paul Moore <paul@paul-moore.com>
10cb72d382SHuw Davies * Huw Davies <huw@codeweavers.com>
11cb72d382SHuw Davies */
12cb72d382SHuw Davies
13cb72d382SHuw Davies /* (c) Copyright Hewlett-Packard Development Company, L.P., 2006
14cb72d382SHuw Davies * (c) Copyright Huw Davies <huw@codeweavers.com>, 2015
15cb72d382SHuw Davies */
16cb72d382SHuw Davies
17cb72d382SHuw Davies #ifndef _NETLABEL_CALIPSO
18cb72d382SHuw Davies #define _NETLABEL_CALIPSO
19cb72d382SHuw Davies
20cb72d382SHuw Davies #include <net/netlabel.h>
21cb72d382SHuw Davies #include <net/calipso.h>
22cb72d382SHuw Davies
23cb72d382SHuw Davies /* The following NetLabel payloads are supported by the CALIPSO subsystem.
24cb72d382SHuw Davies *
25cb72d382SHuw Davies * o ADD:
26cb72d382SHuw Davies * Sent by an application to add a new DOI mapping table.
27cb72d382SHuw Davies *
28cb72d382SHuw Davies * Required attributes:
29cb72d382SHuw Davies *
30cb72d382SHuw Davies * NLBL_CALIPSO_A_DOI
31cb72d382SHuw Davies * NLBL_CALIPSO_A_MTYPE
32cb72d382SHuw Davies *
33cb72d382SHuw Davies * If using CALIPSO_MAP_PASS no additional attributes are required.
34cb72d382SHuw Davies *
35d7cce015SHuw Davies * o REMOVE:
36d7cce015SHuw Davies * Sent by an application to remove a specific DOI mapping table from the
37d7cce015SHuw Davies * CALIPSO system.
38d7cce015SHuw Davies *
39d7cce015SHuw Davies * Required attributes:
40d7cce015SHuw Davies *
41d7cce015SHuw Davies * NLBL_CALIPSO_A_DOI
42d7cce015SHuw Davies *
43a5e34490SHuw Davies * o LIST:
44a5e34490SHuw Davies * Sent by an application to list the details of a DOI definition. On
45a5e34490SHuw Davies * success the kernel should send a response using the following format.
46a5e34490SHuw Davies *
47a5e34490SHuw Davies * Required attributes:
48a5e34490SHuw Davies *
49a5e34490SHuw Davies * NLBL_CALIPSO_A_DOI
50a5e34490SHuw Davies *
51a5e34490SHuw Davies * The valid response message format depends on the type of the DOI mapping,
52a5e34490SHuw Davies * the defined formats are shown below.
53a5e34490SHuw Davies *
54a5e34490SHuw Davies * Required attributes:
55a5e34490SHuw Davies *
56a5e34490SHuw Davies * NLBL_CALIPSO_A_MTYPE
57a5e34490SHuw Davies *
58a5e34490SHuw Davies * If using CALIPSO_MAP_PASS no additional attributes are required.
59a5e34490SHuw Davies *
60e1ce69dfSHuw Davies * o LISTALL:
61e1ce69dfSHuw Davies * This message is sent by an application to list the valid DOIs on the
62e1ce69dfSHuw Davies * system. When sent by an application there is no payload and the
63e1ce69dfSHuw Davies * NLM_F_DUMP flag should be set. The kernel should respond with a series of
64e1ce69dfSHuw Davies * the following messages.
65e1ce69dfSHuw Davies *
66e1ce69dfSHuw Davies * Required attributes:
67e1ce69dfSHuw Davies *
68e1ce69dfSHuw Davies * NLBL_CALIPSO_A_DOI
69e1ce69dfSHuw Davies * NLBL_CALIPSO_A_MTYPE
70e1ce69dfSHuw Davies *
71cb72d382SHuw Davies */
72cb72d382SHuw Davies
73cb72d382SHuw Davies /* NetLabel CALIPSO commands */
74cb72d382SHuw Davies enum {
75cb72d382SHuw Davies NLBL_CALIPSO_C_UNSPEC,
76cb72d382SHuw Davies NLBL_CALIPSO_C_ADD,
77cb72d382SHuw Davies NLBL_CALIPSO_C_REMOVE,
78cb72d382SHuw Davies NLBL_CALIPSO_C_LIST,
79cb72d382SHuw Davies NLBL_CALIPSO_C_LISTALL,
80cb72d382SHuw Davies __NLBL_CALIPSO_C_MAX,
81cb72d382SHuw Davies };
82cb72d382SHuw Davies
83cb72d382SHuw Davies /* NetLabel CALIPSO attributes */
84cb72d382SHuw Davies enum {
85cb72d382SHuw Davies NLBL_CALIPSO_A_UNSPEC,
86cb72d382SHuw Davies NLBL_CALIPSO_A_DOI,
87cb72d382SHuw Davies /* (NLA_U32)
88cb72d382SHuw Davies * the DOI value */
89cb72d382SHuw Davies NLBL_CALIPSO_A_MTYPE,
90cb72d382SHuw Davies /* (NLA_U32)
91cb72d382SHuw Davies * the mapping table type (defined in the calipso.h header as
92cb72d382SHuw Davies * CALIPSO_MAP_*) */
93cb72d382SHuw Davies __NLBL_CALIPSO_A_MAX,
94cb72d382SHuw Davies };
95cb72d382SHuw Davies
96cb72d382SHuw Davies #define NLBL_CALIPSO_A_MAX (__NLBL_CALIPSO_A_MAX - 1)
97cb72d382SHuw Davies
98cb72d382SHuw Davies /* NetLabel protocol functions */
99cb72d382SHuw Davies #if IS_ENABLED(CONFIG_IPV6)
100cb72d382SHuw Davies int netlbl_calipso_genl_init(void);
101cb72d382SHuw Davies #else
netlbl_calipso_genl_init(void)102cb72d382SHuw Davies static inline int netlbl_calipso_genl_init(void)
103cb72d382SHuw Davies {
104cb72d382SHuw Davies return 0;
105cb72d382SHuw Davies }
106cb72d382SHuw Davies #endif
107cb72d382SHuw Davies
108cb72d382SHuw Davies int calipso_doi_add(struct calipso_doi *doi_def,
109cb72d382SHuw Davies struct netlbl_audit *audit_info);
110cb72d382SHuw Davies void calipso_doi_free(struct calipso_doi *doi_def);
111d7cce015SHuw Davies int calipso_doi_remove(u32 doi, struct netlbl_audit *audit_info);
112a5e34490SHuw Davies struct calipso_doi *calipso_doi_getdef(u32 doi);
113a5e34490SHuw Davies void calipso_doi_putdef(struct calipso_doi *doi_def);
114e1ce69dfSHuw Davies int calipso_doi_walk(u32 *skip_cnt,
115e1ce69dfSHuw Davies int (*callback)(struct calipso_doi *doi_def, void *arg),
116e1ce69dfSHuw Davies void *cb_arg);
117ceba1832SHuw Davies int calipso_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr);
118ceba1832SHuw Davies int calipso_sock_setattr(struct sock *sk,
119ceba1832SHuw Davies const struct calipso_doi *doi_def,
120ceba1832SHuw Davies const struct netlbl_lsm_secattr *secattr);
121ceba1832SHuw Davies void calipso_sock_delattr(struct sock *sk);
122e1adea92SHuw Davies int calipso_req_setattr(struct request_sock *req,
123e1adea92SHuw Davies const struct calipso_doi *doi_def,
124e1adea92SHuw Davies const struct netlbl_lsm_secattr *secattr);
125e1adea92SHuw Davies void calipso_req_delattr(struct request_sock *req);
1262917f57bSHuw Davies unsigned char *calipso_optptr(const struct sk_buff *skb);
1272917f57bSHuw Davies int calipso_getattr(const unsigned char *calipso,
1282917f57bSHuw Davies struct netlbl_lsm_secattr *secattr);
1292917f57bSHuw Davies int calipso_skbuff_setattr(struct sk_buff *skb,
1302917f57bSHuw Davies const struct calipso_doi *doi_def,
1312917f57bSHuw Davies const struct netlbl_lsm_secattr *secattr);
1322917f57bSHuw Davies int calipso_skbuff_delattr(struct sk_buff *skb);
1334fee5242SHuw Davies void calipso_cache_invalidate(void);
1344fee5242SHuw Davies int calipso_cache_add(const unsigned char *calipso_ptr,
1354fee5242SHuw Davies const struct netlbl_lsm_secattr *secattr);
136cb72d382SHuw Davies
137cb72d382SHuw Davies #endif
138