11ccea77eSThomas Gleixner /* SPDX-License-Identifier: GPL-2.0-or-later */ 2d15c345fSPaul Moore /* 3d15c345fSPaul Moore * NetLabel CIPSO/IPv4 Support 4d15c345fSPaul Moore * 5d15c345fSPaul Moore * This file defines the CIPSO/IPv4 functions for the NetLabel system. The 6d15c345fSPaul Moore * NetLabel system manages static and dynamic label mappings for network 7d15c345fSPaul Moore * protocols such as CIPSO and RIPSO. 8d15c345fSPaul Moore * 982c21bfaSPaul Moore * Author: Paul Moore <paul@paul-moore.com> 10d15c345fSPaul Moore */ 11d15c345fSPaul Moore 12d15c345fSPaul Moore /* 13d15c345fSPaul Moore * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 14d15c345fSPaul Moore */ 15d15c345fSPaul Moore 16d15c345fSPaul Moore #ifndef _NETLABEL_CIPSO_V4 17d15c345fSPaul Moore #define _NETLABEL_CIPSO_V4 18d15c345fSPaul Moore 19d15c345fSPaul Moore #include <net/netlabel.h> 20d15c345fSPaul Moore 21d15c345fSPaul Moore /* 22fd385855SPaul Moore * The following NetLabel payloads are supported by the CIPSO subsystem. 23d15c345fSPaul Moore * 24d15c345fSPaul Moore * o ADD: 25fd385855SPaul Moore * Sent by an application to add a new DOI mapping table. 26d15c345fSPaul Moore * 27fd385855SPaul Moore * Required attributes: 28d15c345fSPaul Moore * 29fd385855SPaul Moore * NLBL_CIPSOV4_A_DOI 30fd385855SPaul Moore * NLBL_CIPSOV4_A_MTYPE 31fd385855SPaul Moore * NLBL_CIPSOV4_A_TAGLST 32d15c345fSPaul Moore * 3315c45f7bSPaul Moore * If using CIPSO_V4_MAP_TRANS the following attributes are required: 34d15c345fSPaul Moore * 35fd385855SPaul Moore * NLBL_CIPSOV4_A_MLSLVLLST 36fd385855SPaul Moore * NLBL_CIPSOV4_A_MLSCATLST 37d15c345fSPaul Moore * 38d91d4079SPaul Moore * If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes 39d91d4079SPaul Moore * are required. 40d15c345fSPaul Moore * 41d15c345fSPaul Moore * o REMOVE: 42d15c345fSPaul Moore * Sent by an application to remove a specific DOI mapping table from the 43fd385855SPaul Moore * CIPSO V4 system. 44d15c345fSPaul Moore * 45fd385855SPaul Moore * Required attributes: 46d15c345fSPaul Moore * 47fd385855SPaul Moore * NLBL_CIPSOV4_A_DOI 48d15c345fSPaul Moore * 49d15c345fSPaul Moore * o LIST: 50fd385855SPaul Moore * Sent by an application to list the details of a DOI definition. On 51fd385855SPaul Moore * success the kernel should send a response using the following format. 52d15c345fSPaul Moore * 53fd385855SPaul Moore * Required attributes: 54d15c345fSPaul Moore * 55fd385855SPaul Moore * NLBL_CIPSOV4_A_DOI 56d15c345fSPaul Moore * 57d15c345fSPaul Moore * The valid response message format depends on the type of the DOI mapping, 58fd385855SPaul Moore * the defined formats are shown below. 59d15c345fSPaul Moore * 60fd385855SPaul Moore * Required attributes: 61d15c345fSPaul Moore * 62fd385855SPaul Moore * NLBL_CIPSOV4_A_MTYPE 63fd385855SPaul Moore * NLBL_CIPSOV4_A_TAGLST 64d15c345fSPaul Moore * 6515c45f7bSPaul Moore * If using CIPSO_V4_MAP_TRANS the following attributes are required: 66d15c345fSPaul Moore * 67fd385855SPaul Moore * NLBL_CIPSOV4_A_MLSLVLLST 68fd385855SPaul Moore * NLBL_CIPSOV4_A_MLSCATLST 69d15c345fSPaul Moore * 70d91d4079SPaul Moore * If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes 71d91d4079SPaul Moore * are required. 72d15c345fSPaul Moore * 73d15c345fSPaul Moore * o LISTALL: 74d15c345fSPaul Moore * This message is sent by an application to list the valid DOIs on the 75fd385855SPaul Moore * system. When sent by an application there is no payload and the 76fd385855SPaul Moore * NLM_F_DUMP flag should be set. The kernel should respond with a series of 77fd385855SPaul Moore * the following messages. 78d15c345fSPaul Moore * 79fd385855SPaul Moore * Required attributes: 80d15c345fSPaul Moore * 81fd385855SPaul Moore * NLBL_CIPSOV4_A_DOI 82fd385855SPaul Moore * NLBL_CIPSOV4_A_MTYPE 83d15c345fSPaul Moore * 84d15c345fSPaul Moore */ 85d15c345fSPaul Moore 86d15c345fSPaul Moore /* NetLabel CIPSOv4 commands */ 87d15c345fSPaul Moore enum { 88d15c345fSPaul Moore NLBL_CIPSOV4_C_UNSPEC, 89d15c345fSPaul Moore NLBL_CIPSOV4_C_ADD, 90d15c345fSPaul Moore NLBL_CIPSOV4_C_REMOVE, 91d15c345fSPaul Moore NLBL_CIPSOV4_C_LIST, 92d15c345fSPaul Moore NLBL_CIPSOV4_C_LISTALL, 93d15c345fSPaul Moore __NLBL_CIPSOV4_C_MAX, 94d15c345fSPaul Moore }; 95d15c345fSPaul Moore 96fd385855SPaul Moore /* NetLabel CIPSOv4 attributes */ 97fd385855SPaul Moore enum { 98fd385855SPaul Moore NLBL_CIPSOV4_A_UNSPEC, 99fd385855SPaul Moore NLBL_CIPSOV4_A_DOI, 100fd385855SPaul Moore /* (NLA_U32) 101fd385855SPaul Moore * the DOI value */ 102fd385855SPaul Moore NLBL_CIPSOV4_A_MTYPE, 103fd385855SPaul Moore /* (NLA_U32) 104fd385855SPaul Moore * the mapping table type (defined in the cipso_ipv4.h header as 105fd385855SPaul Moore * CIPSO_V4_MAP_*) */ 106fd385855SPaul Moore NLBL_CIPSOV4_A_TAG, 107fd385855SPaul Moore /* (NLA_U8) 108fd385855SPaul Moore * a CIPSO tag type, meant to be used within a NLBL_CIPSOV4_A_TAGLST 109fd385855SPaul Moore * attribute */ 110fd385855SPaul Moore NLBL_CIPSOV4_A_TAGLST, 111fd385855SPaul Moore /* (NLA_NESTED) 112fd385855SPaul Moore * the CIPSO tag list for the DOI, there must be at least one 113fd385855SPaul Moore * NLBL_CIPSOV4_A_TAG attribute, tags listed first are given higher 114fd385855SPaul Moore * priorirty when sending packets */ 115fd385855SPaul Moore NLBL_CIPSOV4_A_MLSLVLLOC, 116fd385855SPaul Moore /* (NLA_U32) 117fd385855SPaul Moore * the local MLS sensitivity level */ 118fd385855SPaul Moore NLBL_CIPSOV4_A_MLSLVLREM, 119fd385855SPaul Moore /* (NLA_U32) 120fd385855SPaul Moore * the remote MLS sensitivity level */ 121fd385855SPaul Moore NLBL_CIPSOV4_A_MLSLVL, 122fd385855SPaul Moore /* (NLA_NESTED) 123fd385855SPaul Moore * a MLS sensitivity level mapping, must contain only one attribute of 124fd385855SPaul Moore * each of the following types: NLBL_CIPSOV4_A_MLSLVLLOC and 125fd385855SPaul Moore * NLBL_CIPSOV4_A_MLSLVLREM */ 126fd385855SPaul Moore NLBL_CIPSOV4_A_MLSLVLLST, 127fd385855SPaul Moore /* (NLA_NESTED) 128fd385855SPaul Moore * the CIPSO level mappings, there must be at least one 129fd385855SPaul Moore * NLBL_CIPSOV4_A_MLSLVL attribute */ 130fd385855SPaul Moore NLBL_CIPSOV4_A_MLSCATLOC, 131fd385855SPaul Moore /* (NLA_U32) 132fd385855SPaul Moore * the local MLS category */ 133fd385855SPaul Moore NLBL_CIPSOV4_A_MLSCATREM, 134fd385855SPaul Moore /* (NLA_U32) 135fd385855SPaul Moore * the remote MLS category */ 136fd385855SPaul Moore NLBL_CIPSOV4_A_MLSCAT, 137fd385855SPaul Moore /* (NLA_NESTED) 138fd385855SPaul Moore * a MLS category mapping, must contain only one attribute of each of 139fd385855SPaul Moore * the following types: NLBL_CIPSOV4_A_MLSCATLOC and 140fd385855SPaul Moore * NLBL_CIPSOV4_A_MLSCATREM */ 141fd385855SPaul Moore NLBL_CIPSOV4_A_MLSCATLST, 142fd385855SPaul Moore /* (NLA_NESTED) 143fd385855SPaul Moore * the CIPSO category mappings, there must be at least one 144fd385855SPaul Moore * NLBL_CIPSOV4_A_MLSCAT attribute */ 145fd385855SPaul Moore __NLBL_CIPSOV4_A_MAX, 146fd385855SPaul Moore }; 147fd385855SPaul Moore #define NLBL_CIPSOV4_A_MAX (__NLBL_CIPSOV4_A_MAX - 1) 148fd385855SPaul Moore 149d15c345fSPaul Moore /* NetLabel protocol functions */ 150d15c345fSPaul Moore int netlbl_cipsov4_genl_init(void); 151d15c345fSPaul Moore 152eda61d32SPaul Moore /* Free the memory associated with a CIPSOv4 DOI definition */ 153eda61d32SPaul Moore void netlbl_cipsov4_doi_free(struct rcu_head *entry); 154eda61d32SPaul Moore 155d15c345fSPaul Moore #endif 156