1d15c345fSPaul Moore /* 2d15c345fSPaul Moore * NetLabel CIPSO/IPv4 Support 3d15c345fSPaul Moore * 4d15c345fSPaul Moore * This file defines the CIPSO/IPv4 functions for the NetLabel system. The 5d15c345fSPaul Moore * NetLabel system manages static and dynamic label mappings for network 6d15c345fSPaul Moore * protocols such as CIPSO and RIPSO. 7d15c345fSPaul Moore * 8d15c345fSPaul Moore * Author: Paul Moore <paul.moore@hp.com> 9d15c345fSPaul Moore * 10d15c345fSPaul Moore */ 11d15c345fSPaul Moore 12d15c345fSPaul Moore /* 13d15c345fSPaul Moore * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 14d15c345fSPaul Moore * 15d15c345fSPaul Moore * This program is free software; you can redistribute it and/or modify 16d15c345fSPaul Moore * it under the terms of the GNU General Public License as published by 17d15c345fSPaul Moore * the Free Software Foundation; either version 2 of the License, or 18d15c345fSPaul Moore * (at your option) any later version. 19d15c345fSPaul Moore * 20d15c345fSPaul Moore * This program is distributed in the hope that it will be useful, 21d15c345fSPaul Moore * but WITHOUT ANY WARRANTY; without even the implied warranty of 22d15c345fSPaul Moore * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 23d15c345fSPaul Moore * the GNU General Public License for more details. 24d15c345fSPaul Moore * 25d15c345fSPaul Moore * You should have received a copy of the GNU General Public License 26d15c345fSPaul Moore * along with this program; if not, write to the Free Software 27d15c345fSPaul Moore * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 28d15c345fSPaul Moore * 29d15c345fSPaul Moore */ 30d15c345fSPaul Moore 31d15c345fSPaul Moore #ifndef _NETLABEL_CIPSO_V4 32d15c345fSPaul Moore #define _NETLABEL_CIPSO_V4 33d15c345fSPaul Moore 34d15c345fSPaul Moore #include <net/netlabel.h> 35d15c345fSPaul Moore 36d15c345fSPaul Moore /* 37d15c345fSPaul Moore * The following NetLabel payloads are supported by the CIPSO subsystem, all 38d15c345fSPaul Moore * of which are preceeded by the nlmsghdr struct. 39d15c345fSPaul Moore * 40d15c345fSPaul Moore * o ACK: 41d15c345fSPaul Moore * Sent by the kernel in response to an applications message, applications 42d15c345fSPaul Moore * should never send this message. 43d15c345fSPaul Moore * 44d15c345fSPaul Moore * +----------------------+-----------------------+ 45d15c345fSPaul Moore * | seq number (32 bits) | return code (32 bits) | 46d15c345fSPaul Moore * +----------------------+-----------------------+ 47d15c345fSPaul Moore * 48d15c345fSPaul Moore * seq number: the sequence number of the original message, taken from the 49d15c345fSPaul Moore * nlmsghdr structure 50d15c345fSPaul Moore * return code: return value, based on errno values 51d15c345fSPaul Moore * 52d15c345fSPaul Moore * o ADD: 53d15c345fSPaul Moore * Sent by an application to add a new DOI mapping table, after completion 54d15c345fSPaul Moore * of the task the kernel should ACK this message. 55d15c345fSPaul Moore * 56d15c345fSPaul Moore * +---------------+--------------------+---------------------+ 57d15c345fSPaul Moore * | DOI (32 bits) | map type (32 bits) | tag count (32 bits) | ... 58d15c345fSPaul Moore * +---------------+--------------------+---------------------+ 59d15c345fSPaul Moore * 60d15c345fSPaul Moore * +-----------------+ 61d15c345fSPaul Moore * | tag #X (8 bits) | ... repeated 62d15c345fSPaul Moore * +-----------------+ 63d15c345fSPaul Moore * 64d15c345fSPaul Moore * +-------------- ---- --- -- - 65d15c345fSPaul Moore * | mapping data 66d15c345fSPaul Moore * +-------------- ---- --- -- - 67d15c345fSPaul Moore * 68d15c345fSPaul Moore * DOI: the DOI value 69d15c345fSPaul Moore * map type: the mapping table type (defined in the cipso_ipv4.h header 70d15c345fSPaul Moore * as CIPSO_V4_MAP_*) 71d15c345fSPaul Moore * tag count: the number of tags, must be greater than zero 72d15c345fSPaul Moore * tag: the CIPSO tag for the DOI, tags listed first are given 73d15c345fSPaul Moore * higher priorirty when sending packets 74d15c345fSPaul Moore * mapping data: specific to the map type (see below) 75d15c345fSPaul Moore * 76d15c345fSPaul Moore * CIPSO_V4_MAP_STD 77d15c345fSPaul Moore * 78d15c345fSPaul Moore * +------------------+-----------------------+----------------------+ 79d15c345fSPaul Moore * | levels (32 bits) | max l level (32 bits) | max r level (8 bits) | ... 80d15c345fSPaul Moore * +------------------+-----------------------+----------------------+ 81d15c345fSPaul Moore * 82d15c345fSPaul Moore * +----------------------+---------------------+---------------------+ 83d15c345fSPaul Moore * | categories (32 bits) | max l cat (32 bits) | max r cat (16 bits) | ... 84d15c345fSPaul Moore * +----------------------+---------------------+---------------------+ 85d15c345fSPaul Moore * 86d15c345fSPaul Moore * +--------------------------+-------------------------+ 87d15c345fSPaul Moore * | local level #X (32 bits) | CIPSO level #X (8 bits) | ... repeated 88d15c345fSPaul Moore * +--------------------------+-------------------------+ 89d15c345fSPaul Moore * 90d15c345fSPaul Moore * +-----------------------------+-----------------------------+ 91d15c345fSPaul Moore * | local category #X (32 bits) | CIPSO category #X (16 bits) | ... repeated 92d15c345fSPaul Moore * +-----------------------------+-----------------------------+ 93d15c345fSPaul Moore * 94d15c345fSPaul Moore * levels: the number of level mappings 95d15c345fSPaul Moore * max l level: the highest local level 96d15c345fSPaul Moore * max r level: the highest remote/CIPSO level 97d15c345fSPaul Moore * categories: the number of category mappings 98d15c345fSPaul Moore * max l cat: the highest local category 99d15c345fSPaul Moore * max r cat: the highest remote/CIPSO category 100d15c345fSPaul Moore * local level: the local part of a level mapping 101d15c345fSPaul Moore * CIPSO level: the remote/CIPSO part of a level mapping 102d15c345fSPaul Moore * local category: the local part of a category mapping 103d15c345fSPaul Moore * CIPSO category: the remote/CIPSO part of a category mapping 104d15c345fSPaul Moore * 105d15c345fSPaul Moore * CIPSO_V4_MAP_PASS 106d15c345fSPaul Moore * 107d15c345fSPaul Moore * No mapping data is needed for this map type. 108d15c345fSPaul Moore * 109d15c345fSPaul Moore * o REMOVE: 110d15c345fSPaul Moore * Sent by an application to remove a specific DOI mapping table from the 111d15c345fSPaul Moore * CIPSO V4 system. The kernel should ACK this message. 112d15c345fSPaul Moore * 113d15c345fSPaul Moore * +---------------+ 114d15c345fSPaul Moore * | DOI (32 bits) | 115d15c345fSPaul Moore * +---------------+ 116d15c345fSPaul Moore * 117d15c345fSPaul Moore * DOI: the DOI value 118d15c345fSPaul Moore * 119d15c345fSPaul Moore * o LIST: 120d15c345fSPaul Moore * Sent by an application to list the details of a DOI definition. The 121d15c345fSPaul Moore * kernel should send an ACK on error or a response as indicated below. The 122d15c345fSPaul Moore * application generated message format is shown below. 123d15c345fSPaul Moore * 124d15c345fSPaul Moore * +---------------+ 125d15c345fSPaul Moore * | DOI (32 bits) | 126d15c345fSPaul Moore * +---------------+ 127d15c345fSPaul Moore * 128d15c345fSPaul Moore * DOI: the DOI value 129d15c345fSPaul Moore * 130d15c345fSPaul Moore * The valid response message format depends on the type of the DOI mapping, 131d15c345fSPaul Moore * the known formats are shown below. 132d15c345fSPaul Moore * 133d15c345fSPaul Moore * +--------------------+ 134d15c345fSPaul Moore * | map type (32 bits) | ... 135d15c345fSPaul Moore * +--------------------+ 136d15c345fSPaul Moore * 137d15c345fSPaul Moore * map type: the DOI mapping table type (defined in the cipso_ipv4.h 138d15c345fSPaul Moore * header as CIPSO_V4_MAP_*) 139d15c345fSPaul Moore * 140d15c345fSPaul Moore * (map type == CIPSO_V4_MAP_STD) 141d15c345fSPaul Moore * 142d15c345fSPaul Moore * +----------------+------------------+----------------------+ 143d15c345fSPaul Moore * | tags (32 bits) | levels (32 bits) | categories (32 bits) | ... 144d15c345fSPaul Moore * +----------------+------------------+----------------------+ 145d15c345fSPaul Moore * 146d15c345fSPaul Moore * +-----------------+ 147d15c345fSPaul Moore * | tag #X (8 bits) | ... repeated 148d15c345fSPaul Moore * +-----------------+ 149d15c345fSPaul Moore * 150d15c345fSPaul Moore * +--------------------------+-------------------------+ 151d15c345fSPaul Moore * | local level #X (32 bits) | CIPSO level #X (8 bits) | ... repeated 152d15c345fSPaul Moore * +--------------------------+-------------------------+ 153d15c345fSPaul Moore * 154d15c345fSPaul Moore * +-----------------------------+-----------------------------+ 155d15c345fSPaul Moore * | local category #X (32 bits) | CIPSO category #X (16 bits) | ... repeated 156d15c345fSPaul Moore * +-----------------------------+-----------------------------+ 157d15c345fSPaul Moore * 158d15c345fSPaul Moore * tags: the number of CIPSO tag types 159d15c345fSPaul Moore * levels: the number of level mappings 160d15c345fSPaul Moore * categories: the number of category mappings 161d15c345fSPaul Moore * tag: the tag number, tags listed first are given higher 162d15c345fSPaul Moore * priority when sending packets 163d15c345fSPaul Moore * local level: the local part of a level mapping 164d15c345fSPaul Moore * CIPSO level: the remote/CIPSO part of a level mapping 165d15c345fSPaul Moore * local category: the local part of a category mapping 166d15c345fSPaul Moore * CIPSO category: the remote/CIPSO part of a category mapping 167d15c345fSPaul Moore * 168d15c345fSPaul Moore * (map type == CIPSO_V4_MAP_PASS) 169d15c345fSPaul Moore * 170d15c345fSPaul Moore * +----------------+ 171d15c345fSPaul Moore * | tags (32 bits) | ... 172d15c345fSPaul Moore * +----------------+ 173d15c345fSPaul Moore * 174d15c345fSPaul Moore * +-----------------+ 175d15c345fSPaul Moore * | tag #X (8 bits) | ... repeated 176d15c345fSPaul Moore * +-----------------+ 177d15c345fSPaul Moore * 178d15c345fSPaul Moore * tags: the number of CIPSO tag types 179d15c345fSPaul Moore * tag: the tag number, tags listed first are given higher 180d15c345fSPaul Moore * priority when sending packets 181d15c345fSPaul Moore * 182d15c345fSPaul Moore * o LISTALL: 183d15c345fSPaul Moore * This message is sent by an application to list the valid DOIs on the 184d15c345fSPaul Moore * system. There is no payload and the kernel should respond with an ACK 185d15c345fSPaul Moore * or the following message. 186d15c345fSPaul Moore * 187d15c345fSPaul Moore * +---------------------+------------------+-----------------------+ 188d15c345fSPaul Moore * | DOI count (32 bits) | DOI #X (32 bits) | map type #X (32 bits) | 189d15c345fSPaul Moore * +---------------------+------------------+-----------------------+ 190d15c345fSPaul Moore * 191d15c345fSPaul Moore * +-----------------------+ 192d15c345fSPaul Moore * | map type #X (32 bits) | ... 193d15c345fSPaul Moore * +-----------------------+ 194d15c345fSPaul Moore * 195d15c345fSPaul Moore * DOI count: the number of DOIs 196d15c345fSPaul Moore * DOI: the DOI value 197d15c345fSPaul Moore * map type: the DOI mapping table type (defined in the cipso_ipv4.h 198d15c345fSPaul Moore * header as CIPSO_V4_MAP_*) 199d15c345fSPaul Moore * 200d15c345fSPaul Moore */ 201d15c345fSPaul Moore 202d15c345fSPaul Moore /* NetLabel CIPSOv4 commands */ 203d15c345fSPaul Moore enum { 204d15c345fSPaul Moore NLBL_CIPSOV4_C_UNSPEC, 205d15c345fSPaul Moore NLBL_CIPSOV4_C_ACK, 206d15c345fSPaul Moore NLBL_CIPSOV4_C_ADD, 207d15c345fSPaul Moore NLBL_CIPSOV4_C_REMOVE, 208d15c345fSPaul Moore NLBL_CIPSOV4_C_LIST, 209d15c345fSPaul Moore NLBL_CIPSOV4_C_LISTALL, 210d15c345fSPaul Moore __NLBL_CIPSOV4_C_MAX, 211d15c345fSPaul Moore }; 212d15c345fSPaul Moore #define NLBL_CIPSOV4_C_MAX (__NLBL_CIPSOV4_C_MAX - 1) 213d15c345fSPaul Moore 214d15c345fSPaul Moore /* NetLabel protocol functions */ 215d15c345fSPaul Moore int netlbl_cipsov4_genl_init(void); 216d15c345fSPaul Moore 217d15c345fSPaul Moore #endif 218