1d15c345fSPaul Moore /* 2d15c345fSPaul Moore * NetLabel CIPSO/IPv4 Support 3d15c345fSPaul Moore * 4d15c345fSPaul Moore * This file defines the CIPSO/IPv4 functions for the NetLabel system. The 5d15c345fSPaul Moore * NetLabel system manages static and dynamic label mappings for network 6d15c345fSPaul Moore * protocols such as CIPSO and RIPSO. 7d15c345fSPaul Moore * 8d15c345fSPaul Moore * Author: Paul Moore <paul.moore@hp.com> 9d15c345fSPaul Moore * 10d15c345fSPaul Moore */ 11d15c345fSPaul Moore 12d15c345fSPaul Moore /* 13d15c345fSPaul Moore * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 14d15c345fSPaul Moore * 15d15c345fSPaul Moore * This program is free software; you can redistribute it and/or modify 16d15c345fSPaul Moore * it under the terms of the GNU General Public License as published by 17d15c345fSPaul Moore * the Free Software Foundation; either version 2 of the License, or 18d15c345fSPaul Moore * (at your option) any later version. 19d15c345fSPaul Moore * 20d15c345fSPaul Moore * This program is distributed in the hope that it will be useful, 21d15c345fSPaul Moore * but WITHOUT ANY WARRANTY; without even the implied warranty of 22d15c345fSPaul Moore * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 23d15c345fSPaul Moore * the GNU General Public License for more details. 24d15c345fSPaul Moore * 25d15c345fSPaul Moore * You should have received a copy of the GNU General Public License 26d15c345fSPaul Moore * along with this program; if not, write to the Free Software 27d15c345fSPaul Moore * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 28d15c345fSPaul Moore * 29d15c345fSPaul Moore */ 30d15c345fSPaul Moore 31d15c345fSPaul Moore #ifndef _NETLABEL_CIPSO_V4 32d15c345fSPaul Moore #define _NETLABEL_CIPSO_V4 33d15c345fSPaul Moore 34d15c345fSPaul Moore #include <net/netlabel.h> 35d15c345fSPaul Moore 36d15c345fSPaul Moore /* 37fd385855SPaul Moore * The following NetLabel payloads are supported by the CIPSO subsystem. 38d15c345fSPaul Moore * 39d15c345fSPaul Moore * o ADD: 40fd385855SPaul Moore * Sent by an application to add a new DOI mapping table. 41d15c345fSPaul Moore * 42fd385855SPaul Moore * Required attributes: 43d15c345fSPaul Moore * 44fd385855SPaul Moore * NLBL_CIPSOV4_A_DOI 45fd385855SPaul Moore * NLBL_CIPSOV4_A_MTYPE 46fd385855SPaul Moore * NLBL_CIPSOV4_A_TAGLST 47d15c345fSPaul Moore * 48fd385855SPaul Moore * If using CIPSO_V4_MAP_STD the following attributes are required: 49d15c345fSPaul Moore * 50fd385855SPaul Moore * NLBL_CIPSOV4_A_MLSLVLLST 51fd385855SPaul Moore * NLBL_CIPSOV4_A_MLSCATLST 52d15c345fSPaul Moore * 53fd385855SPaul Moore * If using CIPSO_V4_MAP_PASS no additional attributes are required. 54d15c345fSPaul Moore * 55d15c345fSPaul Moore * o REMOVE: 56d15c345fSPaul Moore * Sent by an application to remove a specific DOI mapping table from the 57fd385855SPaul Moore * CIPSO V4 system. 58d15c345fSPaul Moore * 59fd385855SPaul Moore * Required attributes: 60d15c345fSPaul Moore * 61fd385855SPaul Moore * NLBL_CIPSOV4_A_DOI 62d15c345fSPaul Moore * 63d15c345fSPaul Moore * o LIST: 64fd385855SPaul Moore * Sent by an application to list the details of a DOI definition. On 65fd385855SPaul Moore * success the kernel should send a response using the following format. 66d15c345fSPaul Moore * 67fd385855SPaul Moore * Required attributes: 68d15c345fSPaul Moore * 69fd385855SPaul Moore * NLBL_CIPSOV4_A_DOI 70d15c345fSPaul Moore * 71d15c345fSPaul Moore * The valid response message format depends on the type of the DOI mapping, 72fd385855SPaul Moore * the defined formats are shown below. 73d15c345fSPaul Moore * 74fd385855SPaul Moore * Required attributes: 75d15c345fSPaul Moore * 76fd385855SPaul Moore * NLBL_CIPSOV4_A_MTYPE 77fd385855SPaul Moore * NLBL_CIPSOV4_A_TAGLST 78d15c345fSPaul Moore * 79fd385855SPaul Moore * If using CIPSO_V4_MAP_STD the following attributes are required: 80d15c345fSPaul Moore * 81fd385855SPaul Moore * NLBL_CIPSOV4_A_MLSLVLLST 82fd385855SPaul Moore * NLBL_CIPSOV4_A_MLSCATLST 83d15c345fSPaul Moore * 84fd385855SPaul Moore * If using CIPSO_V4_MAP_PASS no additional attributes are required. 85d15c345fSPaul Moore * 86d15c345fSPaul Moore * o LISTALL: 87d15c345fSPaul Moore * This message is sent by an application to list the valid DOIs on the 88fd385855SPaul Moore * system. When sent by an application there is no payload and the 89fd385855SPaul Moore * NLM_F_DUMP flag should be set. The kernel should respond with a series of 90fd385855SPaul Moore * the following messages. 91d15c345fSPaul Moore * 92fd385855SPaul Moore * Required attributes: 93d15c345fSPaul Moore * 94fd385855SPaul Moore * NLBL_CIPSOV4_A_DOI 95fd385855SPaul Moore * NLBL_CIPSOV4_A_MTYPE 96d15c345fSPaul Moore * 97d15c345fSPaul Moore */ 98d15c345fSPaul Moore 99d15c345fSPaul Moore /* NetLabel CIPSOv4 commands */ 100d15c345fSPaul Moore enum { 101d15c345fSPaul Moore NLBL_CIPSOV4_C_UNSPEC, 102d15c345fSPaul Moore NLBL_CIPSOV4_C_ADD, 103d15c345fSPaul Moore NLBL_CIPSOV4_C_REMOVE, 104d15c345fSPaul Moore NLBL_CIPSOV4_C_LIST, 105d15c345fSPaul Moore NLBL_CIPSOV4_C_LISTALL, 106d15c345fSPaul Moore __NLBL_CIPSOV4_C_MAX, 107d15c345fSPaul Moore }; 108d15c345fSPaul Moore #define NLBL_CIPSOV4_C_MAX (__NLBL_CIPSOV4_C_MAX - 1) 109d15c345fSPaul Moore 110fd385855SPaul Moore /* NetLabel CIPSOv4 attributes */ 111fd385855SPaul Moore enum { 112fd385855SPaul Moore NLBL_CIPSOV4_A_UNSPEC, 113fd385855SPaul Moore NLBL_CIPSOV4_A_DOI, 114fd385855SPaul Moore /* (NLA_U32) 115fd385855SPaul Moore * the DOI value */ 116fd385855SPaul Moore NLBL_CIPSOV4_A_MTYPE, 117fd385855SPaul Moore /* (NLA_U32) 118fd385855SPaul Moore * the mapping table type (defined in the cipso_ipv4.h header as 119fd385855SPaul Moore * CIPSO_V4_MAP_*) */ 120fd385855SPaul Moore NLBL_CIPSOV4_A_TAG, 121fd385855SPaul Moore /* (NLA_U8) 122fd385855SPaul Moore * a CIPSO tag type, meant to be used within a NLBL_CIPSOV4_A_TAGLST 123fd385855SPaul Moore * attribute */ 124fd385855SPaul Moore NLBL_CIPSOV4_A_TAGLST, 125fd385855SPaul Moore /* (NLA_NESTED) 126fd385855SPaul Moore * the CIPSO tag list for the DOI, there must be at least one 127fd385855SPaul Moore * NLBL_CIPSOV4_A_TAG attribute, tags listed first are given higher 128fd385855SPaul Moore * priorirty when sending packets */ 129fd385855SPaul Moore NLBL_CIPSOV4_A_MLSLVLLOC, 130fd385855SPaul Moore /* (NLA_U32) 131fd385855SPaul Moore * the local MLS sensitivity level */ 132fd385855SPaul Moore NLBL_CIPSOV4_A_MLSLVLREM, 133fd385855SPaul Moore /* (NLA_U32) 134fd385855SPaul Moore * the remote MLS sensitivity level */ 135fd385855SPaul Moore NLBL_CIPSOV4_A_MLSLVL, 136fd385855SPaul Moore /* (NLA_NESTED) 137fd385855SPaul Moore * a MLS sensitivity level mapping, must contain only one attribute of 138fd385855SPaul Moore * each of the following types: NLBL_CIPSOV4_A_MLSLVLLOC and 139fd385855SPaul Moore * NLBL_CIPSOV4_A_MLSLVLREM */ 140fd385855SPaul Moore NLBL_CIPSOV4_A_MLSLVLLST, 141fd385855SPaul Moore /* (NLA_NESTED) 142fd385855SPaul Moore * the CIPSO level mappings, there must be at least one 143fd385855SPaul Moore * NLBL_CIPSOV4_A_MLSLVL attribute */ 144fd385855SPaul Moore NLBL_CIPSOV4_A_MLSCATLOC, 145fd385855SPaul Moore /* (NLA_U32) 146fd385855SPaul Moore * the local MLS category */ 147fd385855SPaul Moore NLBL_CIPSOV4_A_MLSCATREM, 148fd385855SPaul Moore /* (NLA_U32) 149fd385855SPaul Moore * the remote MLS category */ 150fd385855SPaul Moore NLBL_CIPSOV4_A_MLSCAT, 151fd385855SPaul Moore /* (NLA_NESTED) 152fd385855SPaul Moore * a MLS category mapping, must contain only one attribute of each of 153fd385855SPaul Moore * the following types: NLBL_CIPSOV4_A_MLSCATLOC and 154fd385855SPaul Moore * NLBL_CIPSOV4_A_MLSCATREM */ 155fd385855SPaul Moore NLBL_CIPSOV4_A_MLSCATLST, 156fd385855SPaul Moore /* (NLA_NESTED) 157fd385855SPaul Moore * the CIPSO category mappings, there must be at least one 158fd385855SPaul Moore * NLBL_CIPSOV4_A_MLSCAT attribute */ 159fd385855SPaul Moore __NLBL_CIPSOV4_A_MAX, 160fd385855SPaul Moore }; 161fd385855SPaul Moore #define NLBL_CIPSOV4_A_MAX (__NLBL_CIPSOV4_A_MAX - 1) 162fd385855SPaul Moore 163d15c345fSPaul Moore /* NetLabel protocol functions */ 164d15c345fSPaul Moore int netlbl_cipsov4_genl_init(void); 165d15c345fSPaul Moore 166eda61d32SPaul Moore /* Free the memory associated with a CIPSOv4 DOI definition */ 167eda61d32SPaul Moore void netlbl_cipsov4_doi_free(struct rcu_head *entry); 168eda61d32SPaul Moore 169d15c345fSPaul Moore #endif 170