1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /*
3  * NetLabel CIPSO/IPv4 Support
4  *
5  * This file defines the CIPSO/IPv4 functions for the NetLabel system.  The
6  * NetLabel system manages static and dynamic label mappings for network
7  * protocols such as CIPSO and RIPSO.
8  *
9  * Author: Paul Moore <paul@paul-moore.com>
10  */
11 
12 /*
13  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
14  */
15 
16 #ifndef _NETLABEL_CIPSO_V4
17 #define _NETLABEL_CIPSO_V4
18 
19 #include <net/netlabel.h>
20 
21 /*
22  * The following NetLabel payloads are supported by the CIPSO subsystem.
23  *
24  * o ADD:
25  *   Sent by an application to add a new DOI mapping table.
26  *
27  *   Required attributes:
28  *
29  *     NLBL_CIPSOV4_A_DOI
30  *     NLBL_CIPSOV4_A_MTYPE
31  *     NLBL_CIPSOV4_A_TAGLST
32  *
33  *   If using CIPSO_V4_MAP_TRANS the following attributes are required:
34  *
35  *     NLBL_CIPSOV4_A_MLSLVLLST
36  *     NLBL_CIPSOV4_A_MLSCATLST
37  *
38  *   If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
39  *   are required.
40  *
41  * o REMOVE:
42  *   Sent by an application to remove a specific DOI mapping table from the
43  *   CIPSO V4 system.
44  *
45  *   Required attributes:
46  *
47  *     NLBL_CIPSOV4_A_DOI
48  *
49  * o LIST:
50  *   Sent by an application to list the details of a DOI definition.  On
51  *   success the kernel should send a response using the following format.
52  *
53  *   Required attributes:
54  *
55  *     NLBL_CIPSOV4_A_DOI
56  *
57  *   The valid response message format depends on the type of the DOI mapping,
58  *   the defined formats are shown below.
59  *
60  *   Required attributes:
61  *
62  *     NLBL_CIPSOV4_A_MTYPE
63  *     NLBL_CIPSOV4_A_TAGLST
64  *
65  *   If using CIPSO_V4_MAP_TRANS the following attributes are required:
66  *
67  *     NLBL_CIPSOV4_A_MLSLVLLST
68  *     NLBL_CIPSOV4_A_MLSCATLST
69  *
70  *   If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
71  *   are required.
72  *
73  * o LISTALL:
74  *   This message is sent by an application to list the valid DOIs on the
75  *   system.  When sent by an application there is no payload and the
76  *   NLM_F_DUMP flag should be set.  The kernel should respond with a series of
77  *   the following messages.
78  *
79  *   Required attributes:
80  *
81  *    NLBL_CIPSOV4_A_DOI
82  *    NLBL_CIPSOV4_A_MTYPE
83  *
84  */
85 
86 /* NetLabel CIPSOv4 commands */
87 enum {
88 	NLBL_CIPSOV4_C_UNSPEC,
89 	NLBL_CIPSOV4_C_ADD,
90 	NLBL_CIPSOV4_C_REMOVE,
91 	NLBL_CIPSOV4_C_LIST,
92 	NLBL_CIPSOV4_C_LISTALL,
93 	__NLBL_CIPSOV4_C_MAX,
94 };
95 
96 /* NetLabel CIPSOv4 attributes */
97 enum {
98 	NLBL_CIPSOV4_A_UNSPEC,
99 	NLBL_CIPSOV4_A_DOI,
100 	/* (NLA_U32)
101 	 * the DOI value */
102 	NLBL_CIPSOV4_A_MTYPE,
103 	/* (NLA_U32)
104 	 * the mapping table type (defined in the cipso_ipv4.h header as
105 	 * CIPSO_V4_MAP_*) */
106 	NLBL_CIPSOV4_A_TAG,
107 	/* (NLA_U8)
108 	 * a CIPSO tag type, meant to be used within a NLBL_CIPSOV4_A_TAGLST
109 	 * attribute */
110 	NLBL_CIPSOV4_A_TAGLST,
111 	/* (NLA_NESTED)
112 	 * the CIPSO tag list for the DOI, there must be at least one
113 	 * NLBL_CIPSOV4_A_TAG attribute, tags listed first are given higher
114 	 * priorirty when sending packets */
115 	NLBL_CIPSOV4_A_MLSLVLLOC,
116 	/* (NLA_U32)
117 	 * the local MLS sensitivity level */
118 	NLBL_CIPSOV4_A_MLSLVLREM,
119 	/* (NLA_U32)
120 	 * the remote MLS sensitivity level */
121 	NLBL_CIPSOV4_A_MLSLVL,
122 	/* (NLA_NESTED)
123 	 * a MLS sensitivity level mapping, must contain only one attribute of
124 	 * each of the following types: NLBL_CIPSOV4_A_MLSLVLLOC and
125 	 * NLBL_CIPSOV4_A_MLSLVLREM */
126 	NLBL_CIPSOV4_A_MLSLVLLST,
127 	/* (NLA_NESTED)
128 	 * the CIPSO level mappings, there must be at least one
129 	 * NLBL_CIPSOV4_A_MLSLVL attribute */
130 	NLBL_CIPSOV4_A_MLSCATLOC,
131 	/* (NLA_U32)
132 	 * the local MLS category */
133 	NLBL_CIPSOV4_A_MLSCATREM,
134 	/* (NLA_U32)
135 	 * the remote MLS category */
136 	NLBL_CIPSOV4_A_MLSCAT,
137 	/* (NLA_NESTED)
138 	 * a MLS category mapping, must contain only one attribute of each of
139 	 * the following types: NLBL_CIPSOV4_A_MLSCATLOC and
140 	 * NLBL_CIPSOV4_A_MLSCATREM */
141 	NLBL_CIPSOV4_A_MLSCATLST,
142 	/* (NLA_NESTED)
143 	 * the CIPSO category mappings, there must be at least one
144 	 * NLBL_CIPSOV4_A_MLSCAT attribute */
145 	__NLBL_CIPSOV4_A_MAX,
146 };
147 #define NLBL_CIPSOV4_A_MAX (__NLBL_CIPSOV4_A_MAX - 1)
148 
149 /* NetLabel protocol functions */
150 int netlbl_cipsov4_genl_init(void);
151 
152 /* Free the memory associated with a CIPSOv4 DOI definition */
153 void netlbl_cipsov4_doi_free(struct rcu_head *entry);
154 
155 #endif
156