11ccea77eSThomas Gleixner /* SPDX-License-Identifier: GPL-2.0-or-later */ 2d15c345fSPaul Moore /* 3d15c345fSPaul Moore * NetLabel Management Support 4d15c345fSPaul Moore * 5d15c345fSPaul Moore * This file defines the management functions for the NetLabel system. The 6d15c345fSPaul Moore * NetLabel system manages static and dynamic label mappings for network 7d15c345fSPaul Moore * protocols such as CIPSO and RIPSO. 8d15c345fSPaul Moore * 982c21bfaSPaul Moore * Author: Paul Moore <paul@paul-moore.com> 10d15c345fSPaul Moore */ 11d15c345fSPaul Moore 12d15c345fSPaul Moore /* 13d15c345fSPaul Moore * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 14d15c345fSPaul Moore */ 15d15c345fSPaul Moore 16d15c345fSPaul Moore #ifndef _NETLABEL_MGMT_H 17d15c345fSPaul Moore #define _NETLABEL_MGMT_H 18d15c345fSPaul Moore 19d15c345fSPaul Moore #include <net/netlabel.h> 2060063497SArun Sharma #include <linux/atomic.h> 21d15c345fSPaul Moore 22d15c345fSPaul Moore /* 23fd385855SPaul Moore * The following NetLabel payloads are supported by the management interface. 24d15c345fSPaul Moore * 25d15c345fSPaul Moore * o ADD: 26d15c345fSPaul Moore * Sent by an application to add a domain mapping to the NetLabel system. 27d15c345fSPaul Moore * 28fd385855SPaul Moore * Required attributes: 29d15c345fSPaul Moore * 30fd385855SPaul Moore * NLBL_MGMT_A_DOMAIN 31fd385855SPaul Moore * NLBL_MGMT_A_PROTOCOL 32d15c345fSPaul Moore * 3363c41688SPaul Moore * If IPv4 is specified the following attributes are required: 3463c41688SPaul Moore * 3563c41688SPaul Moore * NLBL_MGMT_A_IPV4ADDR 3663c41688SPaul Moore * NLBL_MGMT_A_IPV4MASK 3763c41688SPaul Moore * 3863c41688SPaul Moore * If IPv6 is specified the following attributes are required: 3963c41688SPaul Moore * 4063c41688SPaul Moore * NLBL_MGMT_A_IPV6ADDR 4163c41688SPaul Moore * NLBL_MGMT_A_IPV6MASK 4263c41688SPaul Moore * 43fd385855SPaul Moore * If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required: 44d15c345fSPaul Moore * 45fd385855SPaul Moore * NLBL_MGMT_A_CV4DOI 46d15c345fSPaul Moore * 478f18e675SHuw Davies * If using NETLBL_NLTYPE_UNLABELED no other attributes are required, 488f18e675SHuw Davies * however the following attribute may optionally be sent: 498f18e675SHuw Davies * 508f18e675SHuw Davies * NLBL_MGMT_A_FAMILY 51d15c345fSPaul Moore * 52d15c345fSPaul Moore * o REMOVE: 53d15c345fSPaul Moore * Sent by an application to remove a domain mapping from the NetLabel 54fd385855SPaul Moore * system. 55d15c345fSPaul Moore * 56fd385855SPaul Moore * Required attributes: 57d15c345fSPaul Moore * 58fd385855SPaul Moore * NLBL_MGMT_A_DOMAIN 59d15c345fSPaul Moore * 60fd385855SPaul Moore * o LISTALL: 61d15c345fSPaul Moore * This message can be sent either from an application or by the kernel in 62fd385855SPaul Moore * response to an application generated LISTALL message. When sent by an 63fd385855SPaul Moore * application there is no payload and the NLM_F_DUMP flag should be set. 64fd385855SPaul Moore * The kernel should respond with a series of the following messages. 65d15c345fSPaul Moore * 66fd385855SPaul Moore * Required attributes: 67d15c345fSPaul Moore * 68fd385855SPaul Moore * NLBL_MGMT_A_DOMAIN 698f18e675SHuw Davies * NLBL_MGMT_A_FAMILY 7063c41688SPaul Moore * 7163c41688SPaul Moore * If the IP address selectors are not used the following attribute is 7263c41688SPaul Moore * required: 7363c41688SPaul Moore * 74fd385855SPaul Moore * NLBL_MGMT_A_PROTOCOL 75d15c345fSPaul Moore * 7663c41688SPaul Moore * If the IP address selectors are used then the following attritbute is 7763c41688SPaul Moore * required: 7863c41688SPaul Moore * 7963c41688SPaul Moore * NLBL_MGMT_A_SELECTORLIST 8063c41688SPaul Moore * 8163c41688SPaul Moore * If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following 8263c41688SPaul Moore * attributes are required: 83d15c345fSPaul Moore * 84fd385855SPaul Moore * NLBL_MGMT_A_CV4DOI 85d15c345fSPaul Moore * 8663c41688SPaul Moore * If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other 8763c41688SPaul Moore * attributes are required. 88d15c345fSPaul Moore * 89d15c345fSPaul Moore * o ADDDEF: 90d15c345fSPaul Moore * Sent by an application to set the default domain mapping for the NetLabel 91fd385855SPaul Moore * system. 92d15c345fSPaul Moore * 93fd385855SPaul Moore * Required attributes: 94d15c345fSPaul Moore * 95fd385855SPaul Moore * NLBL_MGMT_A_PROTOCOL 96d15c345fSPaul Moore * 97fd385855SPaul Moore * If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required: 98d15c345fSPaul Moore * 99fd385855SPaul Moore * NLBL_MGMT_A_CV4DOI 100d15c345fSPaul Moore * 1018f18e675SHuw Davies * If using NETLBL_NLTYPE_UNLABELED no other attributes are required, 1028f18e675SHuw Davies * however the following attribute may optionally be sent: 1038f18e675SHuw Davies * 1048f18e675SHuw Davies * NLBL_MGMT_A_FAMILY 105d15c345fSPaul Moore * 106d15c345fSPaul Moore * o REMOVEDEF: 107d15c345fSPaul Moore * Sent by an application to remove the default domain mapping from the 108fd385855SPaul Moore * NetLabel system, there is no payload. 109d15c345fSPaul Moore * 110d15c345fSPaul Moore * o LISTDEF: 111d15c345fSPaul Moore * This message can be sent either from an application or by the kernel in 112d15c345fSPaul Moore * response to an application generated LISTDEF message. When sent by an 1138f18e675SHuw Davies * application there may be an optional payload. 114d15c345fSPaul Moore * 1158f18e675SHuw Davies * NLBL_MGMT_A_FAMILY 1168f18e675SHuw Davies * 1178f18e675SHuw Davies * On success the kernel should send a response using the following format: 1188f18e675SHuw Davies * 1198f18e675SHuw Davies * If the IP address selectors are not used the following attributes are 12063c41688SPaul Moore * required: 121d15c345fSPaul Moore * 122fd385855SPaul Moore * NLBL_MGMT_A_PROTOCOL 1238f18e675SHuw Davies * NLBL_MGMT_A_FAMILY 124d15c345fSPaul Moore * 12563c41688SPaul Moore * If the IP address selectors are used then the following attritbute is 12663c41688SPaul Moore * required: 12763c41688SPaul Moore * 12863c41688SPaul Moore * NLBL_MGMT_A_SELECTORLIST 12963c41688SPaul Moore * 13063c41688SPaul Moore * If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following 13163c41688SPaul Moore * attributes are required: 132d15c345fSPaul Moore * 133fd385855SPaul Moore * NLBL_MGMT_A_CV4DOI 134d15c345fSPaul Moore * 13563c41688SPaul Moore * If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other 13663c41688SPaul Moore * attributes are required. 137d15c345fSPaul Moore * 138fd385855SPaul Moore * o PROTOCOLS: 139fd385855SPaul Moore * Sent by an application to request a list of configured NetLabel protocols 140fd385855SPaul Moore * in the kernel. When sent by an application there is no payload and the 141fd385855SPaul Moore * NLM_F_DUMP flag should be set. The kernel should respond with a series of 142fd385855SPaul Moore * the following messages. 143d15c345fSPaul Moore * 144fd385855SPaul Moore * Required attributes: 145d15c345fSPaul Moore * 146fd385855SPaul Moore * NLBL_MGMT_A_PROTOCOL 147d15c345fSPaul Moore * 148d15c345fSPaul Moore * o VERSION: 149fd385855SPaul Moore * Sent by an application to request the NetLabel version. When sent by an 150fd385855SPaul Moore * application there is no payload. This message type is also used by the 151fd385855SPaul Moore * kernel to respond to an VERSION request. 152d15c345fSPaul Moore * 153fd385855SPaul Moore * Required attributes: 154d15c345fSPaul Moore * 155fd385855SPaul Moore * NLBL_MGMT_A_VERSION 156d15c345fSPaul Moore * 157d15c345fSPaul Moore */ 158d15c345fSPaul Moore 159d15c345fSPaul Moore /* NetLabel Management commands */ 160d15c345fSPaul Moore enum { 161d15c345fSPaul Moore NLBL_MGMT_C_UNSPEC, 162d15c345fSPaul Moore NLBL_MGMT_C_ADD, 163d15c345fSPaul Moore NLBL_MGMT_C_REMOVE, 164fd385855SPaul Moore NLBL_MGMT_C_LISTALL, 165d15c345fSPaul Moore NLBL_MGMT_C_ADDDEF, 166d15c345fSPaul Moore NLBL_MGMT_C_REMOVEDEF, 167d15c345fSPaul Moore NLBL_MGMT_C_LISTDEF, 168fd385855SPaul Moore NLBL_MGMT_C_PROTOCOLS, 169d15c345fSPaul Moore NLBL_MGMT_C_VERSION, 170d15c345fSPaul Moore __NLBL_MGMT_C_MAX, 171d15c345fSPaul Moore }; 172d15c345fSPaul Moore 173fd385855SPaul Moore /* NetLabel Management attributes */ 174fd385855SPaul Moore enum { 175fd385855SPaul Moore NLBL_MGMT_A_UNSPEC, 176fd385855SPaul Moore NLBL_MGMT_A_DOMAIN, 177fd385855SPaul Moore /* (NLA_NUL_STRING) 178fd385855SPaul Moore * the NULL terminated LSM domain string */ 179fd385855SPaul Moore NLBL_MGMT_A_PROTOCOL, 180fd385855SPaul Moore /* (NLA_U32) 181fd385855SPaul Moore * the NetLabel protocol type (defined by NETLBL_NLTYPE_*) */ 182fd385855SPaul Moore NLBL_MGMT_A_VERSION, 183fd385855SPaul Moore /* (NLA_U32) 184fd385855SPaul Moore * the NetLabel protocol version number (defined by 185fd385855SPaul Moore * NETLBL_PROTO_VERSION) */ 186fd385855SPaul Moore NLBL_MGMT_A_CV4DOI, 187fd385855SPaul Moore /* (NLA_U32) 188fd385855SPaul Moore * the CIPSOv4 DOI value */ 18963c41688SPaul Moore NLBL_MGMT_A_IPV6ADDR, 19063c41688SPaul Moore /* (NLA_BINARY, struct in6_addr) 19163c41688SPaul Moore * an IPv6 address */ 19263c41688SPaul Moore NLBL_MGMT_A_IPV6MASK, 19363c41688SPaul Moore /* (NLA_BINARY, struct in6_addr) 19463c41688SPaul Moore * an IPv6 address mask */ 19563c41688SPaul Moore NLBL_MGMT_A_IPV4ADDR, 19663c41688SPaul Moore /* (NLA_BINARY, struct in_addr) 19763c41688SPaul Moore * an IPv4 address */ 19863c41688SPaul Moore NLBL_MGMT_A_IPV4MASK, 19963c41688SPaul Moore /* (NLA_BINARY, struct in_addr) 20063c41688SPaul Moore * and IPv4 address mask */ 20163c41688SPaul Moore NLBL_MGMT_A_ADDRSELECTOR, 20263c41688SPaul Moore /* (NLA_NESTED) 20363c41688SPaul Moore * an IP address selector, must contain an address, mask, and protocol 20463c41688SPaul Moore * attribute plus any protocol specific attributes */ 20563c41688SPaul Moore NLBL_MGMT_A_SELECTORLIST, 20663c41688SPaul Moore /* (NLA_NESTED) 20763c41688SPaul Moore * the selector list, there must be at least one 20863c41688SPaul Moore * NLBL_MGMT_A_ADDRSELECTOR attribute */ 2098f18e675SHuw Davies NLBL_MGMT_A_FAMILY, 2108f18e675SHuw Davies /* (NLA_U16) 2118f18e675SHuw Davies * The address family */ 212dc7de73fSHuw Davies NLBL_MGMT_A_CLPDOI, 213dc7de73fSHuw Davies /* (NLA_U32) 214dc7de73fSHuw Davies * the CALIPSO DOI value */ 215fd385855SPaul Moore __NLBL_MGMT_A_MAX, 216fd385855SPaul Moore }; 217fd385855SPaul Moore #define NLBL_MGMT_A_MAX (__NLBL_MGMT_A_MAX - 1) 218fd385855SPaul Moore 219d15c345fSPaul Moore /* NetLabel protocol functions */ 220d15c345fSPaul Moore int netlbl_mgmt_genl_init(void); 221d15c345fSPaul Moore 222c783f1ceSPaul Moore /* NetLabel configured protocol reference counter */ 223c783f1ceSPaul Moore extern atomic_t netlabel_mgmt_protocount; 22423bcdc1aSPaul Moore 225d15c345fSPaul Moore #endif 226