1d15c345fSPaul Moore /* 2d15c345fSPaul Moore * NetLabel Management Support 3d15c345fSPaul Moore * 4d15c345fSPaul Moore * This file defines the management functions for the NetLabel system. The 5d15c345fSPaul Moore * NetLabel system manages static and dynamic label mappings for network 6d15c345fSPaul Moore * protocols such as CIPSO and RIPSO. 7d15c345fSPaul Moore * 8d15c345fSPaul Moore * Author: Paul Moore <paul.moore@hp.com> 9d15c345fSPaul Moore * 10d15c345fSPaul Moore */ 11d15c345fSPaul Moore 12d15c345fSPaul Moore /* 13d15c345fSPaul Moore * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 14d15c345fSPaul Moore * 15d15c345fSPaul Moore * This program is free software; you can redistribute it and/or modify 16d15c345fSPaul Moore * it under the terms of the GNU General Public License as published by 17d15c345fSPaul Moore * the Free Software Foundation; either version 2 of the License, or 18d15c345fSPaul Moore * (at your option) any later version. 19d15c345fSPaul Moore * 20d15c345fSPaul Moore * This program is distributed in the hope that it will be useful, 21d15c345fSPaul Moore * but WITHOUT ANY WARRANTY; without even the implied warranty of 22d15c345fSPaul Moore * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 23d15c345fSPaul Moore * the GNU General Public License for more details. 24d15c345fSPaul Moore * 25d15c345fSPaul Moore * You should have received a copy of the GNU General Public License 26d15c345fSPaul Moore * along with this program; if not, write to the Free Software 27d15c345fSPaul Moore * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 28d15c345fSPaul Moore * 29d15c345fSPaul Moore */ 30d15c345fSPaul Moore 31d15c345fSPaul Moore #ifndef _NETLABEL_MGMT_H 32d15c345fSPaul Moore #define _NETLABEL_MGMT_H 33d15c345fSPaul Moore 34d15c345fSPaul Moore #include <net/netlabel.h> 35c783f1ceSPaul Moore #include <asm/atomic.h> 36d15c345fSPaul Moore 37d15c345fSPaul Moore /* 38fd385855SPaul Moore * The following NetLabel payloads are supported by the management interface. 39d15c345fSPaul Moore * 40d15c345fSPaul Moore * o ADD: 41d15c345fSPaul Moore * Sent by an application to add a domain mapping to the NetLabel system. 42d15c345fSPaul Moore * 43fd385855SPaul Moore * Required attributes: 44d15c345fSPaul Moore * 45fd385855SPaul Moore * NLBL_MGMT_A_DOMAIN 46fd385855SPaul Moore * NLBL_MGMT_A_PROTOCOL 47d15c345fSPaul Moore * 4863c41688SPaul Moore * If IPv4 is specified the following attributes are required: 4963c41688SPaul Moore * 5063c41688SPaul Moore * NLBL_MGMT_A_IPV4ADDR 5163c41688SPaul Moore * NLBL_MGMT_A_IPV4MASK 5263c41688SPaul Moore * 5363c41688SPaul Moore * If IPv6 is specified the following attributes are required: 5463c41688SPaul Moore * 5563c41688SPaul Moore * NLBL_MGMT_A_IPV6ADDR 5663c41688SPaul Moore * NLBL_MGMT_A_IPV6MASK 5763c41688SPaul Moore * 58fd385855SPaul Moore * If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required: 59d15c345fSPaul Moore * 60fd385855SPaul Moore * NLBL_MGMT_A_CV4DOI 61d15c345fSPaul Moore * 62fd385855SPaul Moore * If using NETLBL_NLTYPE_UNLABELED no other attributes are required. 63d15c345fSPaul Moore * 64d15c345fSPaul Moore * o REMOVE: 65d15c345fSPaul Moore * Sent by an application to remove a domain mapping from the NetLabel 66fd385855SPaul Moore * system. 67d15c345fSPaul Moore * 68fd385855SPaul Moore * Required attributes: 69d15c345fSPaul Moore * 70fd385855SPaul Moore * NLBL_MGMT_A_DOMAIN 71d15c345fSPaul Moore * 72fd385855SPaul Moore * o LISTALL: 73d15c345fSPaul Moore * This message can be sent either from an application or by the kernel in 74fd385855SPaul Moore * response to an application generated LISTALL message. When sent by an 75fd385855SPaul Moore * application there is no payload and the NLM_F_DUMP flag should be set. 76fd385855SPaul Moore * The kernel should respond with a series of the following messages. 77d15c345fSPaul Moore * 78fd385855SPaul Moore * Required attributes: 79d15c345fSPaul Moore * 80fd385855SPaul Moore * NLBL_MGMT_A_DOMAIN 8163c41688SPaul Moore * 8263c41688SPaul Moore * If the IP address selectors are not used the following attribute is 8363c41688SPaul Moore * required: 8463c41688SPaul Moore * 85fd385855SPaul Moore * NLBL_MGMT_A_PROTOCOL 86d15c345fSPaul Moore * 8763c41688SPaul Moore * If the IP address selectors are used then the following attritbute is 8863c41688SPaul Moore * required: 8963c41688SPaul Moore * 9063c41688SPaul Moore * NLBL_MGMT_A_SELECTORLIST 9163c41688SPaul Moore * 9263c41688SPaul Moore * If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following 9363c41688SPaul Moore * attributes are required: 94d15c345fSPaul Moore * 95fd385855SPaul Moore * NLBL_MGMT_A_CV4DOI 96d15c345fSPaul Moore * 9763c41688SPaul Moore * If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other 9863c41688SPaul Moore * attributes are required. 99d15c345fSPaul Moore * 100d15c345fSPaul Moore * o ADDDEF: 101d15c345fSPaul Moore * Sent by an application to set the default domain mapping for the NetLabel 102fd385855SPaul Moore * system. 103d15c345fSPaul Moore * 104fd385855SPaul Moore * Required attributes: 105d15c345fSPaul Moore * 106fd385855SPaul Moore * NLBL_MGMT_A_PROTOCOL 107d15c345fSPaul Moore * 108fd385855SPaul Moore * If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required: 109d15c345fSPaul Moore * 110fd385855SPaul Moore * NLBL_MGMT_A_CV4DOI 111d15c345fSPaul Moore * 112fd385855SPaul Moore * If using NETLBL_NLTYPE_UNLABELED no other attributes are required. 113d15c345fSPaul Moore * 114d15c345fSPaul Moore * o REMOVEDEF: 115d15c345fSPaul Moore * Sent by an application to remove the default domain mapping from the 116fd385855SPaul Moore * NetLabel system, there is no payload. 117d15c345fSPaul Moore * 118d15c345fSPaul Moore * o LISTDEF: 119d15c345fSPaul Moore * This message can be sent either from an application or by the kernel in 120d15c345fSPaul Moore * response to an application generated LISTDEF message. When sent by an 121fd385855SPaul Moore * application there is no payload. On success the kernel should send a 122fd385855SPaul Moore * response using the following format. 123d15c345fSPaul Moore * 12463c41688SPaul Moore * If the IP address selectors are not used the following attribute is 12563c41688SPaul Moore * required: 126d15c345fSPaul Moore * 127fd385855SPaul Moore * NLBL_MGMT_A_PROTOCOL 128d15c345fSPaul Moore * 12963c41688SPaul Moore * If the IP address selectors are used then the following attritbute is 13063c41688SPaul Moore * required: 13163c41688SPaul Moore * 13263c41688SPaul Moore * NLBL_MGMT_A_SELECTORLIST 13363c41688SPaul Moore * 13463c41688SPaul Moore * If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following 13563c41688SPaul Moore * attributes are required: 136d15c345fSPaul Moore * 137fd385855SPaul Moore * NLBL_MGMT_A_CV4DOI 138d15c345fSPaul Moore * 13963c41688SPaul Moore * If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other 14063c41688SPaul Moore * attributes are required. 141d15c345fSPaul Moore * 142fd385855SPaul Moore * o PROTOCOLS: 143fd385855SPaul Moore * Sent by an application to request a list of configured NetLabel protocols 144fd385855SPaul Moore * in the kernel. When sent by an application there is no payload and the 145fd385855SPaul Moore * NLM_F_DUMP flag should be set. The kernel should respond with a series of 146fd385855SPaul Moore * the following messages. 147d15c345fSPaul Moore * 148fd385855SPaul Moore * Required attributes: 149d15c345fSPaul Moore * 150fd385855SPaul Moore * NLBL_MGMT_A_PROTOCOL 151d15c345fSPaul Moore * 152d15c345fSPaul Moore * o VERSION: 153fd385855SPaul Moore * Sent by an application to request the NetLabel version. When sent by an 154fd385855SPaul Moore * application there is no payload. This message type is also used by the 155fd385855SPaul Moore * kernel to respond to an VERSION request. 156d15c345fSPaul Moore * 157fd385855SPaul Moore * Required attributes: 158d15c345fSPaul Moore * 159fd385855SPaul Moore * NLBL_MGMT_A_VERSION 160d15c345fSPaul Moore * 161d15c345fSPaul Moore */ 162d15c345fSPaul Moore 163d15c345fSPaul Moore /* NetLabel Management commands */ 164d15c345fSPaul Moore enum { 165d15c345fSPaul Moore NLBL_MGMT_C_UNSPEC, 166d15c345fSPaul Moore NLBL_MGMT_C_ADD, 167d15c345fSPaul Moore NLBL_MGMT_C_REMOVE, 168fd385855SPaul Moore NLBL_MGMT_C_LISTALL, 169d15c345fSPaul Moore NLBL_MGMT_C_ADDDEF, 170d15c345fSPaul Moore NLBL_MGMT_C_REMOVEDEF, 171d15c345fSPaul Moore NLBL_MGMT_C_LISTDEF, 172fd385855SPaul Moore NLBL_MGMT_C_PROTOCOLS, 173d15c345fSPaul Moore NLBL_MGMT_C_VERSION, 174d15c345fSPaul Moore __NLBL_MGMT_C_MAX, 175d15c345fSPaul Moore }; 176d15c345fSPaul Moore #define NLBL_MGMT_C_MAX (__NLBL_MGMT_C_MAX - 1) 177d15c345fSPaul Moore 178fd385855SPaul Moore /* NetLabel Management attributes */ 179fd385855SPaul Moore enum { 180fd385855SPaul Moore NLBL_MGMT_A_UNSPEC, 181fd385855SPaul Moore NLBL_MGMT_A_DOMAIN, 182fd385855SPaul Moore /* (NLA_NUL_STRING) 183fd385855SPaul Moore * the NULL terminated LSM domain string */ 184fd385855SPaul Moore NLBL_MGMT_A_PROTOCOL, 185fd385855SPaul Moore /* (NLA_U32) 186fd385855SPaul Moore * the NetLabel protocol type (defined by NETLBL_NLTYPE_*) */ 187fd385855SPaul Moore NLBL_MGMT_A_VERSION, 188fd385855SPaul Moore /* (NLA_U32) 189fd385855SPaul Moore * the NetLabel protocol version number (defined by 190fd385855SPaul Moore * NETLBL_PROTO_VERSION) */ 191fd385855SPaul Moore NLBL_MGMT_A_CV4DOI, 192fd385855SPaul Moore /* (NLA_U32) 193fd385855SPaul Moore * the CIPSOv4 DOI value */ 19463c41688SPaul Moore NLBL_MGMT_A_IPV6ADDR, 19563c41688SPaul Moore /* (NLA_BINARY, struct in6_addr) 19663c41688SPaul Moore * an IPv6 address */ 19763c41688SPaul Moore NLBL_MGMT_A_IPV6MASK, 19863c41688SPaul Moore /* (NLA_BINARY, struct in6_addr) 19963c41688SPaul Moore * an IPv6 address mask */ 20063c41688SPaul Moore NLBL_MGMT_A_IPV4ADDR, 20163c41688SPaul Moore /* (NLA_BINARY, struct in_addr) 20263c41688SPaul Moore * an IPv4 address */ 20363c41688SPaul Moore NLBL_MGMT_A_IPV4MASK, 20463c41688SPaul Moore /* (NLA_BINARY, struct in_addr) 20563c41688SPaul Moore * and IPv4 address mask */ 20663c41688SPaul Moore NLBL_MGMT_A_ADDRSELECTOR, 20763c41688SPaul Moore /* (NLA_NESTED) 20863c41688SPaul Moore * an IP address selector, must contain an address, mask, and protocol 20963c41688SPaul Moore * attribute plus any protocol specific attributes */ 21063c41688SPaul Moore NLBL_MGMT_A_SELECTORLIST, 21163c41688SPaul Moore /* (NLA_NESTED) 21263c41688SPaul Moore * the selector list, there must be at least one 21363c41688SPaul Moore * NLBL_MGMT_A_ADDRSELECTOR attribute */ 214fd385855SPaul Moore __NLBL_MGMT_A_MAX, 215fd385855SPaul Moore }; 216fd385855SPaul Moore #define NLBL_MGMT_A_MAX (__NLBL_MGMT_A_MAX - 1) 217fd385855SPaul Moore 218d15c345fSPaul Moore /* NetLabel protocol functions */ 219d15c345fSPaul Moore int netlbl_mgmt_genl_init(void); 220d15c345fSPaul Moore 221c783f1ceSPaul Moore /* NetLabel configured protocol reference counter */ 222c783f1ceSPaul Moore extern atomic_t netlabel_mgmt_protocount; 22323bcdc1aSPaul Moore 224d15c345fSPaul Moore #endif 225