1d15c345fSPaul Moore /* 2d15c345fSPaul Moore * NetLabel Management Support 3d15c345fSPaul Moore * 4d15c345fSPaul Moore * This file defines the management functions for the NetLabel system. The 5d15c345fSPaul Moore * NetLabel system manages static and dynamic label mappings for network 6d15c345fSPaul Moore * protocols such as CIPSO and RIPSO. 7d15c345fSPaul Moore * 882c21bfaSPaul Moore * Author: Paul Moore <paul@paul-moore.com> 9d15c345fSPaul Moore * 10d15c345fSPaul Moore */ 11d15c345fSPaul Moore 12d15c345fSPaul Moore /* 13d15c345fSPaul Moore * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 14d15c345fSPaul Moore * 15d15c345fSPaul Moore * This program is free software; you can redistribute it and/or modify 16d15c345fSPaul Moore * it under the terms of the GNU General Public License as published by 17d15c345fSPaul Moore * the Free Software Foundation; either version 2 of the License, or 18d15c345fSPaul Moore * (at your option) any later version. 19d15c345fSPaul Moore * 20d15c345fSPaul Moore * This program is distributed in the hope that it will be useful, 21d15c345fSPaul Moore * but WITHOUT ANY WARRANTY; without even the implied warranty of 22d15c345fSPaul Moore * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 23d15c345fSPaul Moore * the GNU General Public License for more details. 24d15c345fSPaul Moore * 25d15c345fSPaul Moore * You should have received a copy of the GNU General Public License 26d484ff15SJeff Kirsher * along with this program; if not, see <http://www.gnu.org/licenses/>. 27d15c345fSPaul Moore * 28d15c345fSPaul Moore */ 29d15c345fSPaul Moore 30d15c345fSPaul Moore #ifndef _NETLABEL_MGMT_H 31d15c345fSPaul Moore #define _NETLABEL_MGMT_H 32d15c345fSPaul Moore 33d15c345fSPaul Moore #include <net/netlabel.h> 3460063497SArun Sharma #include <linux/atomic.h> 35d15c345fSPaul Moore 36d15c345fSPaul Moore /* 37fd385855SPaul Moore * The following NetLabel payloads are supported by the management interface. 38d15c345fSPaul Moore * 39d15c345fSPaul Moore * o ADD: 40d15c345fSPaul Moore * Sent by an application to add a domain mapping to the NetLabel system. 41d15c345fSPaul Moore * 42fd385855SPaul Moore * Required attributes: 43d15c345fSPaul Moore * 44fd385855SPaul Moore * NLBL_MGMT_A_DOMAIN 45fd385855SPaul Moore * NLBL_MGMT_A_PROTOCOL 46d15c345fSPaul Moore * 4763c41688SPaul Moore * If IPv4 is specified the following attributes are required: 4863c41688SPaul Moore * 4963c41688SPaul Moore * NLBL_MGMT_A_IPV4ADDR 5063c41688SPaul Moore * NLBL_MGMT_A_IPV4MASK 5163c41688SPaul Moore * 5263c41688SPaul Moore * If IPv6 is specified the following attributes are required: 5363c41688SPaul Moore * 5463c41688SPaul Moore * NLBL_MGMT_A_IPV6ADDR 5563c41688SPaul Moore * NLBL_MGMT_A_IPV6MASK 5663c41688SPaul Moore * 57fd385855SPaul Moore * If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required: 58d15c345fSPaul Moore * 59fd385855SPaul Moore * NLBL_MGMT_A_CV4DOI 60d15c345fSPaul Moore * 618f18e675SHuw Davies * If using NETLBL_NLTYPE_UNLABELED no other attributes are required, 628f18e675SHuw Davies * however the following attribute may optionally be sent: 638f18e675SHuw Davies * 648f18e675SHuw Davies * NLBL_MGMT_A_FAMILY 65d15c345fSPaul Moore * 66d15c345fSPaul Moore * o REMOVE: 67d15c345fSPaul Moore * Sent by an application to remove a domain mapping from the NetLabel 68fd385855SPaul Moore * system. 69d15c345fSPaul Moore * 70fd385855SPaul Moore * Required attributes: 71d15c345fSPaul Moore * 72fd385855SPaul Moore * NLBL_MGMT_A_DOMAIN 73d15c345fSPaul Moore * 74fd385855SPaul Moore * o LISTALL: 75d15c345fSPaul Moore * This message can be sent either from an application or by the kernel in 76fd385855SPaul Moore * response to an application generated LISTALL message. When sent by an 77fd385855SPaul Moore * application there is no payload and the NLM_F_DUMP flag should be set. 78fd385855SPaul Moore * The kernel should respond with a series of the following messages. 79d15c345fSPaul Moore * 80fd385855SPaul Moore * Required attributes: 81d15c345fSPaul Moore * 82fd385855SPaul Moore * NLBL_MGMT_A_DOMAIN 838f18e675SHuw Davies * NLBL_MGMT_A_FAMILY 8463c41688SPaul Moore * 8563c41688SPaul Moore * If the IP address selectors are not used the following attribute is 8663c41688SPaul Moore * required: 8763c41688SPaul Moore * 88fd385855SPaul Moore * NLBL_MGMT_A_PROTOCOL 89d15c345fSPaul Moore * 9063c41688SPaul Moore * If the IP address selectors are used then the following attritbute is 9163c41688SPaul Moore * required: 9263c41688SPaul Moore * 9363c41688SPaul Moore * NLBL_MGMT_A_SELECTORLIST 9463c41688SPaul Moore * 9563c41688SPaul Moore * If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following 9663c41688SPaul Moore * attributes are required: 97d15c345fSPaul Moore * 98fd385855SPaul Moore * NLBL_MGMT_A_CV4DOI 99d15c345fSPaul Moore * 10063c41688SPaul Moore * If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other 10163c41688SPaul Moore * attributes are required. 102d15c345fSPaul Moore * 103d15c345fSPaul Moore * o ADDDEF: 104d15c345fSPaul Moore * Sent by an application to set the default domain mapping for the NetLabel 105fd385855SPaul Moore * system. 106d15c345fSPaul Moore * 107fd385855SPaul Moore * Required attributes: 108d15c345fSPaul Moore * 109fd385855SPaul Moore * NLBL_MGMT_A_PROTOCOL 110d15c345fSPaul Moore * 111fd385855SPaul Moore * If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required: 112d15c345fSPaul Moore * 113fd385855SPaul Moore * NLBL_MGMT_A_CV4DOI 114d15c345fSPaul Moore * 1158f18e675SHuw Davies * If using NETLBL_NLTYPE_UNLABELED no other attributes are required, 1168f18e675SHuw Davies * however the following attribute may optionally be sent: 1178f18e675SHuw Davies * 1188f18e675SHuw Davies * NLBL_MGMT_A_FAMILY 119d15c345fSPaul Moore * 120d15c345fSPaul Moore * o REMOVEDEF: 121d15c345fSPaul Moore * Sent by an application to remove the default domain mapping from the 122fd385855SPaul Moore * NetLabel system, there is no payload. 123d15c345fSPaul Moore * 124d15c345fSPaul Moore * o LISTDEF: 125d15c345fSPaul Moore * This message can be sent either from an application or by the kernel in 126d15c345fSPaul Moore * response to an application generated LISTDEF message. When sent by an 1278f18e675SHuw Davies * application there may be an optional payload. 128d15c345fSPaul Moore * 1298f18e675SHuw Davies * NLBL_MGMT_A_FAMILY 1308f18e675SHuw Davies * 1318f18e675SHuw Davies * On success the kernel should send a response using the following format: 1328f18e675SHuw Davies * 1338f18e675SHuw Davies * If the IP address selectors are not used the following attributes are 13463c41688SPaul Moore * required: 135d15c345fSPaul Moore * 136fd385855SPaul Moore * NLBL_MGMT_A_PROTOCOL 1378f18e675SHuw Davies * NLBL_MGMT_A_FAMILY 138d15c345fSPaul Moore * 13963c41688SPaul Moore * If the IP address selectors are used then the following attritbute is 14063c41688SPaul Moore * required: 14163c41688SPaul Moore * 14263c41688SPaul Moore * NLBL_MGMT_A_SELECTORLIST 14363c41688SPaul Moore * 14463c41688SPaul Moore * If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following 14563c41688SPaul Moore * attributes are required: 146d15c345fSPaul Moore * 147fd385855SPaul Moore * NLBL_MGMT_A_CV4DOI 148d15c345fSPaul Moore * 14963c41688SPaul Moore * If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other 15063c41688SPaul Moore * attributes are required. 151d15c345fSPaul Moore * 152fd385855SPaul Moore * o PROTOCOLS: 153fd385855SPaul Moore * Sent by an application to request a list of configured NetLabel protocols 154fd385855SPaul Moore * in the kernel. When sent by an application there is no payload and the 155fd385855SPaul Moore * NLM_F_DUMP flag should be set. The kernel should respond with a series of 156fd385855SPaul Moore * the following messages. 157d15c345fSPaul Moore * 158fd385855SPaul Moore * Required attributes: 159d15c345fSPaul Moore * 160fd385855SPaul Moore * NLBL_MGMT_A_PROTOCOL 161d15c345fSPaul Moore * 162d15c345fSPaul Moore * o VERSION: 163fd385855SPaul Moore * Sent by an application to request the NetLabel version. When sent by an 164fd385855SPaul Moore * application there is no payload. This message type is also used by the 165fd385855SPaul Moore * kernel to respond to an VERSION request. 166d15c345fSPaul Moore * 167fd385855SPaul Moore * Required attributes: 168d15c345fSPaul Moore * 169fd385855SPaul Moore * NLBL_MGMT_A_VERSION 170d15c345fSPaul Moore * 171d15c345fSPaul Moore */ 172d15c345fSPaul Moore 173d15c345fSPaul Moore /* NetLabel Management commands */ 174d15c345fSPaul Moore enum { 175d15c345fSPaul Moore NLBL_MGMT_C_UNSPEC, 176d15c345fSPaul Moore NLBL_MGMT_C_ADD, 177d15c345fSPaul Moore NLBL_MGMT_C_REMOVE, 178fd385855SPaul Moore NLBL_MGMT_C_LISTALL, 179d15c345fSPaul Moore NLBL_MGMT_C_ADDDEF, 180d15c345fSPaul Moore NLBL_MGMT_C_REMOVEDEF, 181d15c345fSPaul Moore NLBL_MGMT_C_LISTDEF, 182fd385855SPaul Moore NLBL_MGMT_C_PROTOCOLS, 183d15c345fSPaul Moore NLBL_MGMT_C_VERSION, 184d15c345fSPaul Moore __NLBL_MGMT_C_MAX, 185d15c345fSPaul Moore }; 186d15c345fSPaul Moore 187fd385855SPaul Moore /* NetLabel Management attributes */ 188fd385855SPaul Moore enum { 189fd385855SPaul Moore NLBL_MGMT_A_UNSPEC, 190fd385855SPaul Moore NLBL_MGMT_A_DOMAIN, 191fd385855SPaul Moore /* (NLA_NUL_STRING) 192fd385855SPaul Moore * the NULL terminated LSM domain string */ 193fd385855SPaul Moore NLBL_MGMT_A_PROTOCOL, 194fd385855SPaul Moore /* (NLA_U32) 195fd385855SPaul Moore * the NetLabel protocol type (defined by NETLBL_NLTYPE_*) */ 196fd385855SPaul Moore NLBL_MGMT_A_VERSION, 197fd385855SPaul Moore /* (NLA_U32) 198fd385855SPaul Moore * the NetLabel protocol version number (defined by 199fd385855SPaul Moore * NETLBL_PROTO_VERSION) */ 200fd385855SPaul Moore NLBL_MGMT_A_CV4DOI, 201fd385855SPaul Moore /* (NLA_U32) 202fd385855SPaul Moore * the CIPSOv4 DOI value */ 20363c41688SPaul Moore NLBL_MGMT_A_IPV6ADDR, 20463c41688SPaul Moore /* (NLA_BINARY, struct in6_addr) 20563c41688SPaul Moore * an IPv6 address */ 20663c41688SPaul Moore NLBL_MGMT_A_IPV6MASK, 20763c41688SPaul Moore /* (NLA_BINARY, struct in6_addr) 20863c41688SPaul Moore * an IPv6 address mask */ 20963c41688SPaul Moore NLBL_MGMT_A_IPV4ADDR, 21063c41688SPaul Moore /* (NLA_BINARY, struct in_addr) 21163c41688SPaul Moore * an IPv4 address */ 21263c41688SPaul Moore NLBL_MGMT_A_IPV4MASK, 21363c41688SPaul Moore /* (NLA_BINARY, struct in_addr) 21463c41688SPaul Moore * and IPv4 address mask */ 21563c41688SPaul Moore NLBL_MGMT_A_ADDRSELECTOR, 21663c41688SPaul Moore /* (NLA_NESTED) 21763c41688SPaul Moore * an IP address selector, must contain an address, mask, and protocol 21863c41688SPaul Moore * attribute plus any protocol specific attributes */ 21963c41688SPaul Moore NLBL_MGMT_A_SELECTORLIST, 22063c41688SPaul Moore /* (NLA_NESTED) 22163c41688SPaul Moore * the selector list, there must be at least one 22263c41688SPaul Moore * NLBL_MGMT_A_ADDRSELECTOR attribute */ 2238f18e675SHuw Davies NLBL_MGMT_A_FAMILY, 2248f18e675SHuw Davies /* (NLA_U16) 2258f18e675SHuw Davies * The address family */ 226fd385855SPaul Moore __NLBL_MGMT_A_MAX, 227fd385855SPaul Moore }; 228fd385855SPaul Moore #define NLBL_MGMT_A_MAX (__NLBL_MGMT_A_MAX - 1) 229fd385855SPaul Moore 230d15c345fSPaul Moore /* NetLabel protocol functions */ 231d15c345fSPaul Moore int netlbl_mgmt_genl_init(void); 232d15c345fSPaul Moore 233c783f1ceSPaul Moore /* NetLabel configured protocol reference counter */ 234c783f1ceSPaul Moore extern atomic_t netlabel_mgmt_protocount; 23523bcdc1aSPaul Moore 236d15c345fSPaul Moore #endif 237