1d15c345fSPaul Moore /* 2d15c345fSPaul Moore * NetLabel Management Support 3d15c345fSPaul Moore * 4d15c345fSPaul Moore * This file defines the management functions for the NetLabel system. The 5d15c345fSPaul Moore * NetLabel system manages static and dynamic label mappings for network 6d15c345fSPaul Moore * protocols such as CIPSO and RIPSO. 7d15c345fSPaul Moore * 8d15c345fSPaul Moore * Author: Paul Moore <paul.moore@hp.com> 9d15c345fSPaul Moore * 10d15c345fSPaul Moore */ 11d15c345fSPaul Moore 12d15c345fSPaul Moore /* 13d15c345fSPaul Moore * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 14d15c345fSPaul Moore * 15d15c345fSPaul Moore * This program is free software; you can redistribute it and/or modify 16d15c345fSPaul Moore * it under the terms of the GNU General Public License as published by 17d15c345fSPaul Moore * the Free Software Foundation; either version 2 of the License, or 18d15c345fSPaul Moore * (at your option) any later version. 19d15c345fSPaul Moore * 20d15c345fSPaul Moore * This program is distributed in the hope that it will be useful, 21d15c345fSPaul Moore * but WITHOUT ANY WARRANTY; without even the implied warranty of 22d15c345fSPaul Moore * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 23d15c345fSPaul Moore * the GNU General Public License for more details. 24d15c345fSPaul Moore * 25d15c345fSPaul Moore * You should have received a copy of the GNU General Public License 26d15c345fSPaul Moore * along with this program; if not, write to the Free Software 27d15c345fSPaul Moore * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 28d15c345fSPaul Moore * 29d15c345fSPaul Moore */ 30d15c345fSPaul Moore 31d15c345fSPaul Moore #ifndef _NETLABEL_MGMT_H 32d15c345fSPaul Moore #define _NETLABEL_MGMT_H 33d15c345fSPaul Moore 34d15c345fSPaul Moore #include <net/netlabel.h> 35d15c345fSPaul Moore 36d15c345fSPaul Moore /* 37d15c345fSPaul Moore * The following NetLabel payloads are supported by the management interface, 38d15c345fSPaul Moore * all of which are preceeded by the nlmsghdr struct. 39d15c345fSPaul Moore * 40d15c345fSPaul Moore * o ACK: 41d15c345fSPaul Moore * Sent by the kernel in response to an applications message, applications 42d15c345fSPaul Moore * should never send this message. 43d15c345fSPaul Moore * 44d15c345fSPaul Moore * +----------------------+-----------------------+ 45d15c345fSPaul Moore * | seq number (32 bits) | return code (32 bits) | 46d15c345fSPaul Moore * +----------------------+-----------------------+ 47d15c345fSPaul Moore * 48d15c345fSPaul Moore * seq number: the sequence number of the original message, taken from the 49d15c345fSPaul Moore * nlmsghdr structure 50d15c345fSPaul Moore * return code: return value, based on errno values 51d15c345fSPaul Moore * 52d15c345fSPaul Moore * o ADD: 53d15c345fSPaul Moore * Sent by an application to add a domain mapping to the NetLabel system. 54d15c345fSPaul Moore * The kernel should respond with an ACK. 55d15c345fSPaul Moore * 56d15c345fSPaul Moore * +-------------------+ 57d15c345fSPaul Moore * | domains (32 bits) | ... 58d15c345fSPaul Moore * +-------------------+ 59d15c345fSPaul Moore * 60d15c345fSPaul Moore * domains: the number of domains in the message 61d15c345fSPaul Moore * 62d15c345fSPaul Moore * +--------------------------+-------------------------+ 63d15c345fSPaul Moore * | domain string (variable) | protocol type (32 bits) | ... 64d15c345fSPaul Moore * +--------------------------+-------------------------+ 65d15c345fSPaul Moore * 66d15c345fSPaul Moore * +-------------- ---- --- -- - 67d15c345fSPaul Moore * | mapping data ... repeated 68d15c345fSPaul Moore * +-------------- ---- --- -- - 69d15c345fSPaul Moore * 70d15c345fSPaul Moore * domain string: the domain string, NULL terminated 71d15c345fSPaul Moore * protocol type: the protocol type (defined by NETLBL_NLTYPE_*) 72d15c345fSPaul Moore * mapping data: specific to the map type (see below) 73d15c345fSPaul Moore * 74d15c345fSPaul Moore * NETLBL_NLTYPE_UNLABELED 75d15c345fSPaul Moore * 76d15c345fSPaul Moore * No mapping data for this protocol type. 77d15c345fSPaul Moore * 78d15c345fSPaul Moore * NETLBL_NLTYPE_CIPSOV4 79d15c345fSPaul Moore * 80d15c345fSPaul Moore * +---------------+ 81d15c345fSPaul Moore * | doi (32 bits) | 82d15c345fSPaul Moore * +---------------+ 83d15c345fSPaul Moore * 84d15c345fSPaul Moore * doi: the CIPSO DOI value 85d15c345fSPaul Moore * 86d15c345fSPaul Moore * o REMOVE: 87d15c345fSPaul Moore * Sent by an application to remove a domain mapping from the NetLabel 88d15c345fSPaul Moore * system. The kernel should ACK this message. 89d15c345fSPaul Moore * 90d15c345fSPaul Moore * +-------------------+ 91d15c345fSPaul Moore * | domains (32 bits) | ... 92d15c345fSPaul Moore * +-------------------+ 93d15c345fSPaul Moore * 94d15c345fSPaul Moore * domains: the number of domains in the message 95d15c345fSPaul Moore * 96d15c345fSPaul Moore * +--------------------------+ 97d15c345fSPaul Moore * | domain string (variable) | ... 98d15c345fSPaul Moore * +--------------------------+ 99d15c345fSPaul Moore * 100d15c345fSPaul Moore * domain string: the domain string, NULL terminated 101d15c345fSPaul Moore * 102d15c345fSPaul Moore * o LIST: 103d15c345fSPaul Moore * This message can be sent either from an application or by the kernel in 104d15c345fSPaul Moore * response to an application generated LIST message. When sent by an 105d15c345fSPaul Moore * application there is no payload. The kernel should respond to a LIST 106d15c345fSPaul Moore * message either with a LIST message on success or an ACK message on 107d15c345fSPaul Moore * failure. 108d15c345fSPaul Moore * 109d15c345fSPaul Moore * +-------------------+ 110d15c345fSPaul Moore * | domains (32 bits) | ... 111d15c345fSPaul Moore * +-------------------+ 112d15c345fSPaul Moore * 113d15c345fSPaul Moore * domains: the number of domains in the message 114d15c345fSPaul Moore * 115d15c345fSPaul Moore * +--------------------------+ 116d15c345fSPaul Moore * | domain string (variable) | ... 117d15c345fSPaul Moore * +--------------------------+ 118d15c345fSPaul Moore * 119d15c345fSPaul Moore * +-------------------------+-------------- ---- --- -- - 120d15c345fSPaul Moore * | protocol type (32 bits) | mapping data ... repeated 121d15c345fSPaul Moore * +-------------------------+-------------- ---- --- -- - 122d15c345fSPaul Moore * 123d15c345fSPaul Moore * domain string: the domain string, NULL terminated 124d15c345fSPaul Moore * protocol type: the protocol type (defined by NETLBL_NLTYPE_*) 125d15c345fSPaul Moore * mapping data: specific to the map type (see below) 126d15c345fSPaul Moore * 127d15c345fSPaul Moore * NETLBL_NLTYPE_UNLABELED 128d15c345fSPaul Moore * 129d15c345fSPaul Moore * No mapping data for this protocol type. 130d15c345fSPaul Moore * 131d15c345fSPaul Moore * NETLBL_NLTYPE_CIPSOV4 132d15c345fSPaul Moore * 133d15c345fSPaul Moore * +----------------+---------------+ 134d15c345fSPaul Moore * | type (32 bits) | doi (32 bits) | 135d15c345fSPaul Moore * +----------------+---------------+ 136d15c345fSPaul Moore * 137d15c345fSPaul Moore * type: the CIPSO mapping table type (defined in the cipso_ipv4.h header 138d15c345fSPaul Moore * as CIPSO_V4_MAP_*) 139d15c345fSPaul Moore * doi: the CIPSO DOI value 140d15c345fSPaul Moore * 141d15c345fSPaul Moore * o ADDDEF: 142d15c345fSPaul Moore * Sent by an application to set the default domain mapping for the NetLabel 143d15c345fSPaul Moore * system. The kernel should respond with an ACK. 144d15c345fSPaul Moore * 145d15c345fSPaul Moore * +-------------------------+-------------- ---- --- -- - 146d15c345fSPaul Moore * | protocol type (32 bits) | mapping data ... repeated 147d15c345fSPaul Moore * +-------------------------+-------------- ---- --- -- - 148d15c345fSPaul Moore * 149d15c345fSPaul Moore * protocol type: the protocol type (defined by NETLBL_NLTYPE_*) 150d15c345fSPaul Moore * mapping data: specific to the map type (see below) 151d15c345fSPaul Moore * 152d15c345fSPaul Moore * NETLBL_NLTYPE_UNLABELED 153d15c345fSPaul Moore * 154d15c345fSPaul Moore * No mapping data for this protocol type. 155d15c345fSPaul Moore * 156d15c345fSPaul Moore * NETLBL_NLTYPE_CIPSOV4 157d15c345fSPaul Moore * 158d15c345fSPaul Moore * +---------------+ 159d15c345fSPaul Moore * | doi (32 bits) | 160d15c345fSPaul Moore * +---------------+ 161d15c345fSPaul Moore * 162d15c345fSPaul Moore * doi: the CIPSO DOI value 163d15c345fSPaul Moore * 164d15c345fSPaul Moore * o REMOVEDEF: 165d15c345fSPaul Moore * Sent by an application to remove the default domain mapping from the 166d15c345fSPaul Moore * NetLabel system, there is no payload. The kernel should ACK this message. 167d15c345fSPaul Moore * 168d15c345fSPaul Moore * o LISTDEF: 169d15c345fSPaul Moore * This message can be sent either from an application or by the kernel in 170d15c345fSPaul Moore * response to an application generated LISTDEF message. When sent by an 171d15c345fSPaul Moore * application there is no payload. The kernel should respond to a 172d15c345fSPaul Moore * LISTDEF message either with a LISTDEF message on success or an ACK message 173d15c345fSPaul Moore * on failure. 174d15c345fSPaul Moore * 175d15c345fSPaul Moore * +-------------------------+-------------- ---- --- -- - 176d15c345fSPaul Moore * | protocol type (32 bits) | mapping data ... repeated 177d15c345fSPaul Moore * +-------------------------+-------------- ---- --- -- - 178d15c345fSPaul Moore * 179d15c345fSPaul Moore * protocol type: the protocol type (defined by NETLBL_NLTYPE_*) 180d15c345fSPaul Moore * mapping data: specific to the map type (see below) 181d15c345fSPaul Moore * 182d15c345fSPaul Moore * NETLBL_NLTYPE_UNLABELED 183d15c345fSPaul Moore * 184d15c345fSPaul Moore * No mapping data for this protocol type. 185d15c345fSPaul Moore * 186d15c345fSPaul Moore * NETLBL_NLTYPE_CIPSOV4 187d15c345fSPaul Moore * 188d15c345fSPaul Moore * +----------------+---------------+ 189d15c345fSPaul Moore * | type (32 bits) | doi (32 bits) | 190d15c345fSPaul Moore * +----------------+---------------+ 191d15c345fSPaul Moore * 192d15c345fSPaul Moore * type: the CIPSO mapping table type (defined in the cipso_ipv4.h header 193d15c345fSPaul Moore * as CIPSO_V4_MAP_*) 194d15c345fSPaul Moore * doi: the CIPSO DOI value 195d15c345fSPaul Moore * 196d15c345fSPaul Moore * o MODULES: 197d15c345fSPaul Moore * Sent by an application to request a list of configured NetLabel modules 198d15c345fSPaul Moore * in the kernel. When sent by an application there is no payload. 199d15c345fSPaul Moore * 200d15c345fSPaul Moore * +-------------------+ 201d15c345fSPaul Moore * | modules (32 bits) | ... 202d15c345fSPaul Moore * +-------------------+ 203d15c345fSPaul Moore * 204d15c345fSPaul Moore * modules: the number of modules in the message, if this is an application 205d15c345fSPaul Moore * generated message and the value is zero then return a list of 206d15c345fSPaul Moore * the configured modules 207d15c345fSPaul Moore * 208d15c345fSPaul Moore * +------------------+ 209d15c345fSPaul Moore * | module (32 bits) | ... repeated 210d15c345fSPaul Moore * +------------------+ 211d15c345fSPaul Moore * 212d15c345fSPaul Moore * module: the module number as defined by NETLBL_NLTYPE_* 213d15c345fSPaul Moore * 214d15c345fSPaul Moore * o VERSION: 215d15c345fSPaul Moore * Sent by an application to request the NetLabel version string. When sent 216d15c345fSPaul Moore * by an application there is no payload. This message type is also used by 217d15c345fSPaul Moore * the kernel to respond to an VERSION request. 218d15c345fSPaul Moore * 219d15c345fSPaul Moore * +-------------------+ 220d15c345fSPaul Moore * | version (32 bits) | 221d15c345fSPaul Moore * +-------------------+ 222d15c345fSPaul Moore * 223d15c345fSPaul Moore * version: the protocol version number 224d15c345fSPaul Moore * 225d15c345fSPaul Moore */ 226d15c345fSPaul Moore 227d15c345fSPaul Moore /* NetLabel Management commands */ 228d15c345fSPaul Moore enum { 229d15c345fSPaul Moore NLBL_MGMT_C_UNSPEC, 230d15c345fSPaul Moore NLBL_MGMT_C_ACK, 231d15c345fSPaul Moore NLBL_MGMT_C_ADD, 232d15c345fSPaul Moore NLBL_MGMT_C_REMOVE, 233d15c345fSPaul Moore NLBL_MGMT_C_LIST, 234d15c345fSPaul Moore NLBL_MGMT_C_ADDDEF, 235d15c345fSPaul Moore NLBL_MGMT_C_REMOVEDEF, 236d15c345fSPaul Moore NLBL_MGMT_C_LISTDEF, 237d15c345fSPaul Moore NLBL_MGMT_C_MODULES, 238d15c345fSPaul Moore NLBL_MGMT_C_VERSION, 239d15c345fSPaul Moore __NLBL_MGMT_C_MAX, 240d15c345fSPaul Moore }; 241d15c345fSPaul Moore #define NLBL_MGMT_C_MAX (__NLBL_MGMT_C_MAX - 1) 242d15c345fSPaul Moore 243d15c345fSPaul Moore /* NetLabel protocol functions */ 244d15c345fSPaul Moore int netlbl_mgmt_genl_init(void); 245d15c345fSPaul Moore 246d15c345fSPaul Moore #endif 247