xref: /openbmc/linux/net/netlabel/netlabel_mgmt.h (revision e2c75e76) 
1 /*
2  * NetLabel Management Support
3  *
4  * This file defines the management functions for the NetLabel system.  The
5  * NetLabel system manages static and dynamic label mappings for network
6  * protocols such as CIPSO and RIPSO.
7  *
8  * Author: Paul Moore <paul@paul-moore.com>
9  *
10  */
11 
12 /*
13  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
14  *
15  * This program is free software;  you can redistribute it and/or modify
16  * it under the terms of the GNU General Public License as published by
17  * the Free Software Foundation; either version 2 of the License, or
18  * (at your option) any later version.
19  *
20  * This program is distributed in the hope that it will be useful,
21  * but WITHOUT ANY WARRANTY;  without even the implied warranty of
22  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
23  * the GNU General Public License for more details.
24  *
25  * You should have received a copy of the GNU General Public License
26  * along with this program;  if not, see <http://www.gnu.org/licenses/>.
27  *
28  */
29 
30 #ifndef _NETLABEL_MGMT_H
31 #define _NETLABEL_MGMT_H
32 
33 #include <net/netlabel.h>
34 #include <linux/atomic.h>
35 
36 /*
37  * The following NetLabel payloads are supported by the management interface.
38  *
39  * o ADD:
40  *   Sent by an application to add a domain mapping to the NetLabel system.
41  *
42  *   Required attributes:
43  *
44  *     NLBL_MGMT_A_DOMAIN
45  *     NLBL_MGMT_A_PROTOCOL
46  *
47  *   If IPv4 is specified the following attributes are required:
48  *
49  *     NLBL_MGMT_A_IPV4ADDR
50  *     NLBL_MGMT_A_IPV4MASK
51  *
52  *   If IPv6 is specified the following attributes are required:
53  *
54  *     NLBL_MGMT_A_IPV6ADDR
55  *     NLBL_MGMT_A_IPV6MASK
56  *
57  *   If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required:
58  *
59  *     NLBL_MGMT_A_CV4DOI
60  *
61  *   If using NETLBL_NLTYPE_UNLABELED no other attributes are required,
62  *   however the following attribute may optionally be sent:
63  *
64  *     NLBL_MGMT_A_FAMILY
65  *
66  * o REMOVE:
67  *   Sent by an application to remove a domain mapping from the NetLabel
68  *   system.
69  *
70  *   Required attributes:
71  *
72  *     NLBL_MGMT_A_DOMAIN
73  *
74  * o LISTALL:
75  *   This message can be sent either from an application or by the kernel in
76  *   response to an application generated LISTALL message.  When sent by an
77  *   application there is no payload and the NLM_F_DUMP flag should be set.
78  *   The kernel should respond with a series of the following messages.
79  *
80  *   Required attributes:
81  *
82  *     NLBL_MGMT_A_DOMAIN
83  *     NLBL_MGMT_A_FAMILY
84  *
85  *   If the IP address selectors are not used the following attribute is
86  *   required:
87  *
88  *     NLBL_MGMT_A_PROTOCOL
89  *
90  *   If the IP address selectors are used then the following attritbute is
91  *   required:
92  *
93  *     NLBL_MGMT_A_SELECTORLIST
94  *
95  *   If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following
96  *   attributes are required:
97  *
98  *     NLBL_MGMT_A_CV4DOI
99  *
100  *   If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other
101  *   attributes are required.
102  *
103  * o ADDDEF:
104  *   Sent by an application to set the default domain mapping for the NetLabel
105  *   system.
106  *
107  *   Required attributes:
108  *
109  *     NLBL_MGMT_A_PROTOCOL
110  *
111  *   If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required:
112  *
113  *     NLBL_MGMT_A_CV4DOI
114  *
115  *   If using NETLBL_NLTYPE_UNLABELED no other attributes are required,
116  *   however the following attribute may optionally be sent:
117  *
118  *     NLBL_MGMT_A_FAMILY
119  *
120  * o REMOVEDEF:
121  *   Sent by an application to remove the default domain mapping from the
122  *   NetLabel system, there is no payload.
123  *
124  * o LISTDEF:
125  *   This message can be sent either from an application or by the kernel in
126  *   response to an application generated LISTDEF message.  When sent by an
127  *   application there may be an optional payload.
128  *
129  *     NLBL_MGMT_A_FAMILY
130  *
131  *   On success the kernel should send a response using the following format:
132  *
133  *   If the IP address selectors are not used the following attributes are
134  *   required:
135  *
136  *     NLBL_MGMT_A_PROTOCOL
137  *     NLBL_MGMT_A_FAMILY
138  *
139  *   If the IP address selectors are used then the following attritbute is
140  *   required:
141  *
142  *     NLBL_MGMT_A_SELECTORLIST
143  *
144  *   If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following
145  *   attributes are required:
146  *
147  *     NLBL_MGMT_A_CV4DOI
148  *
149  *   If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other
150  *   attributes are required.
151  *
152  * o PROTOCOLS:
153  *   Sent by an application to request a list of configured NetLabel protocols
154  *   in the kernel.  When sent by an application there is no payload and the
155  *   NLM_F_DUMP flag should be set.  The kernel should respond with a series of
156  *   the following messages.
157  *
158  *   Required attributes:
159  *
160  *     NLBL_MGMT_A_PROTOCOL
161  *
162  * o VERSION:
163  *   Sent by an application to request the NetLabel version.  When sent by an
164  *   application there is no payload.  This message type is also used by the
165  *   kernel to respond to an VERSION request.
166  *
167  *   Required attributes:
168  *
169  *     NLBL_MGMT_A_VERSION
170  *
171  */
172 
173 /* NetLabel Management commands */
174 enum {
175 	NLBL_MGMT_C_UNSPEC,
176 	NLBL_MGMT_C_ADD,
177 	NLBL_MGMT_C_REMOVE,
178 	NLBL_MGMT_C_LISTALL,
179 	NLBL_MGMT_C_ADDDEF,
180 	NLBL_MGMT_C_REMOVEDEF,
181 	NLBL_MGMT_C_LISTDEF,
182 	NLBL_MGMT_C_PROTOCOLS,
183 	NLBL_MGMT_C_VERSION,
184 	__NLBL_MGMT_C_MAX,
185 };
186 
187 /* NetLabel Management attributes */
188 enum {
189 	NLBL_MGMT_A_UNSPEC,
190 	NLBL_MGMT_A_DOMAIN,
191 	/* (NLA_NUL_STRING)
192 	 * the NULL terminated LSM domain string */
193 	NLBL_MGMT_A_PROTOCOL,
194 	/* (NLA_U32)
195 	 * the NetLabel protocol type (defined by NETLBL_NLTYPE_*) */
196 	NLBL_MGMT_A_VERSION,
197 	/* (NLA_U32)
198 	 * the NetLabel protocol version number (defined by
199 	 * NETLBL_PROTO_VERSION) */
200 	NLBL_MGMT_A_CV4DOI,
201 	/* (NLA_U32)
202 	 * the CIPSOv4 DOI value */
203 	NLBL_MGMT_A_IPV6ADDR,
204 	/* (NLA_BINARY, struct in6_addr)
205 	 * an IPv6 address */
206 	NLBL_MGMT_A_IPV6MASK,
207 	/* (NLA_BINARY, struct in6_addr)
208 	 * an IPv6 address mask */
209 	NLBL_MGMT_A_IPV4ADDR,
210 	/* (NLA_BINARY, struct in_addr)
211 	 * an IPv4 address */
212 	NLBL_MGMT_A_IPV4MASK,
213 	/* (NLA_BINARY, struct in_addr)
214 	 * and IPv4 address mask */
215 	NLBL_MGMT_A_ADDRSELECTOR,
216 	/* (NLA_NESTED)
217 	 * an IP address selector, must contain an address, mask, and protocol
218 	 * attribute plus any protocol specific attributes */
219 	NLBL_MGMT_A_SELECTORLIST,
220 	/* (NLA_NESTED)
221 	 * the selector list, there must be at least one
222 	 * NLBL_MGMT_A_ADDRSELECTOR attribute */
223 	NLBL_MGMT_A_FAMILY,
224 	/* (NLA_U16)
225 	 * The address family */
226 	NLBL_MGMT_A_CLPDOI,
227 	/* (NLA_U32)
228 	 * the CALIPSO DOI value */
229 	__NLBL_MGMT_A_MAX,
230 };
231 #define NLBL_MGMT_A_MAX (__NLBL_MGMT_A_MAX - 1)
232 
233 /* NetLabel protocol functions */
234 int netlbl_mgmt_genl_init(void);
235 
236 /* NetLabel configured protocol reference counter */
237 extern atomic_t netlabel_mgmt_protocount;
238 
239 #endif
240