[linux-2.6-block.git] / net / netlabel / netlabel_cipso_v4.h

/* SPDX-License-Identifier: GPL-2.0-or-later */
/*
 * NetLabel CIPSO/IPv4 Support
 *
 * This file defines the CIPSO/IPv4 functions for the NetLabel system.  The
 * NetLabel system manages static and dynamic label mappings for network
 * protocols such as CIPSO and RIPSO.
 *
 * Author: Paul Moore <paul@paul-moore.com>
 */

/*
 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
 */

#ifndef _NETLABEL_CIPSO_V4
#define _NETLABEL_CIPSO_V4

#include <net/netlabel.h>

/*
 * The following NetLabel payloads are supported by the CIPSO subsystem.
 *
 * o ADD:
 *   Sent by an application to add a new DOI mapping table.
 *
 *   Required attributes:
 *
 *     NLBL_CIPSOV4_A_DOI
 *     NLBL_CIPSOV4_A_MTYPE
 *     NLBL_CIPSOV4_A_TAGLST
 *
 *   If using CIPSO_V4_MAP_TRANS the following attributes are required:
 *
 *     NLBL_CIPSOV4_A_MLSLVLLST
 *     NLBL_CIPSOV4_A_MLSCATLST
 *
 *   If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
 *   are required.
 *
 * o REMOVE:
 *   Sent by an application to remove a specific DOI mapping table from the
 *   CIPSO V4 system.
 *
 *   Required attributes:
 *
 *     NLBL_CIPSOV4_A_DOI
 *
 * o LIST:
 *   Sent by an application to list the details of a DOI definition.  On
 *   success the kernel should send a response using the following format.
 *
 *   Required attributes:
 *
 *     NLBL_CIPSOV4_A_DOI
 *
 *   The valid response message format depends on the type of the DOI mapping,
 *   the defined formats are shown below.
 *
 *   Required attributes:
 *
 *     NLBL_CIPSOV4_A_MTYPE
 *     NLBL_CIPSOV4_A_TAGLST
 *
 *   If using CIPSO_V4_MAP_TRANS the following attributes are required:
 *
 *     NLBL_CIPSOV4_A_MLSLVLLST
 *     NLBL_CIPSOV4_A_MLSCATLST
 *
 *   If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
 *   are required.
 *
 * o LISTALL:
 *   This message is sent by an application to list the valid DOIs on the
 *   system.  When sent by an application there is no payload and the
 *   NLM_F_DUMP flag should be set.  The kernel should respond with a series of
 *   the following messages.
 *
 *   Required attributes:
 *
 *    NLBL_CIPSOV4_A_DOI
 *    NLBL_CIPSOV4_A_MTYPE
 *
 */

/* NetLabel CIPSOv4 commands */
enum {
	NLBL_CIPSOV4_C_UNSPEC,
	NLBL_CIPSOV4_C_ADD,
	NLBL_CIPSOV4_C_REMOVE,
	NLBL_CIPSOV4_C_LIST,
	NLBL_CIPSOV4_C_LISTALL,
	__NLBL_CIPSOV4_C_MAX,
};

/* NetLabel CIPSOv4 attributes */
enum {
	NLBL_CIPSOV4_A_UNSPEC,
	NLBL_CIPSOV4_A_DOI,
	/* (NLA_U32)
	 * the DOI value */
	NLBL_CIPSOV4_A_MTYPE,
	/* (NLA_U32)
	 * the mapping table type (defined in the cipso_ipv4.h header as
	 * CIPSO_V4_MAP_*) */
	NLBL_CIPSOV4_A_TAG,
	/* (NLA_U8)
	 * a CIPSO tag type, meant to be used within a NLBL_CIPSOV4_A_TAGLST
	 * attribute */
	NLBL_CIPSOV4_A_TAGLST,
	/* (NLA_NESTED)
	 * the CIPSO tag list for the DOI, there must be at least one
	 * NLBL_CIPSOV4_A_TAG attribute, tags listed first are given higher
	 * priorirty when sending packets */
	NLBL_CIPSOV4_A_MLSLVLLOC,
	/* (NLA_U32)
	 * the local MLS sensitivity level */
	NLBL_CIPSOV4_A_MLSLVLREM,
	/* (NLA_U32)
	 * the remote MLS sensitivity level */
	NLBL_CIPSOV4_A_MLSLVL,
	/* (NLA_NESTED)
	 * a MLS sensitivity level mapping, must contain only one attribute of
	 * each of the following types: NLBL_CIPSOV4_A_MLSLVLLOC and
	 * NLBL_CIPSOV4_A_MLSLVLREM */
	NLBL_CIPSOV4_A_MLSLVLLST,
	/* (NLA_NESTED)
	 * the CIPSO level mappings, there must be at least one
	 * NLBL_CIPSOV4_A_MLSLVL attribute */
	NLBL_CIPSOV4_A_MLSCATLOC,
	/* (NLA_U32)
	 * the local MLS category */
	NLBL_CIPSOV4_A_MLSCATREM,
	/* (NLA_U32)
	 * the remote MLS category */
	NLBL_CIPSOV4_A_MLSCAT,
	/* (NLA_NESTED)
	 * a MLS category mapping, must contain only one attribute of each of
	 * the following types: NLBL_CIPSOV4_A_MLSCATLOC and
	 * NLBL_CIPSOV4_A_MLSCATREM */
	NLBL_CIPSOV4_A_MLSCATLST,
	/* (NLA_NESTED)
	 * the CIPSO category mappings, there must be at least one
	 * NLBL_CIPSOV4_A_MLSCAT attribute */
	__NLBL_CIPSOV4_A_MAX,
};
#define NLBL_CIPSOV4_A_MAX (__NLBL_CIPSOV4_A_MAX - 1)

/* NetLabel protocol functions */
int netlbl_cipsov4_genl_init(void);

/* Free the memory associated with a CIPSOv4 DOI definition */
void netlbl_cipsov4_doi_free(struct rcu_head *entry);

#endif
Commit	Line	Data
1ccea77e	1	/* SPDX-License-Identifier: GPL-2.0-or-later */
d15c345f PM	2	/*
	3	* NetLabel CIPSO/IPv4 Support
	4	*
	5	* This file defines the CIPSO/IPv4 functions for the NetLabel system. The
	6	* NetLabel system manages static and dynamic label mappings for network
	7	* protocols such as CIPSO and RIPSO.
	8	*
82c21bfa	9	* Author: Paul Moore <paul@paul-moore.com>
d15c345f PM	10	*/
	11
	12	/*
	13	* (c) Copyright Hewlett-Packard Development Company, L.P., 2006
d15c345f PM	14	*/
	15
	16	#ifndef _NETLABEL_CIPSO_V4
	17	#define _NETLABEL_CIPSO_V4
	18
	19	#include <net/netlabel.h>
	20
	21	/*
fd385855	22	* The following NetLabel payloads are supported by the CIPSO subsystem.
d15c345f	23	*
fd385855 PM	24	* o ADD:
fd385855 PM	25	* Sent by an application to add a new DOI mapping table.
d15c345f	26	*
fd385855	27	* Required attributes:
d15c345f	28	*
fd385855 PM	29	* NLBL_CIPSOV4_A_DOI
	30	* NLBL_CIPSOV4_A_MTYPE
	31	* NLBL_CIPSOV4_A_TAGLST
d15c345f	32	*
15c45f7b	33	* If using CIPSO_V4_MAP_TRANS the following attributes are required:
fd385855 PM	34	*
	35	* NLBL_CIPSOV4_A_MLSLVLLST
	36	* NLBL_CIPSOV4_A_MLSCATLST
	37	*
d91d4079 PM	38	* If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
d91d4079 PM	39	* are required.
d15c345f PM	40	*
	41	* o REMOVE:
	42	* Sent by an application to remove a specific DOI mapping table from the
fd385855	43	* CIPSO V4 system.
d15c345f	44	*
fd385855	45	* Required attributes:
d15c345f	46	*
fd385855	47	* NLBL_CIPSOV4_A_DOI
d15c345f PM	48	*
d15c345f PM	49	* o LIST:
fd385855 PM	50	* Sent by an application to list the details of a DOI definition. On
fd385855 PM	51	* success the kernel should send a response using the following format.
d15c345f	52	*
fd385855	53	* Required attributes:
d15c345f	54	*
fd385855	55	* NLBL_CIPSOV4_A_DOI
d15c345f PM	56	*
d15c345f PM	57	* The valid response message format depends on the type of the DOI mapping,
fd385855	58	* the defined formats are shown below.
d15c345f	59	*
fd385855	60	* Required attributes:
d15c345f	61	*
fd385855 PM	62	* NLBL_CIPSOV4_A_MTYPE
fd385855 PM	63	* NLBL_CIPSOV4_A_TAGLST
d15c345f	64	*
15c45f7b	65	* If using CIPSO_V4_MAP_TRANS the following attributes are required:
d15c345f	66	*
fd385855 PM	67	* NLBL_CIPSOV4_A_MLSLVLLST
fd385855 PM	68	* NLBL_CIPSOV4_A_MLSCATLST
d15c345f	69	*
d91d4079 PM	70	* If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
d91d4079 PM	71	* are required.
d15c345f PM	72	*
	73	* o LISTALL:
	74	* This message is sent by an application to list the valid DOIs on the
fd385855 PM	75	* system. When sent by an application there is no payload and the
	76	* NLM_F_DUMP flag should be set. The kernel should respond with a series of
	77	* the following messages.
d15c345f	78	*
fd385855	79	* Required attributes:
d15c345f	80	*
fd385855 PM	81	* NLBL_CIPSOV4_A_DOI
fd385855 PM	82	* NLBL_CIPSOV4_A_MTYPE
d15c345f PM	83	*
	84	*/
	85
	86	/* NetLabel CIPSOv4 commands */
	87	enum {
	88	NLBL_CIPSOV4_C_UNSPEC,
d15c345f PM	89	NLBL_CIPSOV4_C_ADD,
	90	NLBL_CIPSOV4_C_REMOVE,
	91	NLBL_CIPSOV4_C_LIST,
	92	NLBL_CIPSOV4_C_LISTALL,
	93	__NLBL_CIPSOV4_C_MAX,
	94	};
d15c345f	95
fd385855 PM	96	/* NetLabel CIPSOv4 attributes */
	97	enum {
	98	NLBL_CIPSOV4_A_UNSPEC,
	99	NLBL_CIPSOV4_A_DOI,
	100	/* (NLA_U32)
	101	* the DOI value */
	102	NLBL_CIPSOV4_A_MTYPE,
	103	/* (NLA_U32)
	104	* the mapping table type (defined in the cipso_ipv4.h header as
	105	* CIPSO_V4_MAP_) /
	106	NLBL_CIPSOV4_A_TAG,
	107	/* (NLA_U8)
	108	* a CIPSO tag type, meant to be used within a NLBL_CIPSOV4_A_TAGLST
	109	* attribute */
	110	NLBL_CIPSOV4_A_TAGLST,
	111	/* (NLA_NESTED)
	112	* the CIPSO tag list for the DOI, there must be at least one
	113	* NLBL_CIPSOV4_A_TAG attribute, tags listed first are given higher
	114	* priorirty when sending packets */
	115	NLBL_CIPSOV4_A_MLSLVLLOC,
	116	/* (NLA_U32)
	117	* the local MLS sensitivity level */
	118	NLBL_CIPSOV4_A_MLSLVLREM,
	119	/* (NLA_U32)
	120	* the remote MLS sensitivity level */
	121	NLBL_CIPSOV4_A_MLSLVL,
	122	/* (NLA_NESTED)
	123	* a MLS sensitivity level mapping, must contain only one attribute of
	124	* each of the following types: NLBL_CIPSOV4_A_MLSLVLLOC and
	125	* NLBL_CIPSOV4_A_MLSLVLREM */
	126	NLBL_CIPSOV4_A_MLSLVLLST,
	127	/* (NLA_NESTED)
	128	* the CIPSO level mappings, there must be at least one
	129	* NLBL_CIPSOV4_A_MLSLVL attribute */
	130	NLBL_CIPSOV4_A_MLSCATLOC,
	131	/* (NLA_U32)
	132	* the local MLS category */
	133	NLBL_CIPSOV4_A_MLSCATREM,
	134	/* (NLA_U32)
	135	* the remote MLS category */
	136	NLBL_CIPSOV4_A_MLSCAT,
	137	/* (NLA_NESTED)
	138	* a MLS category mapping, must contain only one attribute of each of
	139	* the following types: NLBL_CIPSOV4_A_MLSCATLOC and
	140	* NLBL_CIPSOV4_A_MLSCATREM */
	141	NLBL_CIPSOV4_A_MLSCATLST,
	142	/* (NLA_NESTED)
	143	* the CIPSO category mappings, there must be at least one
	144	* NLBL_CIPSOV4_A_MLSCAT attribute */
	145	__NLBL_CIPSOV4_A_MAX,
	146	};
	147	#define NLBL_CIPSOV4_A_MAX (__NLBL_CIPSOV4_A_MAX - 1)
	148
d15c345f PM	149	/* NetLabel protocol functions */
	150	int netlbl_cipsov4_genl_init(void);
	151
eda61d32 PM	152	/* Free the memory associated with a CIPSOv4 DOI definition */
	153	void netlbl_cipsov4_doi_free(struct rcu_head *entry);
	154
d15c345f	155	#endif