mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-01 10:45:49 +00:00
1ccea77e2a
Based on 2 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version this program is distributed in the hope that it will be useful but without any warranty without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details you should have received a copy of the gnu general public license along with this program if not see http www gnu org licenses this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version this program is distributed in the hope that it will be useful but without any warranty without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details [based] [from] [clk] [highbank] [c] you should have received a copy of the gnu general public license along with this program if not see http www gnu org licenses extracted by the scancode license scanner the SPDX license identifier GPL-2.0-or-later has been chosen to replace the boilerplate/reference in 355 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Reviewed-by: Jilayne Lovejoy <opensource@jilayne.com> Reviewed-by: Steve Winslow <swinslow@gmail.com> Reviewed-by: Allison Randal <allison@lohutok.net> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190519154041.837383322@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
226 lines
6.0 KiB
C
226 lines
6.0 KiB
C
/* SPDX-License-Identifier: GPL-2.0-or-later */
|
|
/*
|
|
* NetLabel Management Support
|
|
*
|
|
* This file defines the management functions for the NetLabel system. The
|
|
* NetLabel system manages static and dynamic label mappings for network
|
|
* protocols such as CIPSO and RIPSO.
|
|
*
|
|
* Author: Paul Moore <paul@paul-moore.com>
|
|
*/
|
|
|
|
/*
|
|
* (c) Copyright Hewlett-Packard Development Company, L.P., 2006
|
|
*/
|
|
|
|
#ifndef _NETLABEL_MGMT_H
|
|
#define _NETLABEL_MGMT_H
|
|
|
|
#include <net/netlabel.h>
|
|
#include <linux/atomic.h>
|
|
|
|
/*
|
|
* The following NetLabel payloads are supported by the management interface.
|
|
*
|
|
* o ADD:
|
|
* Sent by an application to add a domain mapping to the NetLabel system.
|
|
*
|
|
* Required attributes:
|
|
*
|
|
* NLBL_MGMT_A_DOMAIN
|
|
* NLBL_MGMT_A_PROTOCOL
|
|
*
|
|
* If IPv4 is specified the following attributes are required:
|
|
*
|
|
* NLBL_MGMT_A_IPV4ADDR
|
|
* NLBL_MGMT_A_IPV4MASK
|
|
*
|
|
* If IPv6 is specified the following attributes are required:
|
|
*
|
|
* NLBL_MGMT_A_IPV6ADDR
|
|
* NLBL_MGMT_A_IPV6MASK
|
|
*
|
|
* If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required:
|
|
*
|
|
* NLBL_MGMT_A_CV4DOI
|
|
*
|
|
* If using NETLBL_NLTYPE_UNLABELED no other attributes are required,
|
|
* however the following attribute may optionally be sent:
|
|
*
|
|
* NLBL_MGMT_A_FAMILY
|
|
*
|
|
* o REMOVE:
|
|
* Sent by an application to remove a domain mapping from the NetLabel
|
|
* system.
|
|
*
|
|
* Required attributes:
|
|
*
|
|
* NLBL_MGMT_A_DOMAIN
|
|
*
|
|
* o LISTALL:
|
|
* This message can be sent either from an application or by the kernel in
|
|
* response to an application generated LISTALL message. When sent by an
|
|
* application there is no payload and the NLM_F_DUMP flag should be set.
|
|
* The kernel should respond with a series of the following messages.
|
|
*
|
|
* Required attributes:
|
|
*
|
|
* NLBL_MGMT_A_DOMAIN
|
|
* NLBL_MGMT_A_FAMILY
|
|
*
|
|
* If the IP address selectors are not used the following attribute is
|
|
* required:
|
|
*
|
|
* NLBL_MGMT_A_PROTOCOL
|
|
*
|
|
* If the IP address selectors are used then the following attritbute is
|
|
* required:
|
|
*
|
|
* NLBL_MGMT_A_SELECTORLIST
|
|
*
|
|
* If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following
|
|
* attributes are required:
|
|
*
|
|
* NLBL_MGMT_A_CV4DOI
|
|
*
|
|
* If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other
|
|
* attributes are required.
|
|
*
|
|
* o ADDDEF:
|
|
* Sent by an application to set the default domain mapping for the NetLabel
|
|
* system.
|
|
*
|
|
* Required attributes:
|
|
*
|
|
* NLBL_MGMT_A_PROTOCOL
|
|
*
|
|
* If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required:
|
|
*
|
|
* NLBL_MGMT_A_CV4DOI
|
|
*
|
|
* If using NETLBL_NLTYPE_UNLABELED no other attributes are required,
|
|
* however the following attribute may optionally be sent:
|
|
*
|
|
* NLBL_MGMT_A_FAMILY
|
|
*
|
|
* o REMOVEDEF:
|
|
* Sent by an application to remove the default domain mapping from the
|
|
* NetLabel system, there is no payload.
|
|
*
|
|
* o LISTDEF:
|
|
* This message can be sent either from an application or by the kernel in
|
|
* response to an application generated LISTDEF message. When sent by an
|
|
* application there may be an optional payload.
|
|
*
|
|
* NLBL_MGMT_A_FAMILY
|
|
*
|
|
* On success the kernel should send a response using the following format:
|
|
*
|
|
* If the IP address selectors are not used the following attributes are
|
|
* required:
|
|
*
|
|
* NLBL_MGMT_A_PROTOCOL
|
|
* NLBL_MGMT_A_FAMILY
|
|
*
|
|
* If the IP address selectors are used then the following attritbute is
|
|
* required:
|
|
*
|
|
* NLBL_MGMT_A_SELECTORLIST
|
|
*
|
|
* If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following
|
|
* attributes are required:
|
|
*
|
|
* NLBL_MGMT_A_CV4DOI
|
|
*
|
|
* If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other
|
|
* attributes are required.
|
|
*
|
|
* o PROTOCOLS:
|
|
* Sent by an application to request a list of configured NetLabel protocols
|
|
* in the kernel. When sent by an application there is no payload and the
|
|
* NLM_F_DUMP flag should be set. The kernel should respond with a series of
|
|
* the following messages.
|
|
*
|
|
* Required attributes:
|
|
*
|
|
* NLBL_MGMT_A_PROTOCOL
|
|
*
|
|
* o VERSION:
|
|
* Sent by an application to request the NetLabel version. When sent by an
|
|
* application there is no payload. This message type is also used by the
|
|
* kernel to respond to an VERSION request.
|
|
*
|
|
* Required attributes:
|
|
*
|
|
* NLBL_MGMT_A_VERSION
|
|
*
|
|
*/
|
|
|
|
/* NetLabel Management commands */
|
|
enum {
|
|
NLBL_MGMT_C_UNSPEC,
|
|
NLBL_MGMT_C_ADD,
|
|
NLBL_MGMT_C_REMOVE,
|
|
NLBL_MGMT_C_LISTALL,
|
|
NLBL_MGMT_C_ADDDEF,
|
|
NLBL_MGMT_C_REMOVEDEF,
|
|
NLBL_MGMT_C_LISTDEF,
|
|
NLBL_MGMT_C_PROTOCOLS,
|
|
NLBL_MGMT_C_VERSION,
|
|
__NLBL_MGMT_C_MAX,
|
|
};
|
|
|
|
/* NetLabel Management attributes */
|
|
enum {
|
|
NLBL_MGMT_A_UNSPEC,
|
|
NLBL_MGMT_A_DOMAIN,
|
|
/* (NLA_NUL_STRING)
|
|
* the NULL terminated LSM domain string */
|
|
NLBL_MGMT_A_PROTOCOL,
|
|
/* (NLA_U32)
|
|
* the NetLabel protocol type (defined by NETLBL_NLTYPE_*) */
|
|
NLBL_MGMT_A_VERSION,
|
|
/* (NLA_U32)
|
|
* the NetLabel protocol version number (defined by
|
|
* NETLBL_PROTO_VERSION) */
|
|
NLBL_MGMT_A_CV4DOI,
|
|
/* (NLA_U32)
|
|
* the CIPSOv4 DOI value */
|
|
NLBL_MGMT_A_IPV6ADDR,
|
|
/* (NLA_BINARY, struct in6_addr)
|
|
* an IPv6 address */
|
|
NLBL_MGMT_A_IPV6MASK,
|
|
/* (NLA_BINARY, struct in6_addr)
|
|
* an IPv6 address mask */
|
|
NLBL_MGMT_A_IPV4ADDR,
|
|
/* (NLA_BINARY, struct in_addr)
|
|
* an IPv4 address */
|
|
NLBL_MGMT_A_IPV4MASK,
|
|
/* (NLA_BINARY, struct in_addr)
|
|
* and IPv4 address mask */
|
|
NLBL_MGMT_A_ADDRSELECTOR,
|
|
/* (NLA_NESTED)
|
|
* an IP address selector, must contain an address, mask, and protocol
|
|
* attribute plus any protocol specific attributes */
|
|
NLBL_MGMT_A_SELECTORLIST,
|
|
/* (NLA_NESTED)
|
|
* the selector list, there must be at least one
|
|
* NLBL_MGMT_A_ADDRSELECTOR attribute */
|
|
NLBL_MGMT_A_FAMILY,
|
|
/* (NLA_U16)
|
|
* The address family */
|
|
NLBL_MGMT_A_CLPDOI,
|
|
/* (NLA_U32)
|
|
* the CALIPSO DOI value */
|
|
__NLBL_MGMT_A_MAX,
|
|
};
|
|
#define NLBL_MGMT_A_MAX (__NLBL_MGMT_A_MAX - 1)
|
|
|
|
/* NetLabel protocol functions */
|
|
int netlbl_mgmt_genl_init(void);
|
|
|
|
/* NetLabel configured protocol reference counter */
|
|
extern atomic_t netlabel_mgmt_protocount;
|
|
|
|
#endif
|