/* * NetLabel CIPSO/IPv4 Support * * This file defines the CIPSO/IPv4 functions for the NetLabel system. The * NetLabel system manages static and dynamic label mappings for network * protocols such as CIPSO and RIPSO. * * Author: Paul Moore <paul@paul-moore.com> * */ /* * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See * the GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * */ #ifndef _NETLABEL_CIPSO_V4 #define _NETLABEL_CIPSO_V4 #include <net/netlabel.h> /* * The following NetLabel payloads are supported by the CIPSO subsystem. * * o ADD: * Sent by an application to add a new DOI mapping table. * * Required attributes: * * NLBL_CIPSOV4_A_DOI * NLBL_CIPSOV4_A_MTYPE * NLBL_CIPSOV4_A_TAGLST * * If using CIPSO_V4_MAP_TRANS the following attributes are required: * * NLBL_CIPSOV4_A_MLSLVLLST * NLBL_CIPSOV4_A_MLSCATLST * * If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes * are required. * * o REMOVE: * Sent by an application to remove a specific DOI mapping table from the * CIPSO V4 system. * * Required attributes: * * NLBL_CIPSOV4_A_DOI * * o LIST: * Sent by an application to list the details of a DOI definition. On * success the kernel should send a response using the following format. * * Required attributes: * * NLBL_CIPSOV4_A_DOI * * The valid response message format depends on the type of the DOI mapping, * the defined formats are shown below. * * Required attributes: * * NLBL_CIPSOV4_A_MTYPE * NLBL_CIPSOV4_A_TAGLST * * If using CIPSO_V4_MAP_TRANS the following attributes are required: * * NLBL_CIPSOV4_A_MLSLVLLST * NLBL_CIPSOV4_A_MLSCATLST * * If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes * are required. * * o LISTALL: * This message is sent by an application to list the valid DOIs on the * system. When sent by an application there is no payload and the * NLM_F_DUMP flag should be set. The kernel should respond with a series of * the following messages. * * Required attributes: * * NLBL_CIPSOV4_A_DOI * NLBL_CIPSOV4_A_MTYPE * */ /* NetLabel CIPSOv4 commands */ enum { NLBL_CIPSOV4_C_UNSPEC, NLBL_CIPSOV4_C_ADD, NLBL_CIPSOV4_C_REMOVE, NLBL_CIPSOV4_C_LIST, NLBL_CIPSOV4_C_LISTALL, __NLBL_CIPSOV4_C_MAX, }; /* NetLabel CIPSOv4 attributes */ enum { NLBL_CIPSOV4_A_UNSPEC, NLBL_CIPSOV4_A_DOI, /* (NLA_U32) * the DOI value */ NLBL_CIPSOV4_A_MTYPE, /* (NLA_U32) * the mapping table type (defined in the cipso_ipv4.h header as * CIPSO_V4_MAP_*) */ NLBL_CIPSOV4_A_TAG, /* (NLA_U8) * a CIPSO tag type, meant to be used within a NLBL_CIPSOV4_A_TAGLST * attribute */ NLBL_CIPSOV4_A_TAGLST, /* (NLA_NESTED) * the CIPSO tag list for the DOI, there must be at least one * NLBL_CIPSOV4_A_TAG attribute, tags listed first are given higher * priorirty when sending packets */ NLBL_CIPSOV4_A_MLSLVLLOC, /* (NLA_U32) * the local MLS sensitivity level */ NLBL_CIPSOV4_A_MLSLVLREM, /* (NLA_U32) * the remote MLS sensitivity level */ NLBL_CIPSOV4_A_MLSLVL, /* (NLA_NESTED) * a MLS sensitivity level mapping, must contain only one attribute of * each of the following types: NLBL_CIPSOV4_A_MLSLVLLOC and * NLBL_CIPSOV4_A_MLSLVLREM */ NLBL_CIPSOV4_A_MLSLVLLST, /* (NLA_NESTED) * the CIPSO level mappings, there must be at least one * NLBL_CIPSOV4_A_MLSLVL attribute */ NLBL_CIPSOV4_A_MLSCATLOC, /* (NLA_U32) * the local MLS category */ NLBL_CIPSOV4_A_MLSCATREM, /* (NLA_U32) * the remote MLS category */ NLBL_CIPSOV4_A_MLSCAT, /* (NLA_NESTED) * a MLS category mapping, must contain only one attribute of each of * the following types: NLBL_CIPSOV4_A_MLSCATLOC and * NLBL_CIPSOV4_A_MLSCATREM */ NLBL_CIPSOV4_A_MLSCATLST, /* (NLA_NESTED) * the CIPSO category mappings, there must be at least one * NLBL_CIPSOV4_A_MLSCAT attribute */ __NLBL_CIPSOV4_A_MAX, }; #define NLBL_CIPSOV4_A_MAX (__NLBL_CIPSOV4_A_MAX - 1) /* NetLabel protocol functions */ int netlbl_cipsov4_genl_init(void); /* Free the memory associated with a CIPSOv4 DOI definition */ void netlbl_cipsov4_doi_free(struct rcu_head *entry); #endif