2006-08-03 16:48:37 -07:00
/*
* NetLabel CIPSO / IPv4 Support
*
* This file defines the CIPSO / IPv4 functions for the NetLabel system . The
* NetLabel system manages static and dynamic label mappings for network
* protocols such as CIPSO and RIPSO .
*
2011-08-01 11:10:33 +00:00
* Author : Paul Moore < paul @ paul - moore . com >
2006-08-03 16:48:37 -07:00
*
*/
/*
* ( c ) Copyright Hewlett - Packard Development Company , L . P . , 2006
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 2 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See
* the GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , write to the Free Software
* Foundation , Inc . , 59 Temple Place , Suite 330 , Boston , MA 02111 - 1307 USA
*
*/
# ifndef _NETLABEL_CIPSO_V4
# define _NETLABEL_CIPSO_V4
# include <net/netlabel.h>
/*
2006-09-25 15:56:37 -07:00
* The following NetLabel payloads are supported by the CIPSO subsystem .
2006-08-03 16:48:37 -07:00
*
2006-09-25 15:56:37 -07:00
* o ADD :
* Sent by an application to add a new DOI mapping table .
2006-08-03 16:48:37 -07:00
*
2006-09-25 15:56:37 -07:00
* Required attributes :
2006-08-03 16:48:37 -07:00
*
2006-09-25 15:56:37 -07:00
* NLBL_CIPSOV4_A_DOI
* NLBL_CIPSOV4_A_MTYPE
* NLBL_CIPSOV4_A_TAGLST
2006-08-03 16:48:37 -07:00
*
2008-10-10 10:16:34 -04:00
* If using CIPSO_V4_MAP_TRANS the following attributes are required :
2006-09-25 15:56:37 -07:00
*
* NLBL_CIPSOV4_A_MLSLVLLST
* NLBL_CIPSOV4_A_MLSCATLST
*
2008-10-10 10:16:34 -04:00
* If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
* are required .
2006-08-03 16:48:37 -07:00
*
* o REMOVE :
* Sent by an application to remove a specific DOI mapping table from the
2006-09-25 15:56:37 -07:00
* CIPSO V4 system .
2006-08-03 16:48:37 -07:00
*
2006-09-25 15:56:37 -07:00
* Required attributes :
2006-08-03 16:48:37 -07:00
*
2006-09-25 15:56:37 -07:00
* NLBL_CIPSOV4_A_DOI
2006-08-03 16:48:37 -07:00
*
* o LIST :
2006-09-25 15:56:37 -07:00
* Sent by an application to list the details of a DOI definition . On
* success the kernel should send a response using the following format .
2006-08-03 16:48:37 -07:00
*
2006-09-25 15:56:37 -07:00
* Required attributes :
2006-08-03 16:48:37 -07:00
*
2006-09-25 15:56:37 -07:00
* NLBL_CIPSOV4_A_DOI
2006-08-03 16:48:37 -07:00
*
* The valid response message format depends on the type of the DOI mapping ,
2006-09-25 15:56:37 -07:00
* the defined formats are shown below .
2006-08-03 16:48:37 -07:00
*
2006-09-25 15:56:37 -07:00
* Required attributes :
2006-08-03 16:48:37 -07:00
*
2006-09-25 15:56:37 -07:00
* NLBL_CIPSOV4_A_MTYPE
* NLBL_CIPSOV4_A_TAGLST
2006-08-03 16:48:37 -07:00
*
2008-10-10 10:16:34 -04:00
* If using CIPSO_V4_MAP_TRANS the following attributes are required :
2006-08-03 16:48:37 -07:00
*
2006-09-25 15:56:37 -07:00
* NLBL_CIPSOV4_A_MLSLVLLST
* NLBL_CIPSOV4_A_MLSCATLST
2006-08-03 16:48:37 -07:00
*
2008-10-10 10:16:34 -04:00
* If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
* are required .
2006-08-03 16:48:37 -07:00
*
* o LISTALL :
* This message is sent by an application to list the valid DOIs on the
2006-09-25 15:56:37 -07:00
* system . When sent by an application there is no payload and the
* NLM_F_DUMP flag should be set . The kernel should respond with a series of
* the following messages .
2006-08-03 16:48:37 -07:00
*
2006-09-25 15:56:37 -07:00
* Required attributes :
2006-08-03 16:48:37 -07:00
*
2006-09-25 15:56:37 -07:00
* NLBL_CIPSOV4_A_DOI
* NLBL_CIPSOV4_A_MTYPE
2006-08-03 16:48:37 -07:00
*
*/
/* NetLabel CIPSOv4 commands */
enum {
NLBL_CIPSOV4_C_UNSPEC ,
NLBL_CIPSOV4_C_ADD ,
NLBL_CIPSOV4_C_REMOVE ,
NLBL_CIPSOV4_C_LIST ,
NLBL_CIPSOV4_C_LISTALL ,
__NLBL_CIPSOV4_C_MAX ,
} ;
2006-09-25 15:56:37 -07:00
/* NetLabel CIPSOv4 attributes */
enum {
NLBL_CIPSOV4_A_UNSPEC ,
NLBL_CIPSOV4_A_DOI ,
/* (NLA_U32)
* the DOI value */
NLBL_CIPSOV4_A_MTYPE ,
/* (NLA_U32)
* the mapping table type ( defined in the cipso_ipv4 . h header as
* CIPSO_V4_MAP_ * ) */
NLBL_CIPSOV4_A_TAG ,
/* (NLA_U8)
* a CIPSO tag type , meant to be used within a NLBL_CIPSOV4_A_TAGLST
* attribute */
NLBL_CIPSOV4_A_TAGLST ,
/* (NLA_NESTED)
* the CIPSO tag list for the DOI , there must be at least one
* NLBL_CIPSOV4_A_TAG attribute , tags listed first are given higher
* priorirty when sending packets */
NLBL_CIPSOV4_A_MLSLVLLOC ,
/* (NLA_U32)
* the local MLS sensitivity level */
NLBL_CIPSOV4_A_MLSLVLREM ,
/* (NLA_U32)
* the remote MLS sensitivity level */
NLBL_CIPSOV4_A_MLSLVL ,
/* (NLA_NESTED)
* a MLS sensitivity level mapping , must contain only one attribute of
* each of the following types : NLBL_CIPSOV4_A_MLSLVLLOC and
* NLBL_CIPSOV4_A_MLSLVLREM */
NLBL_CIPSOV4_A_MLSLVLLST ,
/* (NLA_NESTED)
* the CIPSO level mappings , there must be at least one
* NLBL_CIPSOV4_A_MLSLVL attribute */
NLBL_CIPSOV4_A_MLSCATLOC ,
/* (NLA_U32)
* the local MLS category */
NLBL_CIPSOV4_A_MLSCATREM ,
/* (NLA_U32)
* the remote MLS category */
NLBL_CIPSOV4_A_MLSCAT ,
/* (NLA_NESTED)
* a MLS category mapping , must contain only one attribute of each of
* the following types : NLBL_CIPSOV4_A_MLSCATLOC and
* NLBL_CIPSOV4_A_MLSCATREM */
NLBL_CIPSOV4_A_MLSCATLST ,
/* (NLA_NESTED)
* the CIPSO category mappings , there must be at least one
* NLBL_CIPSOV4_A_MLSCAT attribute */
__NLBL_CIPSOV4_A_MAX ,
} ;
# define NLBL_CIPSOV4_A_MAX (__NLBL_CIPSOV4_A_MAX - 1)
2006-08-03 16:48:37 -07:00
/* NetLabel protocol functions */
int netlbl_cipsov4_genl_init ( void ) ;
2008-02-04 22:29:47 -08:00
/* Free the memory associated with a CIPSOv4 DOI definition */
void netlbl_cipsov4_doi_free ( struct rcu_head * entry ) ;
2006-08-03 16:48:37 -07:00
# endif