Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
netlabel_cipso_v4.c
Go to the documentation of this file.
1 /*
2  * NetLabel CIPSO/IPv4 Support
3  *
4  * This file defines the CIPSO/IPv4 functions for the NetLabel system. The
5  * NetLabel system manages static and dynamic label mappings for network
6  * protocols such as CIPSO and RIPSO.
7  *
8  * Author: Paul Moore <[email protected]>
9  *
10  */
11 
12 /*
13  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
14  *
15  * This program is free software; you can redistribute it and/or modify
16  * it under the terms of the GNU General Public License as published by
17  * the Free Software Foundation; either version 2 of the License, or
18  * (at your option) any later version.
19  *
20  * This program is distributed in the hope that it will be useful,
21  * but WITHOUT ANY WARRANTY; without even the implied warranty of
22  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
23  * the GNU General Public License for more details.
24  *
25  * You should have received a copy of the GNU General Public License
26  * along with this program; if not, write to the Free Software
27  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
28  *
29  */
30 
31 #include <linux/types.h>
32 #include <linux/socket.h>
33 #include <linux/string.h>
34 #include <linux/skbuff.h>
35 #include <linux/audit.h>
36 #include <linux/slab.h>
37 #include <net/sock.h>
38 #include <net/netlink.h>
39 #include <net/genetlink.h>
40 #include <net/netlabel.h>
41 #include <net/cipso_ipv4.h>
42 #include <linux/atomic.h>
43 
44 #include "netlabel_user.h"
45 #include "netlabel_cipso_v4.h"
46 #include "netlabel_mgmt.h"
47 #include "netlabel_domainhash.h"
48 
49 /* Argument struct for cipso_v4_doi_walk() */
50 struct netlbl_cipsov4_doiwalk_arg {
51  struct netlink_callback *nl_cb;
52  struct sk_buff *skb;
53  u32 seq;
54 };
55 
56 /* Argument struct for netlbl_domhsh_walk() */
57 struct netlbl_domhsh_walk_arg {
58  struct netlbl_audit *audit_info;
59  u32 doi;
60 };
61 
62 /* NetLabel Generic NETLINK CIPSOv4 family */
63 static struct genl_family netlbl_cipsov4_gnl_family = {
64  .id = GENL_ID_GENERATE,
65  .hdrsize = 0,
66  .name = NETLBL_NLTYPE_CIPSOV4_NAME,
67  .version = NETLBL_PROTO_VERSION,
68  .maxattr = NLBL_CIPSOV4_A_MAX,
69 };
70 
71 /* NetLabel Netlink attribute policy */
72 static const struct nla_policy netlbl_cipsov4_genl_policy[NLBL_CIPSOV4_A_MAX + 1] = {
73  [NLBL_CIPSOV4_A_DOI] = { .type = NLA_U32 },
74  [NLBL_CIPSOV4_A_MTYPE] = { .type = NLA_U32 },
75  [NLBL_CIPSOV4_A_TAG] = { .type = NLA_U8 },
76  [NLBL_CIPSOV4_A_TAGLST] = { .type = NLA_NESTED },
77  [NLBL_CIPSOV4_A_MLSLVLLOC] = { .type = NLA_U32 },
78  [NLBL_CIPSOV4_A_MLSLVLREM] = { .type = NLA_U32 },
79  [NLBL_CIPSOV4_A_MLSLVL] = { .type = NLA_NESTED },
80  [NLBL_CIPSOV4_A_MLSLVLLST] = { .type = NLA_NESTED },
81  [NLBL_CIPSOV4_A_MLSCATLOC] = { .type = NLA_U32 },
82  [NLBL_CIPSOV4_A_MLSCATREM] = { .type = NLA_U32 },
83  [NLBL_CIPSOV4_A_MLSCAT] = { .type = NLA_NESTED },
84  [NLBL_CIPSOV4_A_MLSCATLST] = { .type = NLA_NESTED },
85 };
86 
87 /*
88  * Helper Functions
89  */
90 
101 static int netlbl_cipsov4_add_common(struct genl_info *info,
102  struct cipso_v4_doi *doi_def)
103 {
104  struct nlattr *nla;
105  int nla_rem;
106  u32 iter = 0;
107 
108  doi_def->doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
109 
110  if (nla_validate_nested(info->attrs[NLBL_CIPSOV4_A_TAGLST],
111  NLBL_CIPSOV4_A_MAX,
112  netlbl_cipsov4_genl_policy) != 0)
113  return -EINVAL;
114 
115  nla_for_each_nested(nla, info->attrs[NLBL_CIPSOV4_A_TAGLST], nla_rem)
116  if (nla_type(nla) == NLBL_CIPSOV4_A_TAG) {
117  if (iter >= CIPSO_V4_TAG_MAXCNT)
118  return -EINVAL;
119  doi_def->tags[iter++] = nla_get_u8(nla);
120  }
121  while (iter < CIPSO_V4_TAG_MAXCNT)
122  doi_def->tags[iter++] = CIPSO_V4_TAG_INVALID;
123 
124  return 0;
125 }
126 
127 /*
128  * NetLabel Command Handlers
129  */
130 
142 static int netlbl_cipsov4_add_std(struct genl_info *info,
143  struct netlbl_audit *audit_info)
144 {
145  int ret_val = -EINVAL;
146  struct cipso_v4_doi *doi_def = NULL;
147  struct nlattr *nla_a;
148  struct nlattr *nla_b;
149  int nla_a_rem;
150  int nla_b_rem;
151  u32 iter;
152 
153  if (!info->attrs[NLBL_CIPSOV4_A_TAGLST] ||
154  !info->attrs[NLBL_CIPSOV4_A_MLSLVLLST])
155  return -EINVAL;
156 
157  if (nla_validate_nested(info->attrs[NLBL_CIPSOV4_A_MLSLVLLST],
158  NLBL_CIPSOV4_A_MAX,
159  netlbl_cipsov4_genl_policy) != 0)
160  return -EINVAL;
161 
162  doi_def = kmalloc(sizeof(*doi_def), GFP_KERNEL);
163  if (doi_def == NULL)
164  return -ENOMEM;
165  doi_def->map.std = kzalloc(sizeof(*doi_def->map.std), GFP_KERNEL);
166  if (doi_def->map.std == NULL) {
167  ret_val = -ENOMEM;
168  goto add_std_failure;
169  }
170  doi_def->type = CIPSO_V4_MAP_TRANS;
171 
172  ret_val = netlbl_cipsov4_add_common(info, doi_def);
173  if (ret_val != 0)
174  goto add_std_failure;
175  ret_val = -EINVAL;
176 
177  nla_for_each_nested(nla_a,
178  info->attrs[NLBL_CIPSOV4_A_MLSLVLLST],
179  nla_a_rem)
180  if (nla_type(nla_a) == NLBL_CIPSOV4_A_MLSLVL) {
181  if (nla_validate_nested(nla_a,
182  NLBL_CIPSOV4_A_MAX,
183  netlbl_cipsov4_genl_policy) != 0)
184  goto add_std_failure;
185  nla_for_each_nested(nla_b, nla_a, nla_b_rem)
186  switch (nla_type(nla_b)) {
187  case NLBL_CIPSOV4_A_MLSLVLLOC:
188  if (nla_get_u32(nla_b) >
189  CIPSO_V4_MAX_LOC_LVLS)
190  goto add_std_failure;
191  if (nla_get_u32(nla_b) >=
192  doi_def->map.std->lvl.local_size)
193  doi_def->map.std->lvl.local_size =
194  nla_get_u32(nla_b) + 1;
195  break;
196  case NLBL_CIPSOV4_A_MLSLVLREM:
197  if (nla_get_u32(nla_b) >
198  CIPSO_V4_MAX_REM_LVLS)
199  goto add_std_failure;
200  if (nla_get_u32(nla_b) >=
201  doi_def->map.std->lvl.cipso_size)
202  doi_def->map.std->lvl.cipso_size =
203  nla_get_u32(nla_b) + 1;
204  break;
205  }
206  }
207  doi_def->map.std->lvl.local = kcalloc(doi_def->map.std->lvl.local_size,
208  sizeof(u32),
209  GFP_KERNEL);
210  if (doi_def->map.std->lvl.local == NULL) {
211  ret_val = -ENOMEM;
212  goto add_std_failure;
213  }
214  doi_def->map.std->lvl.cipso = kcalloc(doi_def->map.std->lvl.cipso_size,
215  sizeof(u32),
216  GFP_KERNEL);
217  if (doi_def->map.std->lvl.cipso == NULL) {
218  ret_val = -ENOMEM;
219  goto add_std_failure;
220  }
221  for (iter = 0; iter < doi_def->map.std->lvl.local_size; iter++)
222  doi_def->map.std->lvl.local[iter] = CIPSO_V4_INV_LVL;
223  for (iter = 0; iter < doi_def->map.std->lvl.cipso_size; iter++)
224  doi_def->map.std->lvl.cipso[iter] = CIPSO_V4_INV_LVL;
225  nla_for_each_nested(nla_a,
226  info->attrs[NLBL_CIPSOV4_A_MLSLVLLST],
227  nla_a_rem)
228  if (nla_type(nla_a) == NLBL_CIPSOV4_A_MLSLVL) {
229  struct nlattr *lvl_loc;
230  struct nlattr *lvl_rem;
231 
232  lvl_loc = nla_find_nested(nla_a,
233  NLBL_CIPSOV4_A_MLSLVLLOC);
234  lvl_rem = nla_find_nested(nla_a,
235  NLBL_CIPSOV4_A_MLSLVLREM);
236  if (lvl_loc == NULL || lvl_rem == NULL)
237  goto add_std_failure;
238  doi_def->map.std->lvl.local[nla_get_u32(lvl_loc)] =
239  nla_get_u32(lvl_rem);
240  doi_def->map.std->lvl.cipso[nla_get_u32(lvl_rem)] =
241  nla_get_u32(lvl_loc);
242  }
243 
244  if (info->attrs[NLBL_CIPSOV4_A_MLSCATLST]) {
245  if (nla_validate_nested(info->attrs[NLBL_CIPSOV4_A_MLSCATLST],
246  NLBL_CIPSOV4_A_MAX,
247  netlbl_cipsov4_genl_policy) != 0)
248  goto add_std_failure;
249 
250  nla_for_each_nested(nla_a,
251  info->attrs[NLBL_CIPSOV4_A_MLSCATLST],
252  nla_a_rem)
253  if (nla_type(nla_a) == NLBL_CIPSOV4_A_MLSCAT) {
254  if (nla_validate_nested(nla_a,
255  NLBL_CIPSOV4_A_MAX,
256  netlbl_cipsov4_genl_policy) != 0)
257  goto add_std_failure;
258  nla_for_each_nested(nla_b, nla_a, nla_b_rem)
259  switch (nla_type(nla_b)) {
260  case NLBL_CIPSOV4_A_MLSCATLOC:
261  if (nla_get_u32(nla_b) >
262  CIPSO_V4_MAX_LOC_CATS)
263  goto add_std_failure;
264  if (nla_get_u32(nla_b) >=
265  doi_def->map.std->cat.local_size)
266  doi_def->map.std->cat.local_size =
267  nla_get_u32(nla_b) + 1;
268  break;
269  case NLBL_CIPSOV4_A_MLSCATREM:
270  if (nla_get_u32(nla_b) >
271  CIPSO_V4_MAX_REM_CATS)
272  goto add_std_failure;
273  if (nla_get_u32(nla_b) >=
274  doi_def->map.std->cat.cipso_size)
275  doi_def->map.std->cat.cipso_size =
276  nla_get_u32(nla_b) + 1;
277  break;
278  }
279  }
280  doi_def->map.std->cat.local = kcalloc(
281  doi_def->map.std->cat.local_size,
282  sizeof(u32),
283  GFP_KERNEL);
284  if (doi_def->map.std->cat.local == NULL) {
285  ret_val = -ENOMEM;
286  goto add_std_failure;
287  }
288  doi_def->map.std->cat.cipso = kcalloc(
289  doi_def->map.std->cat.cipso_size,
290  sizeof(u32),
291  GFP_KERNEL);
292  if (doi_def->map.std->cat.cipso == NULL) {
293  ret_val = -ENOMEM;
294  goto add_std_failure;
295  }
296  for (iter = 0; iter < doi_def->map.std->cat.local_size; iter++)
297  doi_def->map.std->cat.local[iter] = CIPSO_V4_INV_CAT;
298  for (iter = 0; iter < doi_def->map.std->cat.cipso_size; iter++)
299  doi_def->map.std->cat.cipso[iter] = CIPSO_V4_INV_CAT;
300  nla_for_each_nested(nla_a,
301  info->attrs[NLBL_CIPSOV4_A_MLSCATLST],
302  nla_a_rem)
303  if (nla_type(nla_a) == NLBL_CIPSOV4_A_MLSCAT) {
304  struct nlattr *cat_loc;
305  struct nlattr *cat_rem;
306 
307  cat_loc = nla_find_nested(nla_a,
308  NLBL_CIPSOV4_A_MLSCATLOC);
309  cat_rem = nla_find_nested(nla_a,
310  NLBL_CIPSOV4_A_MLSCATREM);
311  if (cat_loc == NULL || cat_rem == NULL)
312  goto add_std_failure;
313  doi_def->map.std->cat.local[
314  nla_get_u32(cat_loc)] =
315  nla_get_u32(cat_rem);
316  doi_def->map.std->cat.cipso[
317  nla_get_u32(cat_rem)] =
318  nla_get_u32(cat_loc);
319  }
320  }
321 
322  ret_val = cipso_v4_doi_add(doi_def, audit_info);
323  if (ret_val != 0)
324  goto add_std_failure;
325  return 0;
326 
327 add_std_failure:
328  if (doi_def)
329  cipso_v4_doi_free(doi_def);
330  return ret_val;
331 }
332 
344 static int netlbl_cipsov4_add_pass(struct genl_info *info,
345  struct netlbl_audit *audit_info)
346 {
347  int ret_val;
348  struct cipso_v4_doi *doi_def = NULL;
349 
350  if (!info->attrs[NLBL_CIPSOV4_A_TAGLST])
351  return -EINVAL;
352 
353  doi_def = kmalloc(sizeof(*doi_def), GFP_KERNEL);
354  if (doi_def == NULL)
355  return -ENOMEM;
356  doi_def->type = CIPSO_V4_MAP_PASS;
357 
358  ret_val = netlbl_cipsov4_add_common(info, doi_def);
359  if (ret_val != 0)
360  goto add_pass_failure;
361 
362  ret_val = cipso_v4_doi_add(doi_def, audit_info);
363  if (ret_val != 0)
364  goto add_pass_failure;
365  return 0;
366 
367 add_pass_failure:
368  cipso_v4_doi_free(doi_def);
369  return ret_val;
370 }
371 
383 static int netlbl_cipsov4_add_local(struct genl_info *info,
384  struct netlbl_audit *audit_info)
385 {
386  int ret_val;
387  struct cipso_v4_doi *doi_def = NULL;
388 
389  if (!info->attrs[NLBL_CIPSOV4_A_TAGLST])
390  return -EINVAL;
391 
392  doi_def = kmalloc(sizeof(*doi_def), GFP_KERNEL);
393  if (doi_def == NULL)
394  return -ENOMEM;
395  doi_def->type = CIPSO_V4_MAP_LOCAL;
396 
397  ret_val = netlbl_cipsov4_add_common(info, doi_def);
398  if (ret_val != 0)
399  goto add_local_failure;
400 
401  ret_val = cipso_v4_doi_add(doi_def, audit_info);
402  if (ret_val != 0)
403  goto add_local_failure;
404  return 0;
405 
406 add_local_failure:
407  cipso_v4_doi_free(doi_def);
408  return ret_val;
409 }
410 
421 static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info)
422 
423 {
424  int ret_val = -EINVAL;
425  struct netlbl_audit audit_info;
426 
427  if (!info->attrs[NLBL_CIPSOV4_A_DOI] ||
428  !info->attrs[NLBL_CIPSOV4_A_MTYPE])
429  return -EINVAL;
430 
431  netlbl_netlink_auditinfo(skb, &audit_info);
432  switch (nla_get_u32(info->attrs[NLBL_CIPSOV4_A_MTYPE])) {
433  case CIPSO_V4_MAP_TRANS:
434  ret_val = netlbl_cipsov4_add_std(info, &audit_info);
435  break;
436  case CIPSO_V4_MAP_PASS:
437  ret_val = netlbl_cipsov4_add_pass(info, &audit_info);
438  break;
439  case CIPSO_V4_MAP_LOCAL:
440  ret_val = netlbl_cipsov4_add_local(info, &audit_info);
441  break;
442  }
443  if (ret_val == 0)
444  atomic_inc(&netlabel_mgmt_protocount);
445 
446  return ret_val;
447 }
448 
466 static int netlbl_cipsov4_list(struct sk_buff *skb, struct genl_info *info)
467 {
468  int ret_val;
469  struct sk_buff *ans_skb = NULL;
470  u32 nlsze_mult = 1;
471  void *data;
472  u32 doi;
473  struct nlattr *nla_a;
474  struct nlattr *nla_b;
475  struct cipso_v4_doi *doi_def;
476  u32 iter;
477 
478  if (!info->attrs[NLBL_CIPSOV4_A_DOI]) {
479  ret_val = -EINVAL;
480  goto list_failure;
481  }
482 
483 list_start:
484  ans_skb = nlmsg_new(NLMSG_DEFAULT_SIZE * nlsze_mult, GFP_KERNEL);
485  if (ans_skb == NULL) {
486  ret_val = -ENOMEM;
487  goto list_failure;
488  }
489  data = genlmsg_put_reply(ans_skb, info, &netlbl_cipsov4_gnl_family,
490  0, NLBL_CIPSOV4_C_LIST);
491  if (data == NULL) {
492  ret_val = -ENOMEM;
493  goto list_failure;
494  }
495 
496  doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
497 
498  rcu_read_lock();
499  doi_def = cipso_v4_doi_getdef(doi);
500  if (doi_def == NULL) {
501  ret_val = -EINVAL;
502  goto list_failure_lock;
503  }
504 
505  ret_val = nla_put_u32(ans_skb, NLBL_CIPSOV4_A_MTYPE, doi_def->type);
506  if (ret_val != 0)
507  goto list_failure_lock;
508 
509  nla_a = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_TAGLST);
510  if (nla_a == NULL) {
511  ret_val = -ENOMEM;
512  goto list_failure_lock;
513  }
514  for (iter = 0;
515  iter < CIPSO_V4_TAG_MAXCNT &&
516  doi_def->tags[iter] != CIPSO_V4_TAG_INVALID;
517  iter++) {
518  ret_val = nla_put_u8(ans_skb,
519  NLBL_CIPSOV4_A_TAG,
520  doi_def->tags[iter]);
521  if (ret_val != 0)
522  goto list_failure_lock;
523  }
524  nla_nest_end(ans_skb, nla_a);
525 
526  switch (doi_def->type) {
527  case CIPSO_V4_MAP_TRANS:
528  nla_a = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_MLSLVLLST);
529  if (nla_a == NULL) {
530  ret_val = -ENOMEM;
531  goto list_failure_lock;
532  }
533  for (iter = 0;
534  iter < doi_def->map.std->lvl.local_size;
535  iter++) {
536  if (doi_def->map.std->lvl.local[iter] ==
537  CIPSO_V4_INV_LVL)
538  continue;
539 
540  nla_b = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_MLSLVL);
541  if (nla_b == NULL) {
542  ret_val = -ENOMEM;
543  goto list_retry;
544  }
545  ret_val = nla_put_u32(ans_skb,
546  NLBL_CIPSOV4_A_MLSLVLLOC,
547  iter);
548  if (ret_val != 0)
549  goto list_retry;
550  ret_val = nla_put_u32(ans_skb,
551  NLBL_CIPSOV4_A_MLSLVLREM,
552  doi_def->map.std->lvl.local[iter]);
553  if (ret_val != 0)
554  goto list_retry;
555  nla_nest_end(ans_skb, nla_b);
556  }
557  nla_nest_end(ans_skb, nla_a);
558 
559  nla_a = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_MLSCATLST);
560  if (nla_a == NULL) {
561  ret_val = -ENOMEM;
562  goto list_retry;
563  }
564  for (iter = 0;
565  iter < doi_def->map.std->cat.local_size;
566  iter++) {
567  if (doi_def->map.std->cat.local[iter] ==
568  CIPSO_V4_INV_CAT)
569  continue;
570 
571  nla_b = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_MLSCAT);
572  if (nla_b == NULL) {
573  ret_val = -ENOMEM;
574  goto list_retry;
575  }
576  ret_val = nla_put_u32(ans_skb,
577  NLBL_CIPSOV4_A_MLSCATLOC,
578  iter);
579  if (ret_val != 0)
580  goto list_retry;
581  ret_val = nla_put_u32(ans_skb,
582  NLBL_CIPSOV4_A_MLSCATREM,
583  doi_def->map.std->cat.local[iter]);
584  if (ret_val != 0)
585  goto list_retry;
586  nla_nest_end(ans_skb, nla_b);
587  }
588  nla_nest_end(ans_skb, nla_a);
589 
590  break;
591  }
592  rcu_read_unlock();
593 
594  genlmsg_end(ans_skb, data);
595  return genlmsg_reply(ans_skb, info);
596 
597 list_retry:
598  /* XXX - this limit is a guesstimate */
599  if (nlsze_mult < 4) {
600  rcu_read_unlock();
601  kfree_skb(ans_skb);
602  nlsze_mult *= 2;
603  goto list_start;
604  }
605 list_failure_lock:
606  rcu_read_unlock();
607 list_failure:
608  kfree_skb(ans_skb);
609  return ret_val;
610 }
611 
624 static int netlbl_cipsov4_listall_cb(struct cipso_v4_doi *doi_def, void *arg)
625 {
626  int ret_val = -ENOMEM;
627  struct netlbl_cipsov4_doiwalk_arg *cb_arg = arg;
628  void *data;
629 
630  data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).portid,
631  cb_arg->seq, &netlbl_cipsov4_gnl_family,
632  NLM_F_MULTI, NLBL_CIPSOV4_C_LISTALL);
633  if (data == NULL)
634  goto listall_cb_failure;
635 
636  ret_val = nla_put_u32(cb_arg->skb, NLBL_CIPSOV4_A_DOI, doi_def->doi);
637  if (ret_val != 0)
638  goto listall_cb_failure;
639  ret_val = nla_put_u32(cb_arg->skb,
640  NLBL_CIPSOV4_A_MTYPE,
641  doi_def->type);
642  if (ret_val != 0)
643  goto listall_cb_failure;
644 
645  return genlmsg_end(cb_arg->skb, data);
646 
647 listall_cb_failure:
648  genlmsg_cancel(cb_arg->skb, data);
649  return ret_val;
650 }
651 
662 static int netlbl_cipsov4_listall(struct sk_buff *skb,
663  struct netlink_callback *cb)
664 {
665  struct netlbl_cipsov4_doiwalk_arg cb_arg;
666  u32 doi_skip = cb->args[0];
667 
668  cb_arg.nl_cb = cb;
669  cb_arg.skb = skb;
670  cb_arg.seq = cb->nlh->nlmsg_seq;
671 
672  cipso_v4_doi_walk(&doi_skip, netlbl_cipsov4_listall_cb, &cb_arg);
673 
674  cb->args[0] = doi_skip;
675  return skb->len;
676 }
677 
690 static int netlbl_cipsov4_remove_cb(struct netlbl_dom_map *entry, void *arg)
691 {
692  struct netlbl_domhsh_walk_arg *cb_arg = arg;
693 
694  if (entry->type == NETLBL_NLTYPE_CIPSOV4 &&
695  entry->type_def.cipsov4->doi == cb_arg->doi)
696  return netlbl_domhsh_remove_entry(entry, cb_arg->audit_info);
697 
698  return 0;
699 }
700 
711 static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info)
712 {
713  int ret_val = -EINVAL;
714  struct netlbl_domhsh_walk_arg cb_arg;
715  struct netlbl_audit audit_info;
716  u32 skip_bkt = 0;
717  u32 skip_chain = 0;
718 
719  if (!info->attrs[NLBL_CIPSOV4_A_DOI])
720  return -EINVAL;
721 
722  netlbl_netlink_auditinfo(skb, &audit_info);
723  cb_arg.doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
724  cb_arg.audit_info = &audit_info;
725  ret_val = netlbl_domhsh_walk(&skip_bkt, &skip_chain,
726  netlbl_cipsov4_remove_cb, &cb_arg);
727  if (ret_val == 0 || ret_val == -ENOENT) {
728  ret_val = cipso_v4_doi_remove(cb_arg.doi, &audit_info);
729  if (ret_val == 0)
730  atomic_dec(&netlabel_mgmt_protocount);
731  }
732 
733  return ret_val;
734 }
735 
736 /*
737  * NetLabel Generic NETLINK Command Definitions
738  */
739 
740 static struct genl_ops netlbl_cipsov4_ops[] = {
741  {
742  .cmd = NLBL_CIPSOV4_C_ADD,
743  .flags = GENL_ADMIN_PERM,
744  .policy = netlbl_cipsov4_genl_policy,
745  .doit = netlbl_cipsov4_add,
746  .dumpit = NULL,
747  },
748  {
749  .cmd = NLBL_CIPSOV4_C_REMOVE,
750  .flags = GENL_ADMIN_PERM,
751  .policy = netlbl_cipsov4_genl_policy,
752  .doit = netlbl_cipsov4_remove,
753  .dumpit = NULL,
754  },
755  {
756  .cmd = NLBL_CIPSOV4_C_LIST,
757  .flags = 0,
758  .policy = netlbl_cipsov4_genl_policy,
759  .doit = netlbl_cipsov4_list,
760  .dumpit = NULL,
761  },
762  {
763  .cmd = NLBL_CIPSOV4_C_LISTALL,
764  .flags = 0,
765  .policy = netlbl_cipsov4_genl_policy,
766  .doit = NULL,
767  .dumpit = netlbl_cipsov4_listall,
768  },
769 };
770 
771 /*
772  * NetLabel Generic NETLINK Protocol Functions
773  */
774 
783 int __init netlbl_cipsov4_genl_init(void)
784 {
785  return genl_register_family_with_ops(&netlbl_cipsov4_gnl_family,
786  netlbl_cipsov4_ops, ARRAY_SIZE(netlbl_cipsov4_ops));
787 }
Generated on Thu Jan 10 2013 15:01:02 for Linux Kernel by   doxygen 1.8.2