Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
netlabel_cipso_v4.h
Go to the documentation of this file.
1 /*
2  * NetLabel CIPSO/IPv4 Support
3  *
4  * This file defines the CIPSO/IPv4 functions for the NetLabel system. The
5  * NetLabel system manages static and dynamic label mappings for network
6  * protocols such as CIPSO and RIPSO.
7  *
8  * Author: Paul Moore <[email protected]>
9  *
10  */
11 
12 /*
13  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
14  *
15  * This program is free software; you can redistribute it and/or modify
16  * it under the terms of the GNU General Public License as published by
17  * the Free Software Foundation; either version 2 of the License, or
18  * (at your option) any later version.
19  *
20  * This program is distributed in the hope that it will be useful,
21  * but WITHOUT ANY WARRANTY; without even the implied warranty of
22  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
23  * the GNU General Public License for more details.
24  *
25  * You should have received a copy of the GNU General Public License
26  * along with this program; if not, write to the Free Software
27  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
28  *
29  */
30 
31 #ifndef _NETLABEL_CIPSO_V4
32 #define _NETLABEL_CIPSO_V4
33 
34 #include <net/netlabel.h>
35 
36 /*
37  * The following NetLabel payloads are supported by the CIPSO subsystem.
38  *
39  * o ADD:
40  * Sent by an application to add a new DOI mapping table.
41  *
42  * Required attributes:
43  *
44  * NLBL_CIPSOV4_A_DOI
45  * NLBL_CIPSOV4_A_MTYPE
46  * NLBL_CIPSOV4_A_TAGLST
47  *
48  * If using CIPSO_V4_MAP_TRANS the following attributes are required:
49  *
50  * NLBL_CIPSOV4_A_MLSLVLLST
51  * NLBL_CIPSOV4_A_MLSCATLST
52  *
53  * If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
54  * are required.
55  *
56  * o REMOVE:
57  * Sent by an application to remove a specific DOI mapping table from the
58  * CIPSO V4 system.
59  *
60  * Required attributes:
61  *
62  * NLBL_CIPSOV4_A_DOI
63  *
64  * o LIST:
65  * Sent by an application to list the details of a DOI definition. On
66  * success the kernel should send a response using the following format.
67  *
68  * Required attributes:
69  *
70  * NLBL_CIPSOV4_A_DOI
71  *
72  * The valid response message format depends on the type of the DOI mapping,
73  * the defined formats are shown below.
74  *
75  * Required attributes:
76  *
77  * NLBL_CIPSOV4_A_MTYPE
78  * NLBL_CIPSOV4_A_TAGLST
79  *
80  * If using CIPSO_V4_MAP_TRANS the following attributes are required:
81  *
82  * NLBL_CIPSOV4_A_MLSLVLLST
83  * NLBL_CIPSOV4_A_MLSCATLST
84  *
85  * If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
86  * are required.
87  *
88  * o LISTALL:
89  * This message is sent by an application to list the valid DOIs on the
90  * system. When sent by an application there is no payload and the
91  * NLM_F_DUMP flag should be set. The kernel should respond with a series of
92  * the following messages.
93  *
94  * Required attributes:
95  *
96  * NLBL_CIPSOV4_A_DOI
97  * NLBL_CIPSOV4_A_MTYPE
98  *
99  */
100 
101 /* NetLabel CIPSOv4 commands */
102 enum {
103  NLBL_CIPSOV4_C_UNSPEC,
104  NLBL_CIPSOV4_C_ADD,
105  NLBL_CIPSOV4_C_REMOVE,
106  NLBL_CIPSOV4_C_LIST,
107  NLBL_CIPSOV4_C_LISTALL,
108  __NLBL_CIPSOV4_C_MAX,
109 };
110 
111 /* NetLabel CIPSOv4 attributes */
112 enum {
113  NLBL_CIPSOV4_A_UNSPEC,
114  NLBL_CIPSOV4_A_DOI,
115  /* (NLA_U32)
116  * the DOI value */
117  NLBL_CIPSOV4_A_MTYPE,
118  /* (NLA_U32)
119  * the mapping table type (defined in the cipso_ipv4.h header as
120  * CIPSO_V4_MAP_*) */
121  NLBL_CIPSOV4_A_TAG,
122  /* (NLA_U8)
123  * a CIPSO tag type, meant to be used within a NLBL_CIPSOV4_A_TAGLST
124  * attribute */
125  NLBL_CIPSOV4_A_TAGLST,
126  /* (NLA_NESTED)
127  * the CIPSO tag list for the DOI, there must be at least one
128  * NLBL_CIPSOV4_A_TAG attribute, tags listed first are given higher
129  * priorirty when sending packets */
130  NLBL_CIPSOV4_A_MLSLVLLOC,
131  /* (NLA_U32)
132  * the local MLS sensitivity level */
133  NLBL_CIPSOV4_A_MLSLVLREM,
134  /* (NLA_U32)
135  * the remote MLS sensitivity level */
136  NLBL_CIPSOV4_A_MLSLVL,
137  /* (NLA_NESTED)
138  * a MLS sensitivity level mapping, must contain only one attribute of
139  * each of the following types: NLBL_CIPSOV4_A_MLSLVLLOC and
140  * NLBL_CIPSOV4_A_MLSLVLREM */
141  NLBL_CIPSOV4_A_MLSLVLLST,
142  /* (NLA_NESTED)
143  * the CIPSO level mappings, there must be at least one
144  * NLBL_CIPSOV4_A_MLSLVL attribute */
145  NLBL_CIPSOV4_A_MLSCATLOC,
146  /* (NLA_U32)
147  * the local MLS category */
148  NLBL_CIPSOV4_A_MLSCATREM,
149  /* (NLA_U32)
150  * the remote MLS category */
151  NLBL_CIPSOV4_A_MLSCAT,
152  /* (NLA_NESTED)
153  * a MLS category mapping, must contain only one attribute of each of
154  * the following types: NLBL_CIPSOV4_A_MLSCATLOC and
155  * NLBL_CIPSOV4_A_MLSCATREM */
156  NLBL_CIPSOV4_A_MLSCATLST,
157  /* (NLA_NESTED)
158  * the CIPSO category mappings, there must be at least one
159  * NLBL_CIPSOV4_A_MLSCAT attribute */
160  __NLBL_CIPSOV4_A_MAX,
161 };
162 #define NLBL_CIPSOV4_A_MAX (__NLBL_CIPSOV4_A_MAX - 1)
163 
164 /* NetLabel protocol functions */
165 int netlbl_cipsov4_genl_init(void);
166 
167 /* Free the memory associated with a CIPSOv4 DOI definition */
168 void netlbl_cipsov4_doi_free(struct rcu_head *entry);
169 
170 #endif
Generated on Thu Jan 10 2013 15:01:02 for Linux Kernel by   doxygen 1.8.2