|
Linux Kernel
3.7.1
|
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
|
Linux Kernel
3.7.1
|
#include <linux/init.h>#include <linux/types.h>#include <linux/slab.h>#include <linux/audit.h>#include <linux/in.h>#include <linux/in6.h>#include <net/ip.h>#include <net/ipv6.h>#include <net/netlabel.h>#include <net/cipso_ipv4.h>#include <asm/bug.h>#include <linux/atomic.h>#include "netlabel_domainhash.h"#include "netlabel_unlabeled.h"#include "netlabel_cipso_v4.h"#include "netlabel_user.h"#include "netlabel_mgmt.h"#include "netlabel_addrlist.h"Go to the source code of this file.
|
read |
netlbl_audit_start - Start an audit message : audit message type : NetLabel audit information
Description: Start an audit message using the type specified in and fill the audit message with some fields common to all NetLabel audit messages. This function should only be used by protocol engines, not LSMs. Returns a pointer to the audit buffer on success, NULL on failure.
Definition at line 1048 of file netlabel_kapi.c.
netlbl_cache_add - Add an entry to a NetLabel protocol cache : the packet : the packet's security attributes
Description: Add the LSM security attributes for the given packet to the underlying NetLabel protocol's label mapping cache. Returns zero on success, negative values on error.
Definition at line 1020 of file netlabel_kapi.c.
| int netlbl_cfg_cipsov4_add | ( | struct cipso_v4_doi * | doi_def, |
| struct netlbl_audit * | audit_info | ||
| ) |
netlbl_cfg_cipsov4_add - Add a new CIPSOv4 DOI definition : CIPSO DOI definition : NetLabel audit information
Description: Add a new CIPSO DOI definition as defined by . Returns zero on success and negative values on failure.
Definition at line 297 of file netlabel_kapi.c.
| void netlbl_cfg_cipsov4_del | ( | u32 | doi, |
| struct netlbl_audit * | audit_info | ||
| ) |
netlbl_cfg_cipsov4_del - Remove an existing CIPSOv4 DOI definition : CIPSO DOI : NetLabel audit information
Description: Remove an existing CIPSO DOI definition matching . Returns zero on success and negative values on failure.
Definition at line 313 of file netlabel_kapi.c.
| int netlbl_cfg_cipsov4_map_add | ( | u32 | doi, |
| const char * | domain, | ||
| const struct in_addr * | addr, | ||
| const struct in_addr * | mask, | ||
| struct netlbl_audit * | audit_info | ||
| ) |
netlbl_cfg_cipsov4_map_add - Add a new CIPSOv4 DOI mapping : the CIPSO DOI : the domain mapping to add : IP address : IP address mask : NetLabel audit information
Description: Add a new NetLabel/LSM domain mapping for the given CIPSO DOI to the NetLabel subsystem. A value of NULL adds a new default domain mapping. Returns zero on success, negative values on failure.
Definition at line 332 of file netlabel_kapi.c.
| int netlbl_cfg_map_del | ( | const char * | domain, |
| u16 | family, | ||
| const void * | addr, | ||
| const void * | mask, | ||
| struct netlbl_audit * | audit_info | ||
| ) |
netlbl_cfg_map_del - Remove a NetLabel/LSM domain mapping : the domain mapping to remove : address family : IP address : IP address mask : NetLabel audit information
Description: Removes a NetLabel/LSM domain mapping. A value of NULL causes the default domain mapping to be removed. Returns zero on success, negative values on failure.
Definition at line 69 of file netlabel_kapi.c.
| int netlbl_cfg_unlbl_map_add | ( | const char * | domain, |
| u16 | family, | ||
| const void * | addr, | ||
| const void * | mask, | ||
| struct netlbl_audit * | audit_info | ||
| ) |
netlbl_cfg_unlbl_map_add - Add a new unlabeled mapping : the domain mapping to add : address family : IP address : IP address mask : NetLabel audit information
Description: Adds a new unlabeled NetLabel/LSM domain mapping. A value of NULL causes a new default domain mapping to be added. Returns zero on success, negative values on failure.
Definition at line 103 of file netlabel_kapi.c.
| int netlbl_cfg_unlbl_static_add | ( | struct net * | net, |
| const char * | dev_name, | ||
| const void * | addr, | ||
| const void * | mask, | ||
| u16 | family, | ||
| u32 | secid, | ||
| struct netlbl_audit * | audit_info | ||
| ) |
netlbl_cfg_unlbl_static_add - Adds a new static label : network namespace : interface name : IP address in network byte order (struct in[6]_addr) : address mask in network byte order (struct in[6]_addr) : address family : LSM secid value for the entry : NetLabel audit information
Description: Adds a new NetLabel static label to be used when protocol provided labels are not present on incoming traffic. If is NULL then the default interface will be used. Returns zero on success, negative values on failure.
Definition at line 216 of file netlabel_kapi.c.
| int netlbl_cfg_unlbl_static_del | ( | struct net * | net, |
| const char * | dev_name, | ||
| const void * | addr, | ||
| const void * | mask, | ||
| u16 | family, | ||
| struct netlbl_audit * | audit_info | ||
| ) |
netlbl_cfg_unlbl_static_del - Removes an existing static label : network namespace : interface name : IP address in network byte order (struct in[6]_addr) : address mask in network byte order (struct in[6]_addr) : address family : LSM secid value for the entry : NetLabel audit information
Description: Removes an existing NetLabel static label used when protocol provided labels are not present on incoming traffic. If is NULL then the default interface will be used. Returns zero on success, negative values on failure.
Definition at line 260 of file netlabel_kapi.c.
| int netlbl_conn_setattr | ( | struct sock * | sk, |
| struct sockaddr * | addr, | ||
| const struct netlbl_lsm_secattr * | secattr | ||
| ) |
netlbl_conn_setattr - Label a connected socket using the correct protocol : the socket to label : the destination address : the security attributes
Description: Attach the correct label to the given connected socket using the security attributes specified in . The caller is responsible for ensuring that is locked. Returns zero on success, negative values on failure.
Definition at line 751 of file netlabel_kapi.c.
netlbl_enabled - Determine if the NetLabel subsystem is enabled
Description: The LSM can use this function to determine if it should use NetLabel security attributes in it's enforcement mechanism. Currently, NetLabel is considered to be enabled when it's configuration contains a valid setup for at least one labeled protocol (i.e. NetLabel can understand incoming labeled packets of at least one type); otherwise NetLabel is considered to be disabled.
Definition at line 622 of file netlabel_kapi.c.
| void netlbl_req_delattr | ( | struct request_sock * | req | ) |
netlbl_req_delattr - Delete all the NetLabel labels on a socket : the socket
Description: Remove all the NetLabel labeling from .
Definition at line 880 of file netlabel_kapi.c.
| int netlbl_req_setattr | ( | struct request_sock * | req, |
| const struct netlbl_lsm_secattr * | secattr | ||
| ) |
netlbl_req_setattr - Label a request socket using the correct protocol : the request socket to label : the security attributes
Description: Attach the correct label to the given socket using the security attributes specified in . Returns zero on success, negative values on failure.
Definition at line 811 of file netlabel_kapi.c.
| int netlbl_secattr_catmap_setbit | ( | struct netlbl_lsm_secattr_catmap * | catmap, |
| u32 | bit, | ||
| gfp_t | flags | ||
| ) |
netlbl_secattr_catmap_setbit - Set a bit in a LSM secattr catmap : the category bitmap : the bit to set : memory allocation flags
Description: Set the bit specified by in . Returns zero on success, negative values on failure.
Definition at line 535 of file netlabel_kapi.c.
| int netlbl_secattr_catmap_setrng | ( | struct netlbl_lsm_secattr_catmap * | catmap, |
| u32 | start, | ||
| u32 | end, | ||
| gfp_t | flags | ||
| ) |
netlbl_secattr_catmap_setrng - Set a range of bits in a LSM secattr catmap : the category bitmap : the starting bit : the last bit in the string : memory allocation flags
Description: Set a range of bits, starting at and ending with . Returns zero on success, negative values on failure.
Definition at line 574 of file netlabel_kapi.c.
| int netlbl_secattr_catmap_walk | ( | struct netlbl_lsm_secattr_catmap * | catmap, |
| u32 | offset | ||
| ) |
netlbl_secattr_catmap_walk - Walk a LSM secattr catmap looking for a bit : the category bitmap : the offset to start searching at, in bits
Description: This function walks a LSM secattr category bitmap starting at and returns the spot of the first set bit or -ENOENT if no bits are set.
Definition at line 419 of file netlabel_kapi.c.
| int netlbl_secattr_catmap_walk_rng | ( | struct netlbl_lsm_secattr_catmap * | catmap, |
| u32 | offset | ||
| ) |
netlbl_secattr_catmap_walk_rng - Find the end of a string of set bits : the category bitmap : the offset to start searching at, in bits
Description: This function walks a LSM secattr category bitmap starting at and returns the spot of the first cleared bit or -ENOENT if the offset is past the end of the bitmap.
Definition at line 476 of file netlabel_kapi.c.
netlbl_skbuff_err - Handle a LSM error on a sk_buff : the packet : the error code : true if host is acting as a gateway, false otherwise
Description: Deal with a LSM problem when handling the packet in , typically this is a permission denied problem (-EACCES). The correct action is determined according to the packet's labeling protocol.
Definition at line 989 of file netlabel_kapi.c.
| int netlbl_skbuff_getattr | ( | const struct sk_buff * | skb, |
| u16 | family, | ||
| struct netlbl_lsm_secattr * | secattr | ||
| ) |
netlbl_skbuff_getattr - Determine the security attributes of a packet : the packet : protocol family : the security attributes
Description: Examines the given packet to see if a recognized form of packet labeling is present, if so it parses the packet label and returns the security attributes in . Returns zero on success, negative values on failure.
Definition at line 958 of file netlabel_kapi.c.
| int netlbl_skbuff_setattr | ( | struct sk_buff * | skb, |
| u16 | family, | ||
| const struct netlbl_lsm_secattr * | secattr | ||
| ) |
netlbl_skbuff_setattr - Label a packet using the correct protocol : the packet : protocol family : the security attributes
Description: Attach the correct label to the given packet using the security attributes specified in . Returns zero on success, negative values on failure.
Definition at line 896 of file netlabel_kapi.c.
| int netlbl_sock_getattr | ( | struct sock * | sk, |
| struct netlbl_lsm_secattr * | secattr | ||
| ) |
netlbl_sock_getattr - Determine the security attributes of a sock : the sock : the security attributes
Description: Examines the given sock to see if any NetLabel style labeling has been applied to the sock, if so it parses the socket label and returns the security attributes in . Returns zero on success, negative values on failure.
Definition at line 718 of file netlabel_kapi.c.
netlbl_sock_setattr - Label a socket using the correct protocol : the socket to label : protocol family : the security attributes
Description: Attach the correct label to the given socket using the security attributes specified in . This function requires exclusive access to , which means it either needs to be in the process of being created or locked. Returns zero on success, -EDESTADDRREQ if the domain is configured to use network address selectors (can't blindly label the socket), and negative values on all other failures.
Definition at line 645 of file netlabel_kapi.c.
| subsys_initcall | ( | netlbl_init | ) |
1.8.2