1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0-or-later */ 2*4882a593Smuzhiyun /* 3*4882a593Smuzhiyun * CALIPSO - Common Architecture Label IPv6 Security Option 4*4882a593Smuzhiyun * 5*4882a593Smuzhiyun * This is an implementation of the CALIPSO protocol as specified in 6*4882a593Smuzhiyun * RFC 5570. 7*4882a593Smuzhiyun * 8*4882a593Smuzhiyun * Authors: Paul Moore <paul@paul-moore.com> 9*4882a593Smuzhiyun * Huw Davies <huw@codeweavers.com> 10*4882a593Smuzhiyun */ 11*4882a593Smuzhiyun 12*4882a593Smuzhiyun /* 13*4882a593Smuzhiyun * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 14*4882a593Smuzhiyun * (c) Copyright Huw Davies <huw@codeweavers.com>, 2015 15*4882a593Smuzhiyun */ 16*4882a593Smuzhiyun 17*4882a593Smuzhiyun #ifndef _CALIPSO_H 18*4882a593Smuzhiyun #define _CALIPSO_H 19*4882a593Smuzhiyun 20*4882a593Smuzhiyun #include <linux/types.h> 21*4882a593Smuzhiyun #include <linux/rcupdate.h> 22*4882a593Smuzhiyun #include <linux/list.h> 23*4882a593Smuzhiyun #include <linux/net.h> 24*4882a593Smuzhiyun #include <linux/skbuff.h> 25*4882a593Smuzhiyun #include <net/netlabel.h> 26*4882a593Smuzhiyun #include <net/request_sock.h> 27*4882a593Smuzhiyun #include <linux/refcount.h> 28*4882a593Smuzhiyun #include <asm/unaligned.h> 29*4882a593Smuzhiyun 30*4882a593Smuzhiyun /* known doi values */ 31*4882a593Smuzhiyun #define CALIPSO_DOI_UNKNOWN 0x00000000 32*4882a593Smuzhiyun 33*4882a593Smuzhiyun /* doi mapping types */ 34*4882a593Smuzhiyun #define CALIPSO_MAP_UNKNOWN 0 35*4882a593Smuzhiyun #define CALIPSO_MAP_PASS 2 36*4882a593Smuzhiyun 37*4882a593Smuzhiyun /* 38*4882a593Smuzhiyun * CALIPSO DOI definitions 39*4882a593Smuzhiyun */ 40*4882a593Smuzhiyun 41*4882a593Smuzhiyun /* DOI definition struct */ 42*4882a593Smuzhiyun struct calipso_doi { 43*4882a593Smuzhiyun u32 doi; 44*4882a593Smuzhiyun u32 type; 45*4882a593Smuzhiyun 46*4882a593Smuzhiyun refcount_t refcount; 47*4882a593Smuzhiyun struct list_head list; 48*4882a593Smuzhiyun struct rcu_head rcu; 49*4882a593Smuzhiyun }; 50*4882a593Smuzhiyun 51*4882a593Smuzhiyun /* 52*4882a593Smuzhiyun * Sysctl Variables 53*4882a593Smuzhiyun */ 54*4882a593Smuzhiyun extern int calipso_cache_enabled; 55*4882a593Smuzhiyun extern int calipso_cache_bucketsize; 56*4882a593Smuzhiyun 57*4882a593Smuzhiyun #ifdef CONFIG_NETLABEL 58*4882a593Smuzhiyun int __init calipso_init(void); 59*4882a593Smuzhiyun void calipso_exit(void); 60*4882a593Smuzhiyun bool calipso_validate(const struct sk_buff *skb, const unsigned char *option); 61*4882a593Smuzhiyun #else calipso_init(void)62*4882a593Smuzhiyunstatic inline int __init calipso_init(void) 63*4882a593Smuzhiyun { 64*4882a593Smuzhiyun return 0; 65*4882a593Smuzhiyun } 66*4882a593Smuzhiyun calipso_exit(void)67*4882a593Smuzhiyunstatic inline void calipso_exit(void) 68*4882a593Smuzhiyun { 69*4882a593Smuzhiyun } calipso_validate(const struct sk_buff * skb,const unsigned char * option)70*4882a593Smuzhiyunstatic inline bool calipso_validate(const struct sk_buff *skb, 71*4882a593Smuzhiyun const unsigned char *option) 72*4882a593Smuzhiyun { 73*4882a593Smuzhiyun return true; 74*4882a593Smuzhiyun } 75*4882a593Smuzhiyun #endif /* CONFIG_NETLABEL */ 76*4882a593Smuzhiyun 77*4882a593Smuzhiyun #endif /* _CALIPSO_H */ 78