xref: /OK3568_Linux_fs/kernel/net/netlabel/netlabel_mgmt.h (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0-or-later */
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun  * NetLabel Management Support
4*4882a593Smuzhiyun  *
5*4882a593Smuzhiyun  * This file defines the management functions for the NetLabel system.  The
6*4882a593Smuzhiyun  * NetLabel system manages static and dynamic label mappings for network
7*4882a593Smuzhiyun  * protocols such as CIPSO and RIPSO.
8*4882a593Smuzhiyun  *
9*4882a593Smuzhiyun  * Author: Paul Moore <paul@paul-moore.com>
10*4882a593Smuzhiyun  */
11*4882a593Smuzhiyun 
12*4882a593Smuzhiyun /*
13*4882a593Smuzhiyun  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
14*4882a593Smuzhiyun  */
15*4882a593Smuzhiyun 
16*4882a593Smuzhiyun #ifndef _NETLABEL_MGMT_H
17*4882a593Smuzhiyun #define _NETLABEL_MGMT_H
18*4882a593Smuzhiyun 
19*4882a593Smuzhiyun #include <net/netlabel.h>
20*4882a593Smuzhiyun #include <linux/atomic.h>
21*4882a593Smuzhiyun 
22*4882a593Smuzhiyun /*
23*4882a593Smuzhiyun  * The following NetLabel payloads are supported by the management interface.
24*4882a593Smuzhiyun  *
25*4882a593Smuzhiyun  * o ADD:
26*4882a593Smuzhiyun  *   Sent by an application to add a domain mapping to the NetLabel system.
27*4882a593Smuzhiyun  *
28*4882a593Smuzhiyun  *   Required attributes:
29*4882a593Smuzhiyun  *
30*4882a593Smuzhiyun  *     NLBL_MGMT_A_DOMAIN
31*4882a593Smuzhiyun  *     NLBL_MGMT_A_PROTOCOL
32*4882a593Smuzhiyun  *
33*4882a593Smuzhiyun  *   If IPv4 is specified the following attributes are required:
34*4882a593Smuzhiyun  *
35*4882a593Smuzhiyun  *     NLBL_MGMT_A_IPV4ADDR
36*4882a593Smuzhiyun  *     NLBL_MGMT_A_IPV4MASK
37*4882a593Smuzhiyun  *
38*4882a593Smuzhiyun  *   If IPv6 is specified the following attributes are required:
39*4882a593Smuzhiyun  *
40*4882a593Smuzhiyun  *     NLBL_MGMT_A_IPV6ADDR
41*4882a593Smuzhiyun  *     NLBL_MGMT_A_IPV6MASK
42*4882a593Smuzhiyun  *
43*4882a593Smuzhiyun  *   If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required:
44*4882a593Smuzhiyun  *
45*4882a593Smuzhiyun  *     NLBL_MGMT_A_CV4DOI
46*4882a593Smuzhiyun  *
47*4882a593Smuzhiyun  *   If using NETLBL_NLTYPE_UNLABELED no other attributes are required,
48*4882a593Smuzhiyun  *   however the following attribute may optionally be sent:
49*4882a593Smuzhiyun  *
50*4882a593Smuzhiyun  *     NLBL_MGMT_A_FAMILY
51*4882a593Smuzhiyun  *
52*4882a593Smuzhiyun  * o REMOVE:
53*4882a593Smuzhiyun  *   Sent by an application to remove a domain mapping from the NetLabel
54*4882a593Smuzhiyun  *   system.
55*4882a593Smuzhiyun  *
56*4882a593Smuzhiyun  *   Required attributes:
57*4882a593Smuzhiyun  *
58*4882a593Smuzhiyun  *     NLBL_MGMT_A_DOMAIN
59*4882a593Smuzhiyun  *
60*4882a593Smuzhiyun  * o LISTALL:
61*4882a593Smuzhiyun  *   This message can be sent either from an application or by the kernel in
62*4882a593Smuzhiyun  *   response to an application generated LISTALL message.  When sent by an
63*4882a593Smuzhiyun  *   application there is no payload and the NLM_F_DUMP flag should be set.
64*4882a593Smuzhiyun  *   The kernel should respond with a series of the following messages.
65*4882a593Smuzhiyun  *
66*4882a593Smuzhiyun  *   Required attributes:
67*4882a593Smuzhiyun  *
68*4882a593Smuzhiyun  *     NLBL_MGMT_A_DOMAIN
69*4882a593Smuzhiyun  *     NLBL_MGMT_A_FAMILY
70*4882a593Smuzhiyun  *
71*4882a593Smuzhiyun  *   If the IP address selectors are not used the following attribute is
72*4882a593Smuzhiyun  *   required:
73*4882a593Smuzhiyun  *
74*4882a593Smuzhiyun  *     NLBL_MGMT_A_PROTOCOL
75*4882a593Smuzhiyun  *
76*4882a593Smuzhiyun  *   If the IP address selectors are used then the following attritbute is
77*4882a593Smuzhiyun  *   required:
78*4882a593Smuzhiyun  *
79*4882a593Smuzhiyun  *     NLBL_MGMT_A_SELECTORLIST
80*4882a593Smuzhiyun  *
81*4882a593Smuzhiyun  *   If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following
82*4882a593Smuzhiyun  *   attributes are required:
83*4882a593Smuzhiyun  *
84*4882a593Smuzhiyun  *     NLBL_MGMT_A_CV4DOI
85*4882a593Smuzhiyun  *
86*4882a593Smuzhiyun  *   If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other
87*4882a593Smuzhiyun  *   attributes are required.
88*4882a593Smuzhiyun  *
89*4882a593Smuzhiyun  * o ADDDEF:
90*4882a593Smuzhiyun  *   Sent by an application to set the default domain mapping for the NetLabel
91*4882a593Smuzhiyun  *   system.
92*4882a593Smuzhiyun  *
93*4882a593Smuzhiyun  *   Required attributes:
94*4882a593Smuzhiyun  *
95*4882a593Smuzhiyun  *     NLBL_MGMT_A_PROTOCOL
96*4882a593Smuzhiyun  *
97*4882a593Smuzhiyun  *   If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required:
98*4882a593Smuzhiyun  *
99*4882a593Smuzhiyun  *     NLBL_MGMT_A_CV4DOI
100*4882a593Smuzhiyun  *
101*4882a593Smuzhiyun  *   If using NETLBL_NLTYPE_UNLABELED no other attributes are required,
102*4882a593Smuzhiyun  *   however the following attribute may optionally be sent:
103*4882a593Smuzhiyun  *
104*4882a593Smuzhiyun  *     NLBL_MGMT_A_FAMILY
105*4882a593Smuzhiyun  *
106*4882a593Smuzhiyun  * o REMOVEDEF:
107*4882a593Smuzhiyun  *   Sent by an application to remove the default domain mapping from the
108*4882a593Smuzhiyun  *   NetLabel system, there is no payload.
109*4882a593Smuzhiyun  *
110*4882a593Smuzhiyun  * o LISTDEF:
111*4882a593Smuzhiyun  *   This message can be sent either from an application or by the kernel in
112*4882a593Smuzhiyun  *   response to an application generated LISTDEF message.  When sent by an
113*4882a593Smuzhiyun  *   application there may be an optional payload.
114*4882a593Smuzhiyun  *
115*4882a593Smuzhiyun  *     NLBL_MGMT_A_FAMILY
116*4882a593Smuzhiyun  *
117*4882a593Smuzhiyun  *   On success the kernel should send a response using the following format:
118*4882a593Smuzhiyun  *
119*4882a593Smuzhiyun  *   If the IP address selectors are not used the following attributes are
120*4882a593Smuzhiyun  *   required:
121*4882a593Smuzhiyun  *
122*4882a593Smuzhiyun  *     NLBL_MGMT_A_PROTOCOL
123*4882a593Smuzhiyun  *     NLBL_MGMT_A_FAMILY
124*4882a593Smuzhiyun  *
125*4882a593Smuzhiyun  *   If the IP address selectors are used then the following attritbute is
126*4882a593Smuzhiyun  *   required:
127*4882a593Smuzhiyun  *
128*4882a593Smuzhiyun  *     NLBL_MGMT_A_SELECTORLIST
129*4882a593Smuzhiyun  *
130*4882a593Smuzhiyun  *   If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following
131*4882a593Smuzhiyun  *   attributes are required:
132*4882a593Smuzhiyun  *
133*4882a593Smuzhiyun  *     NLBL_MGMT_A_CV4DOI
134*4882a593Smuzhiyun  *
135*4882a593Smuzhiyun  *   If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other
136*4882a593Smuzhiyun  *   attributes are required.
137*4882a593Smuzhiyun  *
138*4882a593Smuzhiyun  * o PROTOCOLS:
139*4882a593Smuzhiyun  *   Sent by an application to request a list of configured NetLabel protocols
140*4882a593Smuzhiyun  *   in the kernel.  When sent by an application there is no payload and the
141*4882a593Smuzhiyun  *   NLM_F_DUMP flag should be set.  The kernel should respond with a series of
142*4882a593Smuzhiyun  *   the following messages.
143*4882a593Smuzhiyun  *
144*4882a593Smuzhiyun  *   Required attributes:
145*4882a593Smuzhiyun  *
146*4882a593Smuzhiyun  *     NLBL_MGMT_A_PROTOCOL
147*4882a593Smuzhiyun  *
148*4882a593Smuzhiyun  * o VERSION:
149*4882a593Smuzhiyun  *   Sent by an application to request the NetLabel version.  When sent by an
150*4882a593Smuzhiyun  *   application there is no payload.  This message type is also used by the
151*4882a593Smuzhiyun  *   kernel to respond to an VERSION request.
152*4882a593Smuzhiyun  *
153*4882a593Smuzhiyun  *   Required attributes:
154*4882a593Smuzhiyun  *
155*4882a593Smuzhiyun  *     NLBL_MGMT_A_VERSION
156*4882a593Smuzhiyun  *
157*4882a593Smuzhiyun  */
158*4882a593Smuzhiyun 
159*4882a593Smuzhiyun /* NetLabel Management commands */
160*4882a593Smuzhiyun enum {
161*4882a593Smuzhiyun 	NLBL_MGMT_C_UNSPEC,
162*4882a593Smuzhiyun 	NLBL_MGMT_C_ADD,
163*4882a593Smuzhiyun 	NLBL_MGMT_C_REMOVE,
164*4882a593Smuzhiyun 	NLBL_MGMT_C_LISTALL,
165*4882a593Smuzhiyun 	NLBL_MGMT_C_ADDDEF,
166*4882a593Smuzhiyun 	NLBL_MGMT_C_REMOVEDEF,
167*4882a593Smuzhiyun 	NLBL_MGMT_C_LISTDEF,
168*4882a593Smuzhiyun 	NLBL_MGMT_C_PROTOCOLS,
169*4882a593Smuzhiyun 	NLBL_MGMT_C_VERSION,
170*4882a593Smuzhiyun 	__NLBL_MGMT_C_MAX,
171*4882a593Smuzhiyun };
172*4882a593Smuzhiyun 
173*4882a593Smuzhiyun /* NetLabel Management attributes */
174*4882a593Smuzhiyun enum {
175*4882a593Smuzhiyun 	NLBL_MGMT_A_UNSPEC,
176*4882a593Smuzhiyun 	NLBL_MGMT_A_DOMAIN,
177*4882a593Smuzhiyun 	/* (NLA_NUL_STRING)
178*4882a593Smuzhiyun 	 * the NULL terminated LSM domain string */
179*4882a593Smuzhiyun 	NLBL_MGMT_A_PROTOCOL,
180*4882a593Smuzhiyun 	/* (NLA_U32)
181*4882a593Smuzhiyun 	 * the NetLabel protocol type (defined by NETLBL_NLTYPE_*) */
182*4882a593Smuzhiyun 	NLBL_MGMT_A_VERSION,
183*4882a593Smuzhiyun 	/* (NLA_U32)
184*4882a593Smuzhiyun 	 * the NetLabel protocol version number (defined by
185*4882a593Smuzhiyun 	 * NETLBL_PROTO_VERSION) */
186*4882a593Smuzhiyun 	NLBL_MGMT_A_CV4DOI,
187*4882a593Smuzhiyun 	/* (NLA_U32)
188*4882a593Smuzhiyun 	 * the CIPSOv4 DOI value */
189*4882a593Smuzhiyun 	NLBL_MGMT_A_IPV6ADDR,
190*4882a593Smuzhiyun 	/* (NLA_BINARY, struct in6_addr)
191*4882a593Smuzhiyun 	 * an IPv6 address */
192*4882a593Smuzhiyun 	NLBL_MGMT_A_IPV6MASK,
193*4882a593Smuzhiyun 	/* (NLA_BINARY, struct in6_addr)
194*4882a593Smuzhiyun 	 * an IPv6 address mask */
195*4882a593Smuzhiyun 	NLBL_MGMT_A_IPV4ADDR,
196*4882a593Smuzhiyun 	/* (NLA_BINARY, struct in_addr)
197*4882a593Smuzhiyun 	 * an IPv4 address */
198*4882a593Smuzhiyun 	NLBL_MGMT_A_IPV4MASK,
199*4882a593Smuzhiyun 	/* (NLA_BINARY, struct in_addr)
200*4882a593Smuzhiyun 	 * and IPv4 address mask */
201*4882a593Smuzhiyun 	NLBL_MGMT_A_ADDRSELECTOR,
202*4882a593Smuzhiyun 	/* (NLA_NESTED)
203*4882a593Smuzhiyun 	 * an IP address selector, must contain an address, mask, and protocol
204*4882a593Smuzhiyun 	 * attribute plus any protocol specific attributes */
205*4882a593Smuzhiyun 	NLBL_MGMT_A_SELECTORLIST,
206*4882a593Smuzhiyun 	/* (NLA_NESTED)
207*4882a593Smuzhiyun 	 * the selector list, there must be at least one
208*4882a593Smuzhiyun 	 * NLBL_MGMT_A_ADDRSELECTOR attribute */
209*4882a593Smuzhiyun 	NLBL_MGMT_A_FAMILY,
210*4882a593Smuzhiyun 	/* (NLA_U16)
211*4882a593Smuzhiyun 	 * The address family */
212*4882a593Smuzhiyun 	NLBL_MGMT_A_CLPDOI,
213*4882a593Smuzhiyun 	/* (NLA_U32)
214*4882a593Smuzhiyun 	 * the CALIPSO DOI value */
215*4882a593Smuzhiyun 	__NLBL_MGMT_A_MAX,
216*4882a593Smuzhiyun };
217*4882a593Smuzhiyun #define NLBL_MGMT_A_MAX (__NLBL_MGMT_A_MAX - 1)
218*4882a593Smuzhiyun 
219*4882a593Smuzhiyun /* NetLabel protocol functions */
220*4882a593Smuzhiyun int netlbl_mgmt_genl_init(void);
221*4882a593Smuzhiyun 
222*4882a593Smuzhiyun /* NetLabel configured protocol reference counter */
223*4882a593Smuzhiyun extern atomic_t netlabel_mgmt_protocount;
224*4882a593Smuzhiyun 
225*4882a593Smuzhiyun #endif
226