162306a36Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0-or-later */ 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * NetLabel CALIPSO Support 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * This file defines the CALIPSO functions for the NetLabel system. The 662306a36Sopenharmony_ci * NetLabel system manages static and dynamic label mappings for network 762306a36Sopenharmony_ci * protocols such as CIPSO and RIPSO. 862306a36Sopenharmony_ci * 962306a36Sopenharmony_ci * Authors: Paul Moore <paul@paul-moore.com> 1062306a36Sopenharmony_ci * Huw Davies <huw@codeweavers.com> 1162306a36Sopenharmony_ci */ 1262306a36Sopenharmony_ci 1362306a36Sopenharmony_ci/* (c) Copyright Hewlett-Packard Development Company, L.P., 2006 1462306a36Sopenharmony_ci * (c) Copyright Huw Davies <huw@codeweavers.com>, 2015 1562306a36Sopenharmony_ci */ 1662306a36Sopenharmony_ci 1762306a36Sopenharmony_ci#ifndef _NETLABEL_CALIPSO 1862306a36Sopenharmony_ci#define _NETLABEL_CALIPSO 1962306a36Sopenharmony_ci 2062306a36Sopenharmony_ci#include <net/netlabel.h> 2162306a36Sopenharmony_ci#include <net/calipso.h> 2262306a36Sopenharmony_ci 2362306a36Sopenharmony_ci/* The following NetLabel payloads are supported by the CALIPSO subsystem. 2462306a36Sopenharmony_ci * 2562306a36Sopenharmony_ci * o ADD: 2662306a36Sopenharmony_ci * Sent by an application to add a new DOI mapping table. 2762306a36Sopenharmony_ci * 2862306a36Sopenharmony_ci * Required attributes: 2962306a36Sopenharmony_ci * 3062306a36Sopenharmony_ci * NLBL_CALIPSO_A_DOI 3162306a36Sopenharmony_ci * NLBL_CALIPSO_A_MTYPE 3262306a36Sopenharmony_ci * 3362306a36Sopenharmony_ci * If using CALIPSO_MAP_PASS no additional attributes are required. 3462306a36Sopenharmony_ci * 3562306a36Sopenharmony_ci * o REMOVE: 3662306a36Sopenharmony_ci * Sent by an application to remove a specific DOI mapping table from the 3762306a36Sopenharmony_ci * CALIPSO system. 3862306a36Sopenharmony_ci * 3962306a36Sopenharmony_ci * Required attributes: 4062306a36Sopenharmony_ci * 4162306a36Sopenharmony_ci * NLBL_CALIPSO_A_DOI 4262306a36Sopenharmony_ci * 4362306a36Sopenharmony_ci * o LIST: 4462306a36Sopenharmony_ci * Sent by an application to list the details of a DOI definition. On 4562306a36Sopenharmony_ci * success the kernel should send a response using the following format. 4662306a36Sopenharmony_ci * 4762306a36Sopenharmony_ci * Required attributes: 4862306a36Sopenharmony_ci * 4962306a36Sopenharmony_ci * NLBL_CALIPSO_A_DOI 5062306a36Sopenharmony_ci * 5162306a36Sopenharmony_ci * The valid response message format depends on the type of the DOI mapping, 5262306a36Sopenharmony_ci * the defined formats are shown below. 5362306a36Sopenharmony_ci * 5462306a36Sopenharmony_ci * Required attributes: 5562306a36Sopenharmony_ci * 5662306a36Sopenharmony_ci * NLBL_CALIPSO_A_MTYPE 5762306a36Sopenharmony_ci * 5862306a36Sopenharmony_ci * If using CALIPSO_MAP_PASS no additional attributes are required. 5962306a36Sopenharmony_ci * 6062306a36Sopenharmony_ci * o LISTALL: 6162306a36Sopenharmony_ci * This message is sent by an application to list the valid DOIs on the 6262306a36Sopenharmony_ci * system. When sent by an application there is no payload and the 6362306a36Sopenharmony_ci * NLM_F_DUMP flag should be set. The kernel should respond with a series of 6462306a36Sopenharmony_ci * the following messages. 6562306a36Sopenharmony_ci * 6662306a36Sopenharmony_ci * Required attributes: 6762306a36Sopenharmony_ci * 6862306a36Sopenharmony_ci * NLBL_CALIPSO_A_DOI 6962306a36Sopenharmony_ci * NLBL_CALIPSO_A_MTYPE 7062306a36Sopenharmony_ci * 7162306a36Sopenharmony_ci */ 7262306a36Sopenharmony_ci 7362306a36Sopenharmony_ci/* NetLabel CALIPSO commands */ 7462306a36Sopenharmony_cienum { 7562306a36Sopenharmony_ci NLBL_CALIPSO_C_UNSPEC, 7662306a36Sopenharmony_ci NLBL_CALIPSO_C_ADD, 7762306a36Sopenharmony_ci NLBL_CALIPSO_C_REMOVE, 7862306a36Sopenharmony_ci NLBL_CALIPSO_C_LIST, 7962306a36Sopenharmony_ci NLBL_CALIPSO_C_LISTALL, 8062306a36Sopenharmony_ci __NLBL_CALIPSO_C_MAX, 8162306a36Sopenharmony_ci}; 8262306a36Sopenharmony_ci 8362306a36Sopenharmony_ci/* NetLabel CALIPSO attributes */ 8462306a36Sopenharmony_cienum { 8562306a36Sopenharmony_ci NLBL_CALIPSO_A_UNSPEC, 8662306a36Sopenharmony_ci NLBL_CALIPSO_A_DOI, 8762306a36Sopenharmony_ci /* (NLA_U32) 8862306a36Sopenharmony_ci * the DOI value */ 8962306a36Sopenharmony_ci NLBL_CALIPSO_A_MTYPE, 9062306a36Sopenharmony_ci /* (NLA_U32) 9162306a36Sopenharmony_ci * the mapping table type (defined in the calipso.h header as 9262306a36Sopenharmony_ci * CALIPSO_MAP_*) */ 9362306a36Sopenharmony_ci __NLBL_CALIPSO_A_MAX, 9462306a36Sopenharmony_ci}; 9562306a36Sopenharmony_ci 9662306a36Sopenharmony_ci#define NLBL_CALIPSO_A_MAX (__NLBL_CALIPSO_A_MAX - 1) 9762306a36Sopenharmony_ci 9862306a36Sopenharmony_ci/* NetLabel protocol functions */ 9962306a36Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 10062306a36Sopenharmony_ciint netlbl_calipso_genl_init(void); 10162306a36Sopenharmony_ci#else 10262306a36Sopenharmony_cistatic inline int netlbl_calipso_genl_init(void) 10362306a36Sopenharmony_ci{ 10462306a36Sopenharmony_ci return 0; 10562306a36Sopenharmony_ci} 10662306a36Sopenharmony_ci#endif 10762306a36Sopenharmony_ci 10862306a36Sopenharmony_ciint calipso_doi_add(struct calipso_doi *doi_def, 10962306a36Sopenharmony_ci struct netlbl_audit *audit_info); 11062306a36Sopenharmony_civoid calipso_doi_free(struct calipso_doi *doi_def); 11162306a36Sopenharmony_ciint calipso_doi_remove(u32 doi, struct netlbl_audit *audit_info); 11262306a36Sopenharmony_cistruct calipso_doi *calipso_doi_getdef(u32 doi); 11362306a36Sopenharmony_civoid calipso_doi_putdef(struct calipso_doi *doi_def); 11462306a36Sopenharmony_ciint calipso_doi_walk(u32 *skip_cnt, 11562306a36Sopenharmony_ci int (*callback)(struct calipso_doi *doi_def, void *arg), 11662306a36Sopenharmony_ci void *cb_arg); 11762306a36Sopenharmony_ciint calipso_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr); 11862306a36Sopenharmony_ciint calipso_sock_setattr(struct sock *sk, 11962306a36Sopenharmony_ci const struct calipso_doi *doi_def, 12062306a36Sopenharmony_ci const struct netlbl_lsm_secattr *secattr); 12162306a36Sopenharmony_civoid calipso_sock_delattr(struct sock *sk); 12262306a36Sopenharmony_ciint calipso_req_setattr(struct request_sock *req, 12362306a36Sopenharmony_ci const struct calipso_doi *doi_def, 12462306a36Sopenharmony_ci const struct netlbl_lsm_secattr *secattr); 12562306a36Sopenharmony_civoid calipso_req_delattr(struct request_sock *req); 12662306a36Sopenharmony_ciunsigned char *calipso_optptr(const struct sk_buff *skb); 12762306a36Sopenharmony_ciint calipso_getattr(const unsigned char *calipso, 12862306a36Sopenharmony_ci struct netlbl_lsm_secattr *secattr); 12962306a36Sopenharmony_ciint calipso_skbuff_setattr(struct sk_buff *skb, 13062306a36Sopenharmony_ci const struct calipso_doi *doi_def, 13162306a36Sopenharmony_ci const struct netlbl_lsm_secattr *secattr); 13262306a36Sopenharmony_ciint calipso_skbuff_delattr(struct sk_buff *skb); 13362306a36Sopenharmony_civoid calipso_cache_invalidate(void); 13462306a36Sopenharmony_ciint calipso_cache_add(const unsigned char *calipso_ptr, 13562306a36Sopenharmony_ci const struct netlbl_lsm_secattr *secattr); 13662306a36Sopenharmony_ci 13762306a36Sopenharmony_ci#endif 138