Почетна Преглед Помоћ
Пријавите се
Rydia
/
linux-phytium
Прати 1
Волим 0
Креирај огранак 0
Датотеке Дискусије 0 Захтеви за спајање 0 Вики
Грана: master
Гране Ознаке
linux-phytium
/
net
/
netlabel
/
netlabel_calipso.h

netlabel_calipso.h 4.5 KB
Пермалинк Историја Датотека

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152 
  1. /*
    2. 

  2.  * NetLabel CALIPSO Support
    3. 

  3.  *
    4. 

  4.  * This file defines the CALIPSO functions for the NetLabel system.  The
    5. 

  5.  * NetLabel system manages static and dynamic label mappings for network
    6. 

  6.  * protocols such as CIPSO and RIPSO.
    7. 

  7.  *
    8. 

  8.  * Authors: Paul Moore <paul@paul-moore.com>
    9. 

  9.  *          Huw Davies <huw@codeweavers.com>
    10. 

  10.  *
    11. 

  11.  */
    12. 

  12. 

  13. /* (c) Copyright Hewlett-Packard Development Company, L.P., 2006
    14. 

  14.  * (c) Copyright Huw Davies <huw@codeweavers.com>, 2015
    15. 

  15.  *
    16. 

  16.  * This program is free software;  you can redistribute it and/or modify
    17. 

  17.  * it under the terms of the GNU General Public License as published by
    18. 

  18.  * the Free Software Foundation; either version 2 of the License, or
    19. 

  19.  * (at your option) any later version.
    20. 

  20.  *
    21. 

  21.  * This program is distributed in the hope that it will be useful,
    22. 

  22.  * but WITHOUT ANY WARRANTY;  without even the implied warranty of
    23. 

  23.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
    24. 

  24.  * the GNU General Public License for more details.
    25. 

  25.  *
    26. 

  26.  * You should have received a copy of the GNU General Public License
    27. 

  27.  * along with this program;  if not, see <http://www.gnu.org/licenses/>.
    28. 

  28.  *
    29. 

  29.  */
    30. 

  30. 

  31. #ifndef _NETLABEL_CALIPSO
    32. 

  32. #define _NETLABEL_CALIPSO
    33. 

  33. 

  34. #include <net/netlabel.h>
    35. 

  35. #include <net/calipso.h>
    36. 

  36. 

  37. /* The following NetLabel payloads are supported by the CALIPSO subsystem.
    38. 

  38.  *
    39. 

  39.  * o ADD:
    40. 

  40.  *   Sent by an application to add a new DOI mapping table.
    41. 

  41.  *
    42. 

  42.  *   Required attributes:
    43. 

  43.  *
    44. 

  44.  *     NLBL_CALIPSO_A_DOI
    45. 

  45.  *     NLBL_CALIPSO_A_MTYPE
    46. 

  46.  *
    47. 

  47.  *   If using CALIPSO_MAP_PASS no additional attributes are required.
    48. 

  48.  *
    49. 

  49.  * o REMOVE:
    50. 

  50.  *   Sent by an application to remove a specific DOI mapping table from the
    51. 

  51.  *   CALIPSO system.
    52. 

  52.  *
    53. 

  53.  *   Required attributes:
    54. 

  54.  *
    55. 

  55.  *     NLBL_CALIPSO_A_DOI
    56. 

  56.  *
    57. 

  57.  * o LIST:
    58. 

  58.  *   Sent by an application to list the details of a DOI definition.  On
    59. 

  59.  *   success the kernel should send a response using the following format.
    60. 

  60.  *
    61. 

  61.  *   Required attributes:
    62. 

  62.  *
    63. 

  63.  *     NLBL_CALIPSO_A_DOI
    64. 

  64.  *
    65. 

  65.  *   The valid response message format depends on the type of the DOI mapping,
    66. 

  66.  *   the defined formats are shown below.
    67. 

  67.  *
    68. 

  68.  *   Required attributes:
    69. 

  69.  *
    70. 

  70.  *     NLBL_CALIPSO_A_MTYPE
    71. 

  71.  *
    72. 

  72.  *   If using CALIPSO_MAP_PASS no additional attributes are required.
    73. 

  73.  *
    74. 

  74.  * o LISTALL:
    75. 

  75.  *   This message is sent by an application to list the valid DOIs on the
    76. 

  76.  *   system.  When sent by an application there is no payload and the
    77. 

  77.  *   NLM_F_DUMP flag should be set.  The kernel should respond with a series of
    78. 

  78.  *   the following messages.
    79. 

  79.  *
    80. 

  80.  *   Required attributes:
    81. 

  81.  *
    82. 

  82.  *    NLBL_CALIPSO_A_DOI
    83. 

  83.  *    NLBL_CALIPSO_A_MTYPE
    84. 

  84.  *
    85. 

  85.  */
    86. 

  86. 

  87. /* NetLabel CALIPSO commands */
    88. 

  88. enum {
    89. 

  89. 	NLBL_CALIPSO_C_UNSPEC,
    90. 

  90. 	NLBL_CALIPSO_C_ADD,
    91. 

  91. 	NLBL_CALIPSO_C_REMOVE,
    92. 

  92. 	NLBL_CALIPSO_C_LIST,
    93. 

  93. 	NLBL_CALIPSO_C_LISTALL,
    94. 

  94. 	__NLBL_CALIPSO_C_MAX,
    95. 

  95. };
    96. 

  96. 

  97. /* NetLabel CALIPSO attributes */
    98. 

  98. enum {
    99. 

  99. 	NLBL_CALIPSO_A_UNSPEC,
    100. 

  100. 	NLBL_CALIPSO_A_DOI,
    101. 

  101. 	/* (NLA_U32)
    102. 

  102. 	 * the DOI value */
    103. 

  103. 	NLBL_CALIPSO_A_MTYPE,
    104. 

  104. 	/* (NLA_U32)
    105. 

  105. 	 * the mapping table type (defined in the calipso.h header as
    106. 

  106. 	 * CALIPSO_MAP_*) */
    107. 

  107. 	__NLBL_CALIPSO_A_MAX,
    108. 

  108. };
    109. 

  109. 

  110. #define NLBL_CALIPSO_A_MAX (__NLBL_CALIPSO_A_MAX - 1)
    111. 

  111. 

  112. /* NetLabel protocol functions */
    113. 

  113. #if IS_ENABLED(CONFIG_IPV6)
    114. 

  114. int netlbl_calipso_genl_init(void);
    115. 

  115. #else
    116. 

  116. static inline int netlbl_calipso_genl_init(void)
    117. 

  117. {
    118. 

  118. 	return 0;
    119. 

  119. }
    120. 

  120. #endif
    121. 

  121. 

  122. int calipso_doi_add(struct calipso_doi *doi_def,
    123. 

  123. 		    struct netlbl_audit *audit_info);
    124. 

  124. void calipso_doi_free(struct calipso_doi *doi_def);
    125. 

  125. int calipso_doi_remove(u32 doi, struct netlbl_audit *audit_info);
    126. 

  126. struct calipso_doi *calipso_doi_getdef(u32 doi);
    127. 

  127. void calipso_doi_putdef(struct calipso_doi *doi_def);
    128. 

  128. int calipso_doi_walk(u32 *skip_cnt,
    129. 

  129. 		     int (*callback)(struct calipso_doi *doi_def, void *arg),
    130. 

  130. 		     void *cb_arg);
    131. 

  131. int calipso_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr);
    132. 

  132. int calipso_sock_setattr(struct sock *sk,
    133. 

  133. 			 const struct calipso_doi *doi_def,
    134. 

  134. 			 const struct netlbl_lsm_secattr *secattr);
    135. 

  135. void calipso_sock_delattr(struct sock *sk);
    136. 

  136. int calipso_req_setattr(struct request_sock *req,
    137. 

  137. 			const struct calipso_doi *doi_def,
    138. 

  138. 			const struct netlbl_lsm_secattr *secattr);
    139. 

  139. void calipso_req_delattr(struct request_sock *req);
    140. 

  140. unsigned char *calipso_optptr(const struct sk_buff *skb);
    141. 

  141. int calipso_getattr(const unsigned char *calipso,
    142. 

  142. 		    struct netlbl_lsm_secattr *secattr);
    143. 

  143. int calipso_skbuff_setattr(struct sk_buff *skb,
    144. 

  144. 			   const struct calipso_doi *doi_def,
    145. 

  145. 			   const struct netlbl_lsm_secattr *secattr);
    146. 

  146. int calipso_skbuff_delattr(struct sk_buff *skb);
    147. 

  147. void calipso_cache_invalidate(void);
    148. 

  148. int calipso_cache_add(const unsigned char *calipso_ptr,
    149. 

  149. 		      const struct netlbl_lsm_secattr *secattr);
    150. 

  150. 

  151. #endif
    152. 

  152.