| /* |
| * NetLabel Management Support |
| * |
| * This file defines the management functions for the NetLabel system. The |
| * NetLabel system manages static and dynamic label mappings for network |
| * protocols such as CIPSO and RIPSO. |
| * |
| * Author: Paul Moore <paul@paul-moore.com> |
| * |
| */ |
| |
| /* |
| * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 |
| * |
| * This program is free software; you can redistribute it and/or modify |
| * it under the terms of the GNU General Public License as published by |
| * the Free Software Foundation; either version 2 of the License, or |
| * (at your option) any later version. |
| * |
| * This program is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See |
| * the GNU General Public License for more details. |
| * |
| * You should have received a copy of the GNU General Public License |
| * along with this program; if not, see <http://www.gnu.org/licenses/>. |
| * |
| */ |
| |
| #ifndef _NETLABEL_MGMT_H |
| #define _NETLABEL_MGMT_H |
| |
| #include <net/netlabel.h> |
| #include <linux/atomic.h> |
| |
| /* |
| * The following NetLabel payloads are supported by the management interface. |
| * |
| * o ADD: |
| * Sent by an application to add a domain mapping to the NetLabel system. |
| * |
| * Required attributes: |
| * |
| * NLBL_MGMT_A_DOMAIN |
| * NLBL_MGMT_A_PROTOCOL |
| * |
| * If IPv4 is specified the following attributes are required: |
| * |
| * NLBL_MGMT_A_IPV4ADDR |
| * NLBL_MGMT_A_IPV4MASK |
| * |
| * If IPv6 is specified the following attributes are required: |
| * |
| * NLBL_MGMT_A_IPV6ADDR |
| * NLBL_MGMT_A_IPV6MASK |
| * |
| * If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required: |
| * |
| * NLBL_MGMT_A_CV4DOI |
| * |
| * If using NETLBL_NLTYPE_UNLABELED no other attributes are required, |
| * however the following attribute may optionally be sent: |
| * |
| * NLBL_MGMT_A_FAMILY |
| * |
| * o REMOVE: |
| * Sent by an application to remove a domain mapping from the NetLabel |
| * system. |
| * |
| * Required attributes: |
| * |
| * NLBL_MGMT_A_DOMAIN |
| * |
| * o LISTALL: |
| * This message can be sent either from an application or by the kernel in |
| * response to an application generated LISTALL message. When sent by an |
| * application there is no payload and the NLM_F_DUMP flag should be set. |
| * The kernel should respond with a series of the following messages. |
| * |
| * Required attributes: |
| * |
| * NLBL_MGMT_A_DOMAIN |
| * NLBL_MGMT_A_FAMILY |
| * |
| * If the IP address selectors are not used the following attribute is |
| * required: |
| * |
| * NLBL_MGMT_A_PROTOCOL |
| * |
| * If the IP address selectors are used then the following attritbute is |
| * required: |
| * |
| * NLBL_MGMT_A_SELECTORLIST |
| * |
| * If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following |
| * attributes are required: |
| * |
| * NLBL_MGMT_A_CV4DOI |
| * |
| * If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other |
| * attributes are required. |
| * |
| * o ADDDEF: |
| * Sent by an application to set the default domain mapping for the NetLabel |
| * system. |
| * |
| * Required attributes: |
| * |
| * NLBL_MGMT_A_PROTOCOL |
| * |
| * If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required: |
| * |
| * NLBL_MGMT_A_CV4DOI |
| * |
| * If using NETLBL_NLTYPE_UNLABELED no other attributes are required, |
| * however the following attribute may optionally be sent: |
| * |
| * NLBL_MGMT_A_FAMILY |
| * |
| * o REMOVEDEF: |
| * Sent by an application to remove the default domain mapping from the |
| * NetLabel system, there is no payload. |
| * |
| * o LISTDEF: |
| * This message can be sent either from an application or by the kernel in |
| * response to an application generated LISTDEF message. When sent by an |
| * application there may be an optional payload. |
| * |
| * NLBL_MGMT_A_FAMILY |
| * |
| * On success the kernel should send a response using the following format: |
| * |
| * If the IP address selectors are not used the following attributes are |
| * required: |
| * |
| * NLBL_MGMT_A_PROTOCOL |
| * NLBL_MGMT_A_FAMILY |
| * |
| * If the IP address selectors are used then the following attritbute is |
| * required: |
| * |
| * NLBL_MGMT_A_SELECTORLIST |
| * |
| * If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following |
| * attributes are required: |
| * |
| * NLBL_MGMT_A_CV4DOI |
| * |
| * If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other |
| * attributes are required. |
| * |
| * o PROTOCOLS: |
| * Sent by an application to request a list of configured NetLabel protocols |
| * in the kernel. When sent by an application there is no payload and the |
| * NLM_F_DUMP flag should be set. The kernel should respond with a series of |
| * the following messages. |
| * |
| * Required attributes: |
| * |
| * NLBL_MGMT_A_PROTOCOL |
| * |
| * o VERSION: |
| * Sent by an application to request the NetLabel version. When sent by an |
| * application there is no payload. This message type is also used by the |
| * kernel to respond to an VERSION request. |
| * |
| * Required attributes: |
| * |
| * NLBL_MGMT_A_VERSION |
| * |
| */ |
| |
| /* NetLabel Management commands */ |
| enum { |
| NLBL_MGMT_C_UNSPEC, |
| NLBL_MGMT_C_ADD, |
| NLBL_MGMT_C_REMOVE, |
| NLBL_MGMT_C_LISTALL, |
| NLBL_MGMT_C_ADDDEF, |
| NLBL_MGMT_C_REMOVEDEF, |
| NLBL_MGMT_C_LISTDEF, |
| NLBL_MGMT_C_PROTOCOLS, |
| NLBL_MGMT_C_VERSION, |
| __NLBL_MGMT_C_MAX, |
| }; |
| |
| /* NetLabel Management attributes */ |
| enum { |
| NLBL_MGMT_A_UNSPEC, |
| NLBL_MGMT_A_DOMAIN, |
| /* (NLA_NUL_STRING) |
| * the NULL terminated LSM domain string */ |
| NLBL_MGMT_A_PROTOCOL, |
| /* (NLA_U32) |
| * the NetLabel protocol type (defined by NETLBL_NLTYPE_*) */ |
| NLBL_MGMT_A_VERSION, |
| /* (NLA_U32) |
| * the NetLabel protocol version number (defined by |
| * NETLBL_PROTO_VERSION) */ |
| NLBL_MGMT_A_CV4DOI, |
| /* (NLA_U32) |
| * the CIPSOv4 DOI value */ |
| NLBL_MGMT_A_IPV6ADDR, |
| /* (NLA_BINARY, struct in6_addr) |
| * an IPv6 address */ |
| NLBL_MGMT_A_IPV6MASK, |
| /* (NLA_BINARY, struct in6_addr) |
| * an IPv6 address mask */ |
| NLBL_MGMT_A_IPV4ADDR, |
| /* (NLA_BINARY, struct in_addr) |
| * an IPv4 address */ |
| NLBL_MGMT_A_IPV4MASK, |
| /* (NLA_BINARY, struct in_addr) |
| * and IPv4 address mask */ |
| NLBL_MGMT_A_ADDRSELECTOR, |
| /* (NLA_NESTED) |
| * an IP address selector, must contain an address, mask, and protocol |
| * attribute plus any protocol specific attributes */ |
| NLBL_MGMT_A_SELECTORLIST, |
| /* (NLA_NESTED) |
| * the selector list, there must be at least one |
| * NLBL_MGMT_A_ADDRSELECTOR attribute */ |
| NLBL_MGMT_A_FAMILY, |
| /* (NLA_U16) |
| * The address family */ |
| __NLBL_MGMT_A_MAX, |
| }; |
| #define NLBL_MGMT_A_MAX (__NLBL_MGMT_A_MAX - 1) |
| |
| /* NetLabel protocol functions */ |
| int netlbl_mgmt_genl_init(void); |
| |
| /* NetLabel configured protocol reference counter */ |
| extern atomic_t netlabel_mgmt_protocount; |
| |
| #endif |