1 /*
2  * NetLabel Management Support
3  *
4  * This file defines the management functions for the NetLabel system.  The
5  * NetLabel system manages static and dynamic label mappings for network
6  * protocols such as CIPSO and RIPSO.
7  *
8  * Author: Paul Moore <paul@paul-moore.com>
9  *
10  */
11 
12 /*
13  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
14  *
15  * This program is free software;  you can redistribute it and/or modify
16  * it under the terms of the GNU General Public License as published by
17  * the Free Software Foundation; either version 2 of the License, or
18  * (at your option) any later version.
19  *
20  * This program is distributed in the hope that it will be useful,
21  * but WITHOUT ANY WARRANTY;  without even the implied warranty of
22  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
23  * the GNU General Public License for more details.
24  *
25  * You should have received a copy of the GNU General Public License
26  * along with this program;  if not, write to the Free Software
27  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
28  *
29  */
30 
31 #ifndef _NETLABEL_MGMT_H
32 #define _NETLABEL_MGMT_H
33 
34 #include <net/netlabel.h>
35 #include <linux/atomic.h>
36 
37 /*
38  * The following NetLabel payloads are supported by the management interface.
39  *
40  * o ADD:
41  *   Sent by an application to add a domain mapping to the NetLabel system.
42  *
43  *   Required attributes:
44  *
45  *     NLBL_MGMT_A_DOMAIN
46  *     NLBL_MGMT_A_PROTOCOL
47  *
48  *   If IPv4 is specified the following attributes are required:
49  *
50  *     NLBL_MGMT_A_IPV4ADDR
51  *     NLBL_MGMT_A_IPV4MASK
52  *
53  *   If IPv6 is specified the following attributes are required:
54  *
55  *     NLBL_MGMT_A_IPV6ADDR
56  *     NLBL_MGMT_A_IPV6MASK
57  *
58  *   If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required:
59  *
60  *     NLBL_MGMT_A_CV4DOI
61  *
62  *   If using NETLBL_NLTYPE_UNLABELED no other attributes are required.
63  *
64  * o REMOVE:
65  *   Sent by an application to remove a domain mapping from the NetLabel
66  *   system.
67  *
68  *   Required attributes:
69  *
70  *     NLBL_MGMT_A_DOMAIN
71  *
72  * o LISTALL:
73  *   This message can be sent either from an application or by the kernel in
74  *   response to an application generated LISTALL message.  When sent by an
75  *   application there is no payload and the NLM_F_DUMP flag should be set.
76  *   The kernel should respond with a series of the following messages.
77  *
78  *   Required attributes:
79  *
80  *     NLBL_MGMT_A_DOMAIN
81  *
82  *   If the IP address selectors are not used the following attribute is
83  *   required:
84  *
85  *     NLBL_MGMT_A_PROTOCOL
86  *
87  *   If the IP address selectors are used then the following attritbute is
88  *   required:
89  *
90  *     NLBL_MGMT_A_SELECTORLIST
91  *
92  *   If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following
93  *   attributes are required:
94  *
95  *     NLBL_MGMT_A_CV4DOI
96  *
97  *   If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other
98  *   attributes are required.
99  *
100  * o ADDDEF:
101  *   Sent by an application to set the default domain mapping for the NetLabel
102  *   system.
103  *
104  *   Required attributes:
105  *
106  *     NLBL_MGMT_A_PROTOCOL
107  *
108  *   If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required:
109  *
110  *     NLBL_MGMT_A_CV4DOI
111  *
112  *   If using NETLBL_NLTYPE_UNLABELED no other attributes are required.
113  *
114  * o REMOVEDEF:
115  *   Sent by an application to remove the default domain mapping from the
116  *   NetLabel system, there is no payload.
117  *
118  * o LISTDEF:
119  *   This message can be sent either from an application or by the kernel in
120  *   response to an application generated LISTDEF message.  When sent by an
121  *   application there is no payload.  On success the kernel should send a
122  *   response using the following format.
123  *
124  *   If the IP address selectors are not used the following attribute is
125  *   required:
126  *
127  *     NLBL_MGMT_A_PROTOCOL
128  *
129  *   If the IP address selectors are used then the following attritbute is
130  *   required:
131  *
132  *     NLBL_MGMT_A_SELECTORLIST
133  *
134  *   If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following
135  *   attributes are required:
136  *
137  *     NLBL_MGMT_A_CV4DOI
138  *
139  *   If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other
140  *   attributes are required.
141  *
142  * o PROTOCOLS:
143  *   Sent by an application to request a list of configured NetLabel protocols
144  *   in the kernel.  When sent by an application there is no payload and the
145  *   NLM_F_DUMP flag should be set.  The kernel should respond with a series of
146  *   the following messages.
147  *
148  *   Required attributes:
149  *
150  *     NLBL_MGMT_A_PROTOCOL
151  *
152  * o VERSION:
153  *   Sent by an application to request the NetLabel version.  When sent by an
154  *   application there is no payload.  This message type is also used by the
155  *   kernel to respond to an VERSION request.
156  *
157  *   Required attributes:
158  *
159  *     NLBL_MGMT_A_VERSION
160  *
161  */
162 
163 /* NetLabel Management commands */
164 enum {
165 	NLBL_MGMT_C_UNSPEC,
166 	NLBL_MGMT_C_ADD,
167 	NLBL_MGMT_C_REMOVE,
168 	NLBL_MGMT_C_LISTALL,
169 	NLBL_MGMT_C_ADDDEF,
170 	NLBL_MGMT_C_REMOVEDEF,
171 	NLBL_MGMT_C_LISTDEF,
172 	NLBL_MGMT_C_PROTOCOLS,
173 	NLBL_MGMT_C_VERSION,
174 	__NLBL_MGMT_C_MAX,
175 };
176 
177 /* NetLabel Management attributes */
178 enum {
179 	NLBL_MGMT_A_UNSPEC,
180 	NLBL_MGMT_A_DOMAIN,
181 	/* (NLA_NUL_STRING)
182 	 * the NULL terminated LSM domain string */
183 	NLBL_MGMT_A_PROTOCOL,
184 	/* (NLA_U32)
185 	 * the NetLabel protocol type (defined by NETLBL_NLTYPE_*) */
186 	NLBL_MGMT_A_VERSION,
187 	/* (NLA_U32)
188 	 * the NetLabel protocol version number (defined by
189 	 * NETLBL_PROTO_VERSION) */
190 	NLBL_MGMT_A_CV4DOI,
191 	/* (NLA_U32)
192 	 * the CIPSOv4 DOI value */
193 	NLBL_MGMT_A_IPV6ADDR,
194 	/* (NLA_BINARY, struct in6_addr)
195 	 * an IPv6 address */
196 	NLBL_MGMT_A_IPV6MASK,
197 	/* (NLA_BINARY, struct in6_addr)
198 	 * an IPv6 address mask */
199 	NLBL_MGMT_A_IPV4ADDR,
200 	/* (NLA_BINARY, struct in_addr)
201 	 * an IPv4 address */
202 	NLBL_MGMT_A_IPV4MASK,
203 	/* (NLA_BINARY, struct in_addr)
204 	 * and IPv4 address mask */
205 	NLBL_MGMT_A_ADDRSELECTOR,
206 	/* (NLA_NESTED)
207 	 * an IP address selector, must contain an address, mask, and protocol
208 	 * attribute plus any protocol specific attributes */
209 	NLBL_MGMT_A_SELECTORLIST,
210 	/* (NLA_NESTED)
211 	 * the selector list, there must be at least one
212 	 * NLBL_MGMT_A_ADDRSELECTOR attribute */
213 	__NLBL_MGMT_A_MAX,
214 };
215 #define NLBL_MGMT_A_MAX (__NLBL_MGMT_A_MAX - 1)
216 
217 /* NetLabel protocol functions */
218 int netlbl_mgmt_genl_init(void);
219 
220 /* NetLabel configured protocol reference counter */
221 extern atomic_t netlabel_mgmt_protocount;
222 
223 #endif
224