~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/netlabel/netlabel_unlabeled.h

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~ 
  1 /* SPDX-License-Identifier: GPL-2.0-or-later */
  2 /*
  3  * NetLabel Unlabeled Support
  4  *
  5  * This file defines functions for dealing with unlabeled packets for the
  6  * NetLabel system.  The NetLabel system manages static and dynamic label
  7  * mappings for network protocols such as CIPSO and RIPSO.
  8  *
  9  * Author: Paul Moore <paul@paul-moore.com>
 10  */
 11 
 12 /*
 13  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
 14  */
 15 
 16 #ifndef _NETLABEL_UNLABELED_H
 17 #define _NETLABEL_UNLABELED_H
 18 
 19 #include <net/netlabel.h>
 20 
 21 /*
 22  * The following NetLabel payloads are supported by the Unlabeled subsystem.
 23  *
 24  * o STATICADD
 25  *   This message is sent from an application to add a new static label for
 26  *   incoming unlabeled connections.
 27  *
 28  *   Required attributes:
 29  *
 30  *     NLBL_UNLABEL_A_IFACE
 31  *     NLBL_UNLABEL_A_SECCTX
 32  *
 33  *   If IPv4 is specified the following attributes are required:
 34  *
 35  *     NLBL_UNLABEL_A_IPV4ADDR
 36  *     NLBL_UNLABEL_A_IPV4MASK
 37  *
 38  *   If IPv6 is specified the following attributes are required:
 39  *
 40  *     NLBL_UNLABEL_A_IPV6ADDR
 41  *     NLBL_UNLABEL_A_IPV6MASK
 42  *
 43  * o STATICREMOVE
 44  *   This message is sent from an application to remove an existing static
 45  *   label for incoming unlabeled connections.
 46  *
 47  *   Required attributes:
 48  *
 49  *     NLBL_UNLABEL_A_IFACE
 50  *
 51  *   If IPv4 is specified the following attributes are required:
 52  *
 53  *     NLBL_UNLABEL_A_IPV4ADDR
 54  *     NLBL_UNLABEL_A_IPV4MASK
 55  *
 56  *   If IPv6 is specified the following attributes are required:
 57  *
 58  *     NLBL_UNLABEL_A_IPV6ADDR
 59  *     NLBL_UNLABEL_A_IPV6MASK
 60  *
 61  * o STATICLIST
 62  *   This message can be sent either from an application or by the kernel in
 63  *   response to an application generated STATICLIST message.  When sent by an
 64  *   application there is no payload and the NLM_F_DUMP flag should be set.
 65  *   The kernel should response with a series of the following messages.
 66  *
 67  *   Required attributes:
 68  *
 69  *     NLBL_UNLABEL_A_IFACE
 70  *     NLBL_UNLABEL_A_SECCTX
 71  *
 72  *   If IPv4 is specified the following attributes are required:
 73  *
 74  *     NLBL_UNLABEL_A_IPV4ADDR
 75  *     NLBL_UNLABEL_A_IPV4MASK
 76  *
 77  *   If IPv6 is specified the following attributes are required:
 78  *
 79  *     NLBL_UNLABEL_A_IPV6ADDR
 80  *     NLBL_UNLABEL_A_IPV6MASK
 81  *
 82  * o STATICADDDEF
 83  *   This message is sent from an application to set the default static
 84  *   label for incoming unlabeled connections.
 85  *
 86  *   Required attribute:
 87  *
 88  *     NLBL_UNLABEL_A_SECCTX
 89  *
 90  *   If IPv4 is specified the following attributes are required:
 91  *
 92  *     NLBL_UNLABEL_A_IPV4ADDR
 93  *     NLBL_UNLABEL_A_IPV4MASK
 94  *
 95  *   If IPv6 is specified the following attributes are required:
 96  *
 97  *     NLBL_UNLABEL_A_IPV6ADDR
 98  *     NLBL_UNLABEL_A_IPV6MASK
 99  *
100  * o STATICREMOVEDEF
101  *   This message is sent from an application to remove the existing default
102  *   static label for incoming unlabeled connections.
103  *
104  *   If IPv4 is specified the following attributes are required:
105  *
106  *     NLBL_UNLABEL_A_IPV4ADDR
107  *     NLBL_UNLABEL_A_IPV4MASK
108  *
109  *   If IPv6 is specified the following attributes are required:
110  *
111  *     NLBL_UNLABEL_A_IPV6ADDR
112  *     NLBL_UNLABEL_A_IPV6MASK
113  *
114  * o STATICLISTDEF
115  *   This message can be sent either from an application or by the kernel in
116  *   response to an application generated STATICLISTDEF message.  When sent by
117  *   an application there is no payload and the NLM_F_DUMP flag should be set.
118  *   The kernel should response with the following message.
119  *
120  *   Required attribute:
121  *
122  *     NLBL_UNLABEL_A_SECCTX
123  *
124  *   If IPv4 is specified the following attributes are required:
125  *
126  *     NLBL_UNLABEL_A_IPV4ADDR
127  *     NLBL_UNLABEL_A_IPV4MASK
128  *
129  *   If IPv6 is specified the following attributes are required:
130  *
131  *     NLBL_UNLABEL_A_IPV6ADDR
132  *     NLBL_UNLABEL_A_IPV6MASK
133  *
134  * o ACCEPT
135  *   This message is sent from an application to specify if the kernel should
136  *   allow unlabled packets to pass if they do not match any of the static
137  *   mappings defined in the unlabeled module.
138  *
139  *   Required attributes:
140  *
141  *     NLBL_UNLABEL_A_ACPTFLG
142  *
143  * o LIST
144  *   This message can be sent either from an application or by the kernel in
145  *   response to an application generated LIST message.  When sent by an
146  *   application there is no payload.  The kernel should respond to a LIST
147  *   message with a LIST message on success.
148  *
149  *   Required attributes:
150  *
151  *     NLBL_UNLABEL_A_ACPTFLG
152  *
153  */
154 
155 /* NetLabel Unlabeled commands */
156 enum {
157         NLBL_UNLABEL_C_UNSPEC,
158         NLBL_UNLABEL_C_ACCEPT,
159         NLBL_UNLABEL_C_LIST,
160         NLBL_UNLABEL_C_STATICADD,
161         NLBL_UNLABEL_C_STATICREMOVE,
162         NLBL_UNLABEL_C_STATICLIST,
163         NLBL_UNLABEL_C_STATICADDDEF,
164         NLBL_UNLABEL_C_STATICREMOVEDEF,
165         NLBL_UNLABEL_C_STATICLISTDEF,
166         __NLBL_UNLABEL_C_MAX,
167 };
168 
169 /* NetLabel Unlabeled attributes */
170 enum {
171         NLBL_UNLABEL_A_UNSPEC,
172         NLBL_UNLABEL_A_ACPTFLG,
173         /* (NLA_U8)
174          * if true then unlabeled packets are allowed to pass, else unlabeled
175          * packets are rejected */
176         NLBL_UNLABEL_A_IPV6ADDR,
177         /* (NLA_BINARY, struct in6_addr)
178          * an IPv6 address */
179         NLBL_UNLABEL_A_IPV6MASK,
180         /* (NLA_BINARY, struct in6_addr)
181          * an IPv6 address mask */
182         NLBL_UNLABEL_A_IPV4ADDR,
183         /* (NLA_BINARY, struct in_addr)
184          * an IPv4 address */
185         NLBL_UNLABEL_A_IPV4MASK,
186         /* (NLA_BINARY, struct in_addr)
187          * and IPv4 address mask */
188         NLBL_UNLABEL_A_IFACE,
189         /* (NLA_NULL_STRING)
190          * network interface */
191         NLBL_UNLABEL_A_SECCTX,
192         /* (NLA_BINARY)
193          * a LSM specific security context */
194         __NLBL_UNLABEL_A_MAX,
195 };
196 #define NLBL_UNLABEL_A_MAX (__NLBL_UNLABEL_A_MAX - 1)
197 
198 /* NetLabel protocol functions */
199 int netlbl_unlabel_genl_init(void);
200 
201 /* Unlabeled connection hash table size */
202 /* XXX - currently this number is an uneducated guess */
203 #define NETLBL_UNLHSH_BITSIZE       7
204 
205 /* General Unlabeled init function */
206 int netlbl_unlabel_init(u32 size);
207 
208 /* Static/Fallback label management functions */
209 int netlbl_unlhsh_add(struct net *net,
210                       const char *dev_name,
211                       const void *addr,
212                       const void *mask,
213                       u32 addr_len,
214                       u32 secid,
215                       struct netlbl_audit *audit_info);
216 int netlbl_unlhsh_remove(struct net *net,
217                          const char *dev_name,
218                          const void *addr,
219                          const void *mask,
220                          u32 addr_len,
221                          struct netlbl_audit *audit_info);
222 
223 /* Process Unlabeled incoming network packets */
224 int netlbl_unlabel_getattr(const struct sk_buff *skb,
225                            u16 family,
226                            struct netlbl_lsm_secattr *secattr);
227 
228 /* Set the default configuration to allow Unlabeled packets */
229 int netlbl_unlabel_defconf(void);
230 
231 #endif
232
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php