Eric Lee / smarc-fsl-linux-kernel

Blame view

include/net/cipso_ipv4.h 7.44 KB
edit raw normal view history
11a03f78f   Paul Moore   [NetLabel]: core ... 
1
2
3
4
5
6
7
8
9
10
 
  /*
   * CIPSO - Commercial IP Security Option
   *
   * This is an implementation of the CIPSO 2.2 protocol as specified in
   * draft-ietf-cipso-ipsecurity-01.txt with additional tag types as found in
   * FIPS-188, copies of both documents can be found in the Documentation
   * directory.  While CIPSO never became a full IETF RFC standard many vendors
   * have chosen to adopt the protocol and over the years it has become a
   * de-facto standard for labeled networking.
   *
82c21bfab   Paul Moore   doc: Update the e... 
11
 
   * Author: Paul Moore <paul@paul-moore.com>
11a03f78f   Paul Moore   [NetLabel]: core ... 
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
   *
   */
  
  /*
   * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
   *
   * This program is free software;  you can redistribute it and/or modify
   * it under the terms of the GNU General Public License as published by
   * the Free Software Foundation; either version 2 of the License, or
   * (at your option) any later version.
   *
   * This program is distributed in the hope that it will be useful,
   * but WITHOUT ANY WARRANTY;  without even the implied warranty of
   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
   * the GNU General Public License for more details.
   *
   * You should have received a copy of the GNU General Public License
   * along with this program;  if not, write to the Free Software
   * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
   *
   */
  
  #ifndef _CIPSO_IPV4_H
  #define _CIPSO_IPV4_H
  
  #include <linux/types.h>
  #include <linux/rcupdate.h>
  #include <linux/list.h>
7a0e1d602   Paul Moore   [NetLabel]: add s... 
40
41
 
  #include <linux/net.h>
  #include <linux/skbuff.h>
11a03f78f   Paul Moore   [NetLabel]: core ... 
42
 
  #include <net/netlabel.h>
389fb800a   Paul Moore   netlabel: Label i... 
43
 
  #include <net/request_sock.h>
60063497a   Arun Sharma   atomic: use <linu... 
44
 
  #include <linux/atomic.h>
11a03f78f   Paul Moore   [NetLabel]: core ... 
45
46
47
 
  
  /* known doi values */
  #define CIPSO_V4_DOI_UNKNOWN          0x00000000
15c45f7b2   Paul Moore   cipso: Add suppor... 
48
 
  /* standard tag types */
11a03f78f   Paul Moore   [NetLabel]: core ... 
49
50
51
52
53
54
 
  #define CIPSO_V4_TAG_INVALID          0
  #define CIPSO_V4_TAG_RBITMAP          1
  #define CIPSO_V4_TAG_ENUM             2
  #define CIPSO_V4_TAG_RANGE            5
  #define CIPSO_V4_TAG_PBITMAP          6
  #define CIPSO_V4_TAG_FREEFORM         7
15c45f7b2   Paul Moore   cipso: Add suppor... 
55
56
 
  /* non-standard tag types (tags > 127) */
  #define CIPSO_V4_TAG_LOCAL            128
11a03f78f   Paul Moore   [NetLabel]: core ... 
57
58
 
  /* doi mapping types */
  #define CIPSO_V4_MAP_UNKNOWN          0
15c45f7b2   Paul Moore   cipso: Add suppor... 
59
 
  #define CIPSO_V4_MAP_TRANS            1
11a03f78f   Paul Moore   [NetLabel]: core ... 
60
 
  #define CIPSO_V4_MAP_PASS             2
15c45f7b2   Paul Moore   cipso: Add suppor... 
61
 
  #define CIPSO_V4_MAP_LOCAL            3
11a03f78f   Paul Moore   [NetLabel]: core ... 
62
63
 
  
  /* limits */
c6b1677a5   Paul Moore   NetLabel: use the... 
64
 
  #define CIPSO_V4_MAX_REM_LVLS         255
11a03f78f   Paul Moore   [NetLabel]: core ... 
65
66
 
  #define CIPSO_V4_INV_LVL              0x80000000
  #define CIPSO_V4_MAX_LOC_LVLS         (CIPSO_V4_INV_LVL - 1)
c6b1677a5   Paul Moore   NetLabel: use the... 
67
 
  #define CIPSO_V4_MAX_REM_CATS         65534
11a03f78f   Paul Moore   [NetLabel]: core ... 
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
  #define CIPSO_V4_INV_CAT              0x80000000
  #define CIPSO_V4_MAX_LOC_CATS         (CIPSO_V4_INV_CAT - 1)
  
  /*
   * CIPSO DOI definitions
   */
  
  /* DOI definition struct */
  #define CIPSO_V4_TAG_MAXCNT           5
  struct cipso_v4_doi {
  	u32 doi;
  	u32 type;
  	union {
  		struct cipso_v4_std_map_tbl *std;
  	} map;
  	u8 tags[CIPSO_V4_TAG_MAXCNT];
b1edeb102   Paul Moore   netlabel: Replace... 
84
 
  	atomic_t refcount;
11a03f78f   Paul Moore   [NetLabel]: core ... 
85
86
 
  	struct list_head list;
  	struct rcu_head rcu;
11a03f78f   Paul Moore   [NetLabel]: core ... 
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
 
  };
  
  /* Standard CIPSO mapping table */
  /* NOTE: the highest order bit (i.e. 0x80000000) is an 'invalid' flag, if the
   *       bit is set then consider that value as unspecified, meaning the
   *       mapping for that particular level/category is invalid */
  struct cipso_v4_std_map_tbl {
  	struct {
  		u32 *cipso;
  		u32 *local;
  		u32 cipso_size;
  		u32 local_size;
  	} lvl;
  	struct {
  		u32 *cipso;
  		u32 *local;
  		u32 cipso_size;
  		u32 local_size;
  	} cat;
  };
  
  /*
   * Sysctl Variables
   */
  
  #ifdef CONFIG_NETLABEL
  extern int cipso_v4_cache_enabled;
  extern int cipso_v4_cache_bucketsize;
  extern int cipso_v4_rbm_optfmt;
  extern int cipso_v4_rbm_strictvalid;
  #endif
  
  /*
   * Helper Functions
   */
  
  #define CIPSO_V4_OPTEXIST(x) (IPCB(x)->opt.cipso != 0)
d56f90a7c   Arnaldo Carvalho de Melo   [SK_BUFF]: Introd... 
124
 
  #define CIPSO_V4_OPTPTR(x) (skb_network_header(x) + IPCB(x)->opt.cipso)
11a03f78f   Paul Moore   [NetLabel]: core ... 
125
126
127
128
129
130
 
  
  /*
   * DOI List Functions
   */
  
  #ifdef CONFIG_NETLABEL
6c2e8ac09   Paul Moore   netlabel: Update ... 
131
132
 
  int cipso_v4_doi_add(struct cipso_v4_doi *doi_def,
  		     struct netlbl_audit *audit_info);
b1edeb102   Paul Moore   netlabel: Replace... 
133
134
 
  void cipso_v4_doi_free(struct cipso_v4_doi *doi_def);
  int cipso_v4_doi_remove(u32 doi, struct netlbl_audit *audit_info);
11a03f78f   Paul Moore   [NetLabel]: core ... 
135
 
  struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi);
b1edeb102   Paul Moore   netlabel: Replace... 
136
 
  void cipso_v4_doi_putdef(struct cipso_v4_doi *doi_def);
fcd482806   Paul Moore   [NetLabel]: rewor... 
137
138
139
 
  int cipso_v4_doi_walk(u32 *skip_cnt,
  		     int (*callback) (struct cipso_v4_doi *doi_def, void *arg),
  	             void *cb_arg);
11a03f78f   Paul Moore   [NetLabel]: core ... 
140
 
  #else
6c2e8ac09   Paul Moore   netlabel: Update ... 
141
142
 
  static inline int cipso_v4_doi_add(struct cipso_v4_doi *doi_def,
  				   struct netlbl_audit *audit_info)
11a03f78f   Paul Moore   [NetLabel]: core ... 
143
144
145
 
  {
  	return -ENOSYS;
  }
b1edeb102   Paul Moore   netlabel: Replace... 
146
147
148
149
 
  static inline void cipso_v4_doi_free(struct cipso_v4_doi *doi_def)
  {
  	return;
  }
11a03f78f   Paul Moore   [NetLabel]: core ... 
150
 
  static inline int cipso_v4_doi_remove(u32 doi,
b1edeb102   Paul Moore   netlabel: Replace... 
151
 
  				      struct netlbl_audit *audit_info)
11a03f78f   Paul Moore   [NetLabel]: core ... 
152
153
154
155
156
157
158
159
 
  {
  	return 0;
  }
  
  static inline struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi)
  {
  	return NULL;
  }
fcd482806   Paul Moore   [NetLabel]: rewor... 
160
161
162
 
  static inline int cipso_v4_doi_walk(u32 *skip_cnt,
  		     int (*callback) (struct cipso_v4_doi *doi_def, void *arg),
  		     void *cb_arg)
11a03f78f   Paul Moore   [NetLabel]: core ... 
163
 
  {
fcd482806   Paul Moore   [NetLabel]: rewor... 
164
 
  	return 0;
11a03f78f   Paul Moore   [NetLabel]: core ... 
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
 
  }
  
  static inline int cipso_v4_doi_domhsh_add(struct cipso_v4_doi *doi_def,
  					  const char *domain)
  {
  	return -ENOSYS;
  }
  
  static inline int cipso_v4_doi_domhsh_remove(struct cipso_v4_doi *doi_def,
  					     const char *domain)
  {
  	return 0;
  }
  #endif /* CONFIG_NETLABEL */
  
  /*
   * Label Mapping Cache Functions
   */
  
  #ifdef CONFIG_NETLABEL
  void cipso_v4_cache_invalidate(void);
  int cipso_v4_cache_add(const struct sk_buff *skb,
  		       const struct netlbl_lsm_secattr *secattr);
  #else
  static inline void cipso_v4_cache_invalidate(void)
  {
  	return;
  }
  
  static inline int cipso_v4_cache_add(const struct sk_buff *skb,
  				     const struct netlbl_lsm_secattr *secattr)
  {
  	return 0;
  }
  #endif /* CONFIG_NETLABEL */
  
  /*
   * Protocol Handling Functions
   */
  
  #ifdef CONFIG_NETLABEL
  void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway);
ba6ff9f2b   Paul Moore   [NetLabel]: conso... 
207
208
209
 
  int cipso_v4_sock_setattr(struct sock *sk,
  			  const struct cipso_v4_doi *doi_def,
  			  const struct netlbl_lsm_secattr *secattr);
014ab19a6   Paul Moore   selinux: Set sock... 
210
 
  void cipso_v4_sock_delattr(struct sock *sk);
14a72f53f   Paul Moore   [NetLabel]: corre... 
211
 
  int cipso_v4_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr);
389fb800a   Paul Moore   netlabel: Label i... 
212
213
214
215
 
  int cipso_v4_req_setattr(struct request_sock *req,
  			 const struct cipso_v4_doi *doi_def,
  			 const struct netlbl_lsm_secattr *secattr);
  void cipso_v4_req_delattr(struct request_sock *req);
948bf85c1   Paul Moore   netlabel: Add fun... 
216
217
218
219
 
  int cipso_v4_skbuff_setattr(struct sk_buff *skb,
  			    const struct cipso_v4_doi *doi_def,
  			    const struct netlbl_lsm_secattr *secattr);
  int cipso_v4_skbuff_delattr(struct sk_buff *skb);
11a03f78f   Paul Moore   [NetLabel]: core ... 
220
221
 
  int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
  			    struct netlbl_lsm_secattr *secattr);
15c45f7b2   Paul Moore   cipso: Add suppor... 
222
 
  int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option);
11a03f78f   Paul Moore   [NetLabel]: core ... 
223
224
225
226
227
228
229
 
  #else
  static inline void cipso_v4_error(struct sk_buff *skb,
  				  int error,
  				  u32 gateway)
  {
  	return;
  }
ba6ff9f2b   Paul Moore   [NetLabel]: conso... 
230
231
232
 
  static inline int cipso_v4_sock_setattr(struct sock *sk,
  				      const struct cipso_v4_doi *doi_def,
  				      const struct netlbl_lsm_secattr *secattr)
11a03f78f   Paul Moore   [NetLabel]: core ... 
233
234
235
 
  {
  	return -ENOSYS;
  }
014ab19a6   Paul Moore   selinux: Set sock... 
236
237
238
 
  static inline void cipso_v4_sock_delattr(struct sock *sk)
  {
  }
14a72f53f   Paul Moore   [NetLabel]: corre... 
239
240
241
242
243
 
  static inline int cipso_v4_sock_getattr(struct sock *sk,
  					struct netlbl_lsm_secattr *secattr)
  {
  	return -ENOSYS;
  }
389fb800a   Paul Moore   netlabel: Label i... 
244
245
246
247
248
249
250
251
252
253
254
 
  static inline int cipso_v4_req_setattr(struct request_sock *req,
  				       const struct cipso_v4_doi *doi_def,
  				       const struct netlbl_lsm_secattr *secattr)
  {
  	return -ENOSYS;
  }
  
  static inline void cipso_v4_req_delattr(struct request_sock *req)
  {
  	return;
  }
948bf85c1   Paul Moore   netlabel: Add fun... 
255
256
257
258
259
260
261
262
263
264
265
 
  static inline int cipso_v4_skbuff_setattr(struct sk_buff *skb,
  				      const struct cipso_v4_doi *doi_def,
  				      const struct netlbl_lsm_secattr *secattr)
  {
  	return -ENOSYS;
  }
  
  static inline int cipso_v4_skbuff_delattr(struct sk_buff *skb)
  {
  	return -ENOSYS;
  }
11a03f78f   Paul Moore   [NetLabel]: core ... 
266
267
268
269
270
 
  static inline int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
  					  struct netlbl_lsm_secattr *secattr)
  {
  	return -ENOSYS;
  }
15c45f7b2   Paul Moore   cipso: Add suppor... 
271
272
 
  static inline int cipso_v4_validate(const struct sk_buff *skb,
  				    unsigned char **option)
11a03f78f   Paul Moore   [NetLabel]: core ... 
273
274
275
276
277
278
 
  {
  	return -ENOSYS;
  }
  #endif /* CONFIG_NETLABEL */
  
  #endif /* _CIPSO_IPV4_H */