netlabel_cipso_v4.h - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
netlabel_cipso_v4.h (4226B)
      1/* SPDX-License-Identifier: GPL-2.0-or-later */
      2/*
      3 * NetLabel CIPSO/IPv4 Support
      4 *
      5 * This file defines the CIPSO/IPv4 functions for the NetLabel system.  The
      6 * NetLabel system manages static and dynamic label mappings for network
      7 * protocols such as CIPSO and RIPSO.
      8 *
      9 * Author: Paul Moore <paul@paul-moore.com>
     10 */
     11
     12/*
     13 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
     14 */
     15
     16#ifndef _NETLABEL_CIPSO_V4
     17#define _NETLABEL_CIPSO_V4
     18
     19#include <net/netlabel.h>
     20
     21/*
     22 * The following NetLabel payloads are supported by the CIPSO subsystem.
     23 *
     24 * o ADD:
     25 *   Sent by an application to add a new DOI mapping table.
     26 *
     27 *   Required attributes:
     28 *
     29 *     NLBL_CIPSOV4_A_DOI
     30 *     NLBL_CIPSOV4_A_MTYPE
     31 *     NLBL_CIPSOV4_A_TAGLST
     32 *
     33 *   If using CIPSO_V4_MAP_TRANS the following attributes are required:
     34 *
     35 *     NLBL_CIPSOV4_A_MLSLVLLST
     36 *     NLBL_CIPSOV4_A_MLSCATLST
     37 *
     38 *   If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
     39 *   are required.
     40 *
     41 * o REMOVE:
     42 *   Sent by an application to remove a specific DOI mapping table from the
     43 *   CIPSO V4 system.
     44 *
     45 *   Required attributes:
     46 *
     47 *     NLBL_CIPSOV4_A_DOI
     48 *
     49 * o LIST:
     50 *   Sent by an application to list the details of a DOI definition.  On
     51 *   success the kernel should send a response using the following format.
     52 *
     53 *   Required attributes:
     54 *
     55 *     NLBL_CIPSOV4_A_DOI
     56 *
     57 *   The valid response message format depends on the type of the DOI mapping,
     58 *   the defined formats are shown below.
     59 *
     60 *   Required attributes:
     61 *
     62 *     NLBL_CIPSOV4_A_MTYPE
     63 *     NLBL_CIPSOV4_A_TAGLST
     64 *
     65 *   If using CIPSO_V4_MAP_TRANS the following attributes are required:
     66 *
     67 *     NLBL_CIPSOV4_A_MLSLVLLST
     68 *     NLBL_CIPSOV4_A_MLSCATLST
     69 *
     70 *   If using CIPSO_V4_MAP_PASS or CIPSO_V4_MAP_LOCAL no additional attributes
     71 *   are required.
     72 *
     73 * o LISTALL:
     74 *   This message is sent by an application to list the valid DOIs on the
     75 *   system.  When sent by an application there is no payload and the
     76 *   NLM_F_DUMP flag should be set.  The kernel should respond with a series of
     77 *   the following messages.
     78 *
     79 *   Required attributes:
     80 *
     81 *    NLBL_CIPSOV4_A_DOI
     82 *    NLBL_CIPSOV4_A_MTYPE
     83 *
     84 */
     85
     86/* NetLabel CIPSOv4 commands */
     87enum {
     88	NLBL_CIPSOV4_C_UNSPEC,
     89	NLBL_CIPSOV4_C_ADD,
     90	NLBL_CIPSOV4_C_REMOVE,
     91	NLBL_CIPSOV4_C_LIST,
     92	NLBL_CIPSOV4_C_LISTALL,
     93	__NLBL_CIPSOV4_C_MAX,
     94};
     95
     96/* NetLabel CIPSOv4 attributes */
     97enum {
     98	NLBL_CIPSOV4_A_UNSPEC,
     99	NLBL_CIPSOV4_A_DOI,
    100	/* (NLA_U32)
    101	 * the DOI value */
    102	NLBL_CIPSOV4_A_MTYPE,
    103	/* (NLA_U32)
    104	 * the mapping table type (defined in the cipso_ipv4.h header as
    105	 * CIPSO_V4_MAP_*) */
    106	NLBL_CIPSOV4_A_TAG,
    107	/* (NLA_U8)
    108	 * a CIPSO tag type, meant to be used within a NLBL_CIPSOV4_A_TAGLST
    109	 * attribute */
    110	NLBL_CIPSOV4_A_TAGLST,
    111	/* (NLA_NESTED)
    112	 * the CIPSO tag list for the DOI, there must be at least one
    113	 * NLBL_CIPSOV4_A_TAG attribute, tags listed first are given higher
    114	 * priorirty when sending packets */
    115	NLBL_CIPSOV4_A_MLSLVLLOC,
    116	/* (NLA_U32)
    117	 * the local MLS sensitivity level */
    118	NLBL_CIPSOV4_A_MLSLVLREM,
    119	/* (NLA_U32)
    120	 * the remote MLS sensitivity level */
    121	NLBL_CIPSOV4_A_MLSLVL,
    122	/* (NLA_NESTED)
    123	 * a MLS sensitivity level mapping, must contain only one attribute of
    124	 * each of the following types: NLBL_CIPSOV4_A_MLSLVLLOC and
    125	 * NLBL_CIPSOV4_A_MLSLVLREM */
    126	NLBL_CIPSOV4_A_MLSLVLLST,
    127	/* (NLA_NESTED)
    128	 * the CIPSO level mappings, there must be at least one
    129	 * NLBL_CIPSOV4_A_MLSLVL attribute */
    130	NLBL_CIPSOV4_A_MLSCATLOC,
    131	/* (NLA_U32)
    132	 * the local MLS category */
    133	NLBL_CIPSOV4_A_MLSCATREM,
    134	/* (NLA_U32)
    135	 * the remote MLS category */
    136	NLBL_CIPSOV4_A_MLSCAT,
    137	/* (NLA_NESTED)
    138	 * a MLS category mapping, must contain only one attribute of each of
    139	 * the following types: NLBL_CIPSOV4_A_MLSCATLOC and
    140	 * NLBL_CIPSOV4_A_MLSCATREM */
    141	NLBL_CIPSOV4_A_MLSCATLST,
    142	/* (NLA_NESTED)
    143	 * the CIPSO category mappings, there must be at least one
    144	 * NLBL_CIPSOV4_A_MLSCAT attribute */
    145	__NLBL_CIPSOV4_A_MAX,
    146};
    147#define NLBL_CIPSOV4_A_MAX (__NLBL_CIPSOV4_A_MAX - 1)
    148
    149/* NetLabel protocol functions */
    150int netlbl_cipsov4_genl_init(void);
    151
    152/* Free the memory associated with a CIPSOv4 DOI definition */
    153void netlbl_cipsov4_doi_free(struct rcu_head *entry);
    154
    155#endif