1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/*
3 * NetLabel Management Support
4 *
5 * This file defines the management functions for the NetLabel system.  The
6 * NetLabel system manages static and dynamic label mappings for network
7 * protocols such as CIPSO and RIPSO.
8 *
9 * Author: Paul Moore <paul@paul-moore.com>
10 */
11
12/*
13 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
14 */
15
16#ifndef _NETLABEL_MGMT_H
17#define _NETLABEL_MGMT_H
18
19#include <net/netlabel.h>
20#include <linux/atomic.h>
21
22/*
23 * The following NetLabel payloads are supported by the management interface.
24 *
25 * o ADD:
26 *   Sent by an application to add a domain mapping to the NetLabel system.
27 *
28 *   Required attributes:
29 *
30 *     NLBL_MGMT_A_DOMAIN
31 *     NLBL_MGMT_A_PROTOCOL
32 *
33 *   If IPv4 is specified the following attributes are required:
34 *
35 *     NLBL_MGMT_A_IPV4ADDR
36 *     NLBL_MGMT_A_IPV4MASK
37 *
38 *   If IPv6 is specified the following attributes are required:
39 *
40 *     NLBL_MGMT_A_IPV6ADDR
41 *     NLBL_MGMT_A_IPV6MASK
42 *
43 *   If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required:
44 *
45 *     NLBL_MGMT_A_CV4DOI
46 *
47 *   If using NETLBL_NLTYPE_UNLABELED no other attributes are required,
48 *   however the following attribute may optionally be sent:
49 *
50 *     NLBL_MGMT_A_FAMILY
51 *
52 * o REMOVE:
53 *   Sent by an application to remove a domain mapping from the NetLabel
54 *   system.
55 *
56 *   Required attributes:
57 *
58 *     NLBL_MGMT_A_DOMAIN
59 *
60 * o LISTALL:
61 *   This message can be sent either from an application or by the kernel in
62 *   response to an application generated LISTALL message.  When sent by an
63 *   application there is no payload and the NLM_F_DUMP flag should be set.
64 *   The kernel should respond with a series of the following messages.
65 *
66 *   Required attributes:
67 *
68 *     NLBL_MGMT_A_DOMAIN
69 *     NLBL_MGMT_A_FAMILY
70 *
71 *   If the IP address selectors are not used the following attribute is
72 *   required:
73 *
74 *     NLBL_MGMT_A_PROTOCOL
75 *
76 *   If the IP address selectors are used then the following attritbute is
77 *   required:
78 *
79 *     NLBL_MGMT_A_SELECTORLIST
80 *
81 *   If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following
82 *   attributes are required:
83 *
84 *     NLBL_MGMT_A_CV4DOI
85 *
86 *   If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other
87 *   attributes are required.
88 *
89 * o ADDDEF:
90 *   Sent by an application to set the default domain mapping for the NetLabel
91 *   system.
92 *
93 *   Required attributes:
94 *
95 *     NLBL_MGMT_A_PROTOCOL
96 *
97 *   If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required:
98 *
99 *     NLBL_MGMT_A_CV4DOI
100 *
101 *   If using NETLBL_NLTYPE_UNLABELED no other attributes are required,
102 *   however the following attribute may optionally be sent:
103 *
104 *     NLBL_MGMT_A_FAMILY
105 *
106 * o REMOVEDEF:
107 *   Sent by an application to remove the default domain mapping from the
108 *   NetLabel system, there is no payload.
109 *
110 * o LISTDEF:
111 *   This message can be sent either from an application or by the kernel in
112 *   response to an application generated LISTDEF message.  When sent by an
113 *   application there may be an optional payload.
114 *
115 *     NLBL_MGMT_A_FAMILY
116 *
117 *   On success the kernel should send a response using the following format:
118 *
119 *   If the IP address selectors are not used the following attributes are
120 *   required:
121 *
122 *     NLBL_MGMT_A_PROTOCOL
123 *     NLBL_MGMT_A_FAMILY
124 *
125 *   If the IP address selectors are used then the following attritbute is
126 *   required:
127 *
128 *     NLBL_MGMT_A_SELECTORLIST
129 *
130 *   If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following
131 *   attributes are required:
132 *
133 *     NLBL_MGMT_A_CV4DOI
134 *
135 *   If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other
136 *   attributes are required.
137 *
138 * o PROTOCOLS:
139 *   Sent by an application to request a list of configured NetLabel protocols
140 *   in the kernel.  When sent by an application there is no payload and the
141 *   NLM_F_DUMP flag should be set.  The kernel should respond with a series of
142 *   the following messages.
143 *
144 *   Required attributes:
145 *
146 *     NLBL_MGMT_A_PROTOCOL
147 *
148 * o VERSION:
149 *   Sent by an application to request the NetLabel version.  When sent by an
150 *   application there is no payload.  This message type is also used by the
151 *   kernel to respond to an VERSION request.
152 *
153 *   Required attributes:
154 *
155 *     NLBL_MGMT_A_VERSION
156 *
157 */
158
159/* NetLabel Management commands */
160enum {
161	NLBL_MGMT_C_UNSPEC,
162	NLBL_MGMT_C_ADD,
163	NLBL_MGMT_C_REMOVE,
164	NLBL_MGMT_C_LISTALL,
165	NLBL_MGMT_C_ADDDEF,
166	NLBL_MGMT_C_REMOVEDEF,
167	NLBL_MGMT_C_LISTDEF,
168	NLBL_MGMT_C_PROTOCOLS,
169	NLBL_MGMT_C_VERSION,
170	__NLBL_MGMT_C_MAX,
171};
172
173/* NetLabel Management attributes */
174enum {
175	NLBL_MGMT_A_UNSPEC,
176	NLBL_MGMT_A_DOMAIN,
177	/* (NLA_NUL_STRING)
178	 * the NULL terminated LSM domain string */
179	NLBL_MGMT_A_PROTOCOL,
180	/* (NLA_U32)
181	 * the NetLabel protocol type (defined by NETLBL_NLTYPE_*) */
182	NLBL_MGMT_A_VERSION,
183	/* (NLA_U32)
184	 * the NetLabel protocol version number (defined by
185	 * NETLBL_PROTO_VERSION) */
186	NLBL_MGMT_A_CV4DOI,
187	/* (NLA_U32)
188	 * the CIPSOv4 DOI value */
189	NLBL_MGMT_A_IPV6ADDR,
190	/* (NLA_BINARY, struct in6_addr)
191	 * an IPv6 address */
192	NLBL_MGMT_A_IPV6MASK,
193	/* (NLA_BINARY, struct in6_addr)
194	 * an IPv6 address mask */
195	NLBL_MGMT_A_IPV4ADDR,
196	/* (NLA_BINARY, struct in_addr)
197	 * an IPv4 address */
198	NLBL_MGMT_A_IPV4MASK,
199	/* (NLA_BINARY, struct in_addr)
200	 * and IPv4 address mask */
201	NLBL_MGMT_A_ADDRSELECTOR,
202	/* (NLA_NESTED)
203	 * an IP address selector, must contain an address, mask, and protocol
204	 * attribute plus any protocol specific attributes */
205	NLBL_MGMT_A_SELECTORLIST,
206	/* (NLA_NESTED)
207	 * the selector list, there must be at least one
208	 * NLBL_MGMT_A_ADDRSELECTOR attribute */
209	NLBL_MGMT_A_FAMILY,
210	/* (NLA_U16)
211	 * The address family */
212	NLBL_MGMT_A_CLPDOI,
213	/* (NLA_U32)
214	 * the CALIPSO DOI value */
215	__NLBL_MGMT_A_MAX,
216};
217#define NLBL_MGMT_A_MAX (__NLBL_MGMT_A_MAX - 1)
218
219/* NetLabel protocol functions */
220int netlbl_mgmt_genl_init(void);
221
222/* NetLabel configured protocol reference counter */
223extern atomic_t netlabel_mgmt_protocount;
224
225#endif
226