[NetLabel]: core NetLabel subsystem

Add a new kernel subsystem, NetLabel, to provide explicit packet labeling services (CIPSO, RIPSO, etc.) to LSM developers. NetLabel is designed to work in conjunction with a LSM to intercept and decode security labels on incoming network packets as well as ensure that outgoing network packets are labeled according to the security mechanism employed by the LSM. The NetLabel subsystem is configured through a Generic NETLINK interface described in the header files included in this patch. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Paul Moore <paul.moore@hp.com> 2006-08-03 19:48:37 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-09-22 17:53:34 -0400
commit: d15c345fe3b8dfda0fa5a1d2143a35fffa746a43 (patch)
tree: 7de6afd5f4de2fca01eaca879e342ab493dc0bba /net/netlabel/netlabel_domainhash.h
parent: 446fda4f26822b2d42ab3396aafcedf38a9ff2b6 (diff)
1 files changed, 63 insertions, 0 deletions
diff --git a/net/netlabel/netlabel_domainhash.h b/net/netlabel/netlabel_domainhash.h
new file mode 100644
index 000000000000..9217863ce0d3
--- /dev/null
+++ b/net/netlabel/netlabel_domainhash.h
@@ -0,0 +1,63 @@
+/*
+ * NetLabel Domain Hash Table
+ *
+ * This file manages the domain hash table that NetLabel uses to determine
+ * which network labeling protocol to use for a given domain.  The NetLabel
+ * system manages static and dynamic label mappings for network protocols such
+ * as CIPSO and RIPSO.
+ *
+ * Author: Paul Moore <paul.moore@hp.com>
+ *
+ */
+/*
+ * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
+ *
+ * This program is free software;  you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY;  without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ * the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program;  if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ */
+#ifndef _NETLABEL_DOMAINHASH_H
+#define _NETLABEL_DOMAINHASH_H
+/* Domain hash table size */
+/* XXX - currently this number is an uneducated guess */
+#define NETLBL_DOMHSH_BITSIZE       7
+/* Domain mapping definition struct */
+struct netlbl_dom_map {
+        char *domain;
+        u32 type;
+        union {
+                struct cipso_v4_doi *cipsov4;
+        } type_def;
+        u32 valid;
+        struct list_head list;
+        struct rcu_head rcu;
+};
+/* init function */
+int netlbl_domhsh_init(u32 size);
+/* Manipulate the domain hash table */
+int netlbl_domhsh_add(struct netlbl_dom_map *entry);
+int netlbl_domhsh_add_default(struct netlbl_dom_map *entry);
+int netlbl_domhsh_remove_default(void);
+struct netlbl_dom_map *netlbl_domhsh_getentry(const char *domain);
+struct sk_buff *netlbl_domhsh_dump(size_t headroom);
+struct sk_buff *netlbl_domhsh_dump_default(size_t headroom);
+#endif
author	Paul Moore <paul.moore@hp.com>	2006-08-03 19:48:37 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-09-22 17:53:34 -0400
commit	d15c345fe3b8dfda0fa5a1d2143a35fffa746a43 (patch)
tree	7de6afd5f4de2fca01eaca879e342ab493dc0bba /net/netlabel/netlabel_domainhash.h
parent	446fda4f26822b2d42ab3396aafcedf38a9ff2b6 (diff)

diff --git a/net/netlabel/netlabel_domainhash.h b/net/netlabel/netlabel_domainhash.h new file mode 100644 index 000000000000..9217863ce0d3 --- /dev/null +++ b/net/netlabel/netlabel_domainhash.h
@@ -0,0 +1,63 @@
	1	/*
	2	* NetLabel Domain Hash Table
	3	*
	4	* This file manages the domain hash table that NetLabel uses to determine
	5	* which network labeling protocol to use for a given domain. The NetLabel
	6	* system manages static and dynamic label mappings for network protocols such
	7	* as CIPSO and RIPSO.
	8	*
	9	* Author: Paul Moore <paul.moore@hp.com>
	10	*
	11	*/
	12
	13	/*
	14	* (c) Copyright Hewlett-Packard Development Company, L.P., 2006
	15	*
	16	* This program is free software; you can redistribute it and/or modify
	17	* it under the terms of the GNU General Public License as published by
	18	* the Free Software Foundation; either version 2 of the License, or
	19	* (at your option) any later version.
	20	*
	21	* This program is distributed in the hope that it will be useful,
	22	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	23	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
	24	* the GNU General Public License for more details.
	25	*
	26	* You should have received a copy of the GNU General Public License
	27	* along with this program; if not, write to the Free Software
	28	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	29	*
	30	*/
	31
	32	#ifndef _NETLABEL_DOMAINHASH_H
	33	#define _NETLABEL_DOMAINHASH_H
	34
	35	/* Domain hash table size */
	36	/* XXX - currently this number is an uneducated guess */
	37	#define NETLBL_DOMHSH_BITSIZE 7
	38
	39	/* Domain mapping definition struct */
	40	struct netlbl_dom_map {
	41	char *domain;
	42	u32 type;
	43	union {
	44	struct cipso_v4_doi *cipsov4;
	45	} type_def;
	46
	47	u32 valid;
	48	struct list_head list;
	49	struct rcu_head rcu;
	50	};
	51
	52	/* init function */
	53	int netlbl_domhsh_init(u32 size);
	54
	55	/* Manipulate the domain hash table */
	56	int netlbl_domhsh_add(struct netlbl_dom_map *entry);
	57	int netlbl_domhsh_add_default(struct netlbl_dom_map *entry);
	58	int netlbl_domhsh_remove_default(void);
	59	struct netlbl_dom_map netlbl_domhsh_getentry(const char domain);
	60	struct sk_buff *netlbl_domhsh_dump(size_t headroom);
	61	struct sk_buff *netlbl_domhsh_dump_default(size_t headroom);
	62
	63	#endif