diff options
| author | Paul Moore <paul.moore@hp.com> | 2008-10-10 10:16:32 -0400 |
|---|---|---|
| committer | Paul Moore <paul.moore@hp.com> | 2008-10-10 10:16:32 -0400 |
| commit | 63c41688743760631188cf0f4ae986a6793ccb0a (patch) | |
| tree | b270091d7b763e8b6c5073d4ca618f0d36065188 /net/netlabel/netlabel_mgmt.h | |
| parent | 61e1068219950c672ce979719ad2be3aadb00d7d (diff) | |
netlabel: Add network address selectors to the NetLabel/LSM domain mapping
This patch extends the NetLabel traffic labeling capabilities to individual
packets based not only on the LSM domain but the by the destination address
as well. The changes here only affect the core NetLabel infrastructre,
changes to the NetLabel KAPI and individial protocol engines are also
required but are split out into a different patch to ease review.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Reviewed-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'net/netlabel/netlabel_mgmt.h')
| -rw-r--r-- | net/netlabel/netlabel_mgmt.h | 59 |
1 files changed, 54 insertions, 5 deletions
diff --git a/net/netlabel/netlabel_mgmt.h b/net/netlabel/netlabel_mgmt.h index a43bff169d6b..05d96431f819 100644 --- a/net/netlabel/netlabel_mgmt.h +++ b/net/netlabel/netlabel_mgmt.h | |||
| @@ -45,6 +45,16 @@ | |||
| 45 | * NLBL_MGMT_A_DOMAIN | 45 | * NLBL_MGMT_A_DOMAIN |
| 46 | * NLBL_MGMT_A_PROTOCOL | 46 | * NLBL_MGMT_A_PROTOCOL |
| 47 | * | 47 | * |
| 48 | * If IPv4 is specified the following attributes are required: | ||
| 49 | * | ||
| 50 | * NLBL_MGMT_A_IPV4ADDR | ||
| 51 | * NLBL_MGMT_A_IPV4MASK | ||
| 52 | * | ||
| 53 | * If IPv6 is specified the following attributes are required: | ||
| 54 | * | ||
| 55 | * NLBL_MGMT_A_IPV6ADDR | ||
| 56 | * NLBL_MGMT_A_IPV6MASK | ||
| 57 | * | ||
| 48 | * If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required: | 58 | * If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required: |
| 49 | * | 59 | * |
| 50 | * NLBL_MGMT_A_CV4DOI | 60 | * NLBL_MGMT_A_CV4DOI |
| @@ -68,13 +78,24 @@ | |||
| 68 | * Required attributes: | 78 | * Required attributes: |
| 69 | * | 79 | * |
| 70 | * NLBL_MGMT_A_DOMAIN | 80 | * NLBL_MGMT_A_DOMAIN |
| 81 | * | ||
| 82 | * If the IP address selectors are not used the following attribute is | ||
| 83 | * required: | ||
| 84 | * | ||
| 71 | * NLBL_MGMT_A_PROTOCOL | 85 | * NLBL_MGMT_A_PROTOCOL |
| 72 | * | 86 | * |
| 73 | * If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required: | 87 | * If the IP address selectors are used then the following attritbute is |
| 88 | * required: | ||
| 89 | * | ||
| 90 | * NLBL_MGMT_A_SELECTORLIST | ||
| 91 | * | ||
| 92 | * If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following | ||
| 93 | * attributes are required: | ||
| 74 | * | 94 | * |
| 75 | * NLBL_MGMT_A_CV4DOI | 95 | * NLBL_MGMT_A_CV4DOI |
| 76 | * | 96 | * |
| 77 | * If using NETLBL_NLTYPE_UNLABELED no other attributes are required. | 97 | * If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other |
| 98 | * attributes are required. | ||
| 78 | * | 99 | * |
| 79 | * o ADDDEF: | 100 | * o ADDDEF: |
| 80 | * Sent by an application to set the default domain mapping for the NetLabel | 101 | * Sent by an application to set the default domain mapping for the NetLabel |
| @@ -100,15 +121,23 @@ | |||
| 100 | * application there is no payload. On success the kernel should send a | 121 | * application there is no payload. On success the kernel should send a |
| 101 | * response using the following format. | 122 | * response using the following format. |
| 102 | * | 123 | * |
| 103 | * Required attributes: | 124 | * If the IP address selectors are not used the following attribute is |
| 125 | * required: | ||
| 104 | * | 126 | * |
| 105 | * NLBL_MGMT_A_PROTOCOL | 127 | * NLBL_MGMT_A_PROTOCOL |
| 106 | * | 128 | * |
| 107 | * If using NETLBL_NLTYPE_CIPSOV4 the following attributes are required: | 129 | * If the IP address selectors are used then the following attritbute is |
| 130 | * required: | ||
| 131 | * | ||
| 132 | * NLBL_MGMT_A_SELECTORLIST | ||
| 133 | * | ||
| 134 | * If the mapping is using the NETLBL_NLTYPE_CIPSOV4 type then the following | ||
| 135 | * attributes are required: | ||
| 108 | * | 136 | * |
| 109 | * NLBL_MGMT_A_CV4DOI | 137 | * NLBL_MGMT_A_CV4DOI |
| 110 | * | 138 | * |
| 111 | * If using NETLBL_NLTYPE_UNLABELED no other attributes are required. | 139 | * If the mapping is using the NETLBL_NLTYPE_UNLABELED type no other |
| 140 | * attributes are required. | ||
| 112 | * | 141 | * |
| 113 | * o PROTOCOLS: | 142 | * o PROTOCOLS: |
| 114 | * Sent by an application to request a list of configured NetLabel protocols | 143 | * Sent by an application to request a list of configured NetLabel protocols |
| @@ -162,6 +191,26 @@ enum { | |||
| 162 | NLBL_MGMT_A_CV4DOI, | 191 | NLBL_MGMT_A_CV4DOI, |
| 163 | /* (NLA_U32) | 192 | /* (NLA_U32) |
| 164 | * the CIPSOv4 DOI value */ | 193 | * the CIPSOv4 DOI value */ |
| 194 | NLBL_MGMT_A_IPV6ADDR, | ||
| 195 | /* (NLA_BINARY, struct in6_addr) | ||
| 196 | * an IPv6 address */ | ||
| 197 | NLBL_MGMT_A_IPV6MASK, | ||
| 198 | /* (NLA_BINARY, struct in6_addr) | ||
| 199 | * an IPv6 address mask */ | ||
| 200 | NLBL_MGMT_A_IPV4ADDR, | ||
| 201 | /* (NLA_BINARY, struct in_addr) | ||
| 202 | * an IPv4 address */ | ||
| 203 | NLBL_MGMT_A_IPV4MASK, | ||
| 204 | /* (NLA_BINARY, struct in_addr) | ||
| 205 | * and IPv4 address mask */ | ||
| 206 | NLBL_MGMT_A_ADDRSELECTOR, | ||
| 207 | /* (NLA_NESTED) | ||
| 208 | * an IP address selector, must contain an address, mask, and protocol | ||
| 209 | * attribute plus any protocol specific attributes */ | ||
| 210 | NLBL_MGMT_A_SELECTORLIST, | ||
| 211 | /* (NLA_NESTED) | ||
| 212 | * the selector list, there must be at least one | ||
| 213 | * NLBL_MGMT_A_ADDRSELECTOR attribute */ | ||
| 165 | __NLBL_MGMT_A_MAX, | 214 | __NLBL_MGMT_A_MAX, |
| 166 | }; | 215 | }; |
| 167 | #define NLBL_MGMT_A_MAX (__NLBL_MGMT_A_MAX - 1) | 216 | #define NLBL_MGMT_A_MAX (__NLBL_MGMT_A_MAX - 1) |