[NetLabel]: core NetLabel subsystem

Add a new kernel subsystem, NetLabel, to provide explicit packet labeling services (CIPSO, RIPSO, etc.) to LSM developers. NetLabel is designed to work in conjunction with a LSM to intercept and decode security labels on incoming network packets as well as ensure that outgoing network packets are labeled according to the security mechanism employed by the LSM. The NetLabel subsystem is configured through a Generic NETLINK interface described in the header files included in this patch. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Paul Moore <paul.moore@hp.com> 2006-08-03 19:48:37 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-09-22 17:53:34 -0400
commit: d15c345fe3b8dfda0fa5a1d2143a35fffa746a43 (patch)
tree: 7de6afd5f4de2fca01eaca879e342ab493dc0bba /net/netlabel/netlabel_user.h
parent: 446fda4f26822b2d42ab3396aafcedf38a9ff2b6 (diff)
1 files changed, 214 insertions, 0 deletions
diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h
new file mode 100644
index 000000000000..ccf237b3a128
--- /dev/null
+++ b/net/netlabel/netlabel_user.h
@@ -0,0 +1,214 @@
+/*
+ * NetLabel NETLINK Interface
+ *
+ * This file defines the NETLINK interface for the NetLabel system.  The
+ * NetLabel system manages static and dynamic label mappings for network
+ * protocols such as CIPSO and RIPSO.
+ *
+ * Author: Paul Moore <paul.moore@hp.com>
+ *
+ */
+/*
+ * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
+ *
+ * This program is free software;  you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY;  without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ * the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program;  if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ */
+#ifndef _NETLABEL_USER_H
+#define _NETLABEL_USER_H
+#include <linux/skbuff.h>
+#include <linux/capability.h>
+#include <linux/genetlink.h>
+#include <net/netlabel.h>
+#include <net/genetlink.h>
+/* NetLabel NETLINK helper functions */
+/**
+ * netlbl_netlink_cap_check - Check the NETLINK msg capabilities
+ * @skb: the NETLINK buffer
+ * @req_cap: the required capability
+ *
+ * Description:
+ * Check the NETLINK buffer's capabilities against the required capabilities.
+ * Returns zero on success, negative values on failure.
+ *
+ */
+static inline int netlbl_netlink_cap_check(const struct sk_buff *skb,
+                                           kernel_cap_t req_cap)
+{
+        if (cap_raised(NETLINK_CB(skb).eff_cap, req_cap))
+                return 0;
+        return -EPERM;
+}
+/**
+ * netlbl_getinc_u8 - Read a u8 value from a nlattr stream and move on
+ * @nla: the attribute
+ * @rem_len: remaining length
+ *
+ * Description:
+ * Return a u8 value pointed to by @nla and advance it to the next attribute.
+ *
+ */
+static inline u8 netlbl_getinc_u8(struct nlattr **nla, int *rem_len)
+{
+        u8 val = nla_get_u8(*nla);
+        *nla = nla_next(*nla, rem_len);
+        return val;
+}
+/**
+ * netlbl_getinc_u16 - Read a u16 value from a nlattr stream and move on
+ * @nla: the attribute
+ * @rem_len: remaining length
+ *
+ * Description:
+ * Return a u16 value pointed to by @nla and advance it to the next attribute.
+ *
+ */
+static inline u16 netlbl_getinc_u16(struct nlattr **nla, int *rem_len)
+{
+        u16 val = nla_get_u16(*nla);
+        *nla = nla_next(*nla, rem_len);
+        return val;
+}
+/**
+ * netlbl_getinc_u32 - Read a u32 value from a nlattr stream and move on
+ * @nla: the attribute
+ * @rem_len: remaining length
+ *
+ * Description:
+ * Return a u32 value pointed to by @nla and advance it to the next attribute.
+ *
+ */
+static inline u32 netlbl_getinc_u32(struct nlattr **nla, int *rem_len)
+{
+        u32 val = nla_get_u32(*nla);
+        *nla = nla_next(*nla, rem_len);
+        return val;
+}
+/**
+ * netlbl_netlink_hdr_put - Write the NETLINK buffers into a sk_buff
+ * @skb: the packet
+ * @pid: the PID of the receipient
+ * @seq: the sequence number
+ * @type: the generic NETLINK message family type
+ * @cmd: command
+ *
+ * Description:
+ * Write both a NETLINK nlmsghdr structure and a Generic NETLINK genlmsghdr
+ * struct to the packet.  Returns a pointer to the start of the payload buffer
+ * on success or NULL on failure.
+ *
+ */
+static inline void *netlbl_netlink_hdr_put(struct sk_buff *skb,
+                                           u32 pid,
+                                           u32 seq,
+                                           int type,
+                                           u8 cmd)
+{
+        return genlmsg_put(skb,
+                           pid,
+                           seq,
+                           type,
+                           0,
+                           0,
+                           cmd,
+                           NETLBL_PROTO_VERSION);
+}
+/**
+ * netlbl_netlink_hdr_push - Write the NETLINK buffers into a sk_buff
+ * @skb: the packet
+ * @pid: the PID of the receipient
+ * @seq: the sequence number
+ * @type: the generic NETLINK message family type
+ * @cmd: command
+ *
+ * Description:
+ * Write both a NETLINK nlmsghdr structure and a Generic NETLINK genlmsghdr
+ * struct to the packet.
+ *
+ */
+static inline void netlbl_netlink_hdr_push(struct sk_buff *skb,
+                                           u32 pid,
+                                           u32 seq,
+                                           int type,
+                                           u8 cmd)
+{
+        struct nlmsghdr *nlh;
+        struct genlmsghdr *hdr;
+        nlh = (struct nlmsghdr *)skb_push(skb, NLMSG_SPACE(GENL_HDRLEN));
+        nlh->nlmsg_type = type;
+        nlh->nlmsg_len = skb->len;
+        nlh->nlmsg_flags = 0;
+        nlh->nlmsg_pid = pid;
+        nlh->nlmsg_seq = seq;
+        hdr = nlmsg_data(nlh);
+        hdr->cmd = cmd;
+        hdr->version = NETLBL_PROTO_VERSION;
+        hdr->reserved = 0;
+}
+/**
+ * netlbl_netlink_payload_len - Return the length of the payload
+ * @skb: the NETLINK buffer
+ *
+ * Description:
+ * This function returns the length of the NetLabel payload.
+ *
+ */
+static inline u32 netlbl_netlink_payload_len(const struct sk_buff *skb)
+{
+        return nlmsg_len((struct nlmsghdr *)skb->data) - GENL_HDRLEN;
+}
+/**
+ * netlbl_netlink_payload_data - Returns a pointer to the start of the payload
+ * @skb: the NETLINK buffer
+ *
+ * Description:
+ * This function returns a pointer to the start of the NetLabel payload.
+ *
+ */
+static inline void *netlbl_netlink_payload_data(const struct sk_buff *skb)
+{
+  return (unsigned char *)nlmsg_data((struct nlmsghdr *)skb->data) +
+          GENL_HDRLEN;
+}
+/* NetLabel common protocol functions */
+void netlbl_netlink_send_ack(const struct genl_info *info,
+                             u32 genl_family,
+                             u8 ack_cmd,
+                             u32 ret_code);
+/* NetLabel NETLINK I/O functions */
+int netlbl_netlink_init(void);
+int netlbl_netlink_snd(struct sk_buff *skb, u32 pid);
+int netlbl_netlink_snd_multicast(struct sk_buff *skb, u32 pid, u32 group);
+#endif
author	Paul Moore <paul.moore@hp.com>	2006-08-03 19:48:37 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-09-22 17:53:34 -0400
commit	d15c345fe3b8dfda0fa5a1d2143a35fffa746a43 (patch)
tree	7de6afd5f4de2fca01eaca879e342ab493dc0bba /net/netlabel/netlabel_user.h
parent	446fda4f26822b2d42ab3396aafcedf38a9ff2b6 (diff)

diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h new file mode 100644 index 000000000000..ccf237b3a128 --- /dev/null +++ b/net/netlabel/netlabel_user.h
@@ -0,0 +1,214 @@
	1	/*
	2	* NetLabel NETLINK Interface
	3	*
	4	* This file defines the NETLINK interface for the NetLabel system. The
	5	* NetLabel system manages static and dynamic label mappings for network
	6	* protocols such as CIPSO and RIPSO.
	7	*
	8	* Author: Paul Moore <paul.moore@hp.com>
	9	*
	10	*/
	11
	12	/*
	13	* (c) Copyright Hewlett-Packard Development Company, L.P., 2006
	14	*
	15	* This program is free software; you can redistribute it and/or modify
	16	* it under the terms of the GNU General Public License as published by
	17	* the Free Software Foundation; either version 2 of the License, or
	18	* (at your option) any later version.
	19	*
	20	* This program is distributed in the hope that it will be useful,
	21	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	22	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
	23	* the GNU General Public License for more details.
	24	*
	25	* You should have received a copy of the GNU General Public License
	26	* along with this program; if not, write to the Free Software
	27	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	28	*
	29	*/
	30
	31	#ifndef _NETLABEL_USER_H
	32	#define _NETLABEL_USER_H
	33
	34	#include <linux/skbuff.h>
	35	#include <linux/capability.h>
	36	#include <linux/genetlink.h>
	37	#include <net/netlabel.h>
	38	#include <net/genetlink.h>
	39
	40	/* NetLabel NETLINK helper functions */
	41
	42	/**
	43	* netlbl_netlink_cap_check - Check the NETLINK msg capabilities
	44	* @skb: the NETLINK buffer
	45	* @req_cap: the required capability
	46	*
	47	* Description:
	48	* Check the NETLINK buffer's capabilities against the required capabilities.
	49	* Returns zero on success, negative values on failure.
	50	*
	51	*/
	52	static inline int netlbl_netlink_cap_check(const struct sk_buff *skb,
	53	kernel_cap_t req_cap)
	54	{
	55	if (cap_raised(NETLINK_CB(skb).eff_cap, req_cap))
	56	return 0;
	57	return -EPERM;
	58	}
	59
	60	/**
	61	* netlbl_getinc_u8 - Read a u8 value from a nlattr stream and move on
	62	* @nla: the attribute
	63	* @rem_len: remaining length
	64	*
	65	* Description:
	66	* Return a u8 value pointed to by @nla and advance it to the next attribute.
	67	*
	68	*/
	69	static inline u8 netlbl_getinc_u8(struct nlattr *nla, int rem_len)
	70	{
	71	u8 val = nla_get_u8(*nla);
	72	nla = nla_next(nla, rem_len);
	73	return val;
	74	}
	75
	76	/**
	77	* netlbl_getinc_u16 - Read a u16 value from a nlattr stream and move on
	78	* @nla: the attribute
	79	* @rem_len: remaining length
	80	*
	81	* Description:
	82	* Return a u16 value pointed to by @nla and advance it to the next attribute.
	83	*
	84	*/
	85	static inline u16 netlbl_getinc_u16(struct nlattr *nla, int rem_len)
	86	{
	87	u16 val = nla_get_u16(*nla);
	88	nla = nla_next(nla, rem_len);
	89	return val;
	90	}
	91
	92	/**
	93	* netlbl_getinc_u32 - Read a u32 value from a nlattr stream and move on
	94	* @nla: the attribute
	95	* @rem_len: remaining length
	96	*
	97	* Description:
	98	* Return a u32 value pointed to by @nla and advance it to the next attribute.
	99	*
	100	*/
	101	static inline u32 netlbl_getinc_u32(struct nlattr *nla, int rem_len)
	102	{
	103	u32 val = nla_get_u32(*nla);
	104	nla = nla_next(nla, rem_len);
	105	return val;
	106	}
	107
	108	/**
	109	* netlbl_netlink_hdr_put - Write the NETLINK buffers into a sk_buff
	110	* @skb: the packet
	111	* @pid: the PID of the receipient
	112	* @seq: the sequence number
	113	* @type: the generic NETLINK message family type
	114	* @cmd: command
	115	*
	116	* Description:
	117	* Write both a NETLINK nlmsghdr structure and a Generic NETLINK genlmsghdr
	118	* struct to the packet. Returns a pointer to the start of the payload buffer
	119	* on success or NULL on failure.
	120	*
	121	*/
	122	static inline void netlbl_netlink_hdr_put(struct sk_buff skb,
	123	u32 pid,
	124	u32 seq,
	125	int type,
	126	u8 cmd)
	127	{
	128	return genlmsg_put(skb,
	129	pid,
	130	seq,
	131	type,
	132	0,
	133	0,
	134	cmd,
	135	NETLBL_PROTO_VERSION);
	136	}
	137
	138	/**
	139	* netlbl_netlink_hdr_push - Write the NETLINK buffers into a sk_buff
	140	* @skb: the packet
	141	* @pid: the PID of the receipient
	142	* @seq: the sequence number
	143	* @type: the generic NETLINK message family type
	144	* @cmd: command
	145	*
	146	* Description:
	147	* Write both a NETLINK nlmsghdr structure and a Generic NETLINK genlmsghdr
	148	* struct to the packet.
	149	*
	150	*/
	151	static inline void netlbl_netlink_hdr_push(struct sk_buff *skb,
	152	u32 pid,
	153	u32 seq,
	154	int type,
	155	u8 cmd)
	156
	157	{
	158	struct nlmsghdr *nlh;
	159	struct genlmsghdr *hdr;
	160
	161	nlh = (struct nlmsghdr *)skb_push(skb, NLMSG_SPACE(GENL_HDRLEN));
	162	nlh->nlmsg_type = type;
	163	nlh->nlmsg_len = skb->len;
	164	nlh->nlmsg_flags = 0;
	165	nlh->nlmsg_pid = pid;
	166	nlh->nlmsg_seq = seq;
	167
	168	hdr = nlmsg_data(nlh);
	169	hdr->cmd = cmd;
	170	hdr->version = NETLBL_PROTO_VERSION;
	171	hdr->reserved = 0;
	172	}
	173
	174	/**
	175	* netlbl_netlink_payload_len - Return the length of the payload
	176	* @skb: the NETLINK buffer
	177	*
	178	* Description:
	179	* This function returns the length of the NetLabel payload.
	180	*
	181	*/
	182	static inline u32 netlbl_netlink_payload_len(const struct sk_buff *skb)
	183	{
	184	return nlmsg_len((struct nlmsghdr *)skb->data) - GENL_HDRLEN;
	185	}
	186
	187	/**
	188	* netlbl_netlink_payload_data - Returns a pointer to the start of the payload
	189	* @skb: the NETLINK buffer
	190	*
	191	* Description:
	192	* This function returns a pointer to the start of the NetLabel payload.
	193	*
	194	*/
	195	static inline void netlbl_netlink_payload_data(const struct sk_buff skb)
	196	{
	197	return (unsigned char )nlmsg_data((struct nlmsghdr )skb->data) +
	198	GENL_HDRLEN;
	199	}
	200
	201	/* NetLabel common protocol functions */
	202
	203	void netlbl_netlink_send_ack(const struct genl_info *info,
	204	u32 genl_family,
	205	u8 ack_cmd,
	206	u32 ret_code);
	207
	208	/* NetLabel NETLINK I/O functions */
	209
	210	int netlbl_netlink_init(void);
	211	int netlbl_netlink_snd(struct sk_buff *skb, u32 pid);
	212	int netlbl_netlink_snd_multicast(struct sk_buff *skb, u32 pid, u32 group);
	213
	214	#endif