diff options
Diffstat (limited to 'include/net/cipso_ipv4.h')
| -rw-r--r-- | include/net/cipso_ipv4.h | 55 |
1 files changed, 41 insertions, 14 deletions
diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h index a6bb94530cfd..9909774eb998 100644 --- a/include/net/cipso_ipv4.h +++ b/include/net/cipso_ipv4.h | |||
| @@ -40,11 +40,12 @@ | |||
| 40 | #include <linux/net.h> | 40 | #include <linux/net.h> |
| 41 | #include <linux/skbuff.h> | 41 | #include <linux/skbuff.h> |
| 42 | #include <net/netlabel.h> | 42 | #include <net/netlabel.h> |
| 43 | #include <asm/atomic.h> | ||
| 43 | 44 | ||
| 44 | /* known doi values */ | 45 | /* known doi values */ |
| 45 | #define CIPSO_V4_DOI_UNKNOWN 0x00000000 | 46 | #define CIPSO_V4_DOI_UNKNOWN 0x00000000 |
| 46 | 47 | ||
| 47 | /* tag types */ | 48 | /* standard tag types */ |
| 48 | #define CIPSO_V4_TAG_INVALID 0 | 49 | #define CIPSO_V4_TAG_INVALID 0 |
| 49 | #define CIPSO_V4_TAG_RBITMAP 1 | 50 | #define CIPSO_V4_TAG_RBITMAP 1 |
| 50 | #define CIPSO_V4_TAG_ENUM 2 | 51 | #define CIPSO_V4_TAG_ENUM 2 |
| @@ -52,10 +53,14 @@ | |||
| 52 | #define CIPSO_V4_TAG_PBITMAP 6 | 53 | #define CIPSO_V4_TAG_PBITMAP 6 |
| 53 | #define CIPSO_V4_TAG_FREEFORM 7 | 54 | #define CIPSO_V4_TAG_FREEFORM 7 |
| 54 | 55 | ||
| 56 | /* non-standard tag types (tags > 127) */ | ||
| 57 | #define CIPSO_V4_TAG_LOCAL 128 | ||
| 58 | |||
| 55 | /* doi mapping types */ | 59 | /* doi mapping types */ |
| 56 | #define CIPSO_V4_MAP_UNKNOWN 0 | 60 | #define CIPSO_V4_MAP_UNKNOWN 0 |
| 57 | #define CIPSO_V4_MAP_STD 1 | 61 | #define CIPSO_V4_MAP_TRANS 1 |
| 58 | #define CIPSO_V4_MAP_PASS 2 | 62 | #define CIPSO_V4_MAP_PASS 2 |
| 63 | #define CIPSO_V4_MAP_LOCAL 3 | ||
| 59 | 64 | ||
| 60 | /* limits */ | 65 | /* limits */ |
| 61 | #define CIPSO_V4_MAX_REM_LVLS 255 | 66 | #define CIPSO_V4_MAX_REM_LVLS 255 |
| @@ -79,10 +84,9 @@ struct cipso_v4_doi { | |||
| 79 | } map; | 84 | } map; |
| 80 | u8 tags[CIPSO_V4_TAG_MAXCNT]; | 85 | u8 tags[CIPSO_V4_TAG_MAXCNT]; |
| 81 | 86 | ||
| 82 | u32 valid; | 87 | atomic_t refcount; |
| 83 | struct list_head list; | 88 | struct list_head list; |
| 84 | struct rcu_head rcu; | 89 | struct rcu_head rcu; |
| 85 | struct list_head dom_list; | ||
| 86 | }; | 90 | }; |
| 87 | 91 | ||
| 88 | /* Standard CIPSO mapping table */ | 92 | /* Standard CIPSO mapping table */ |
| @@ -128,25 +132,26 @@ extern int cipso_v4_rbm_strictvalid; | |||
| 128 | 132 | ||
| 129 | #ifdef CONFIG_NETLABEL | 133 | #ifdef CONFIG_NETLABEL |
| 130 | int cipso_v4_doi_add(struct cipso_v4_doi *doi_def); | 134 | int cipso_v4_doi_add(struct cipso_v4_doi *doi_def); |
| 131 | int cipso_v4_doi_remove(u32 doi, | 135 | void cipso_v4_doi_free(struct cipso_v4_doi *doi_def); |
| 132 | struct netlbl_audit *audit_info, | 136 | int cipso_v4_doi_remove(u32 doi, struct netlbl_audit *audit_info); |
| 133 | void (*callback) (struct rcu_head * head)); | ||
| 134 | struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi); | 137 | struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi); |
| 138 | void cipso_v4_doi_putdef(struct cipso_v4_doi *doi_def); | ||
| 135 | int cipso_v4_doi_walk(u32 *skip_cnt, | 139 | int cipso_v4_doi_walk(u32 *skip_cnt, |
| 136 | int (*callback) (struct cipso_v4_doi *doi_def, void *arg), | 140 | int (*callback) (struct cipso_v4_doi *doi_def, void *arg), |
| 137 | void *cb_arg); | 141 | void *cb_arg); |
| 138 | int cipso_v4_doi_domhsh_add(struct cipso_v4_doi *doi_def, const char *domain); | ||
| 139 | int cipso_v4_doi_domhsh_remove(struct cipso_v4_doi *doi_def, | ||
| 140 | const char *domain); | ||
| 141 | #else | 142 | #else |
| 142 | static inline int cipso_v4_doi_add(struct cipso_v4_doi *doi_def) | 143 | static inline int cipso_v4_doi_add(struct cipso_v4_doi *doi_def) |
| 143 | { | 144 | { |
| 144 | return -ENOSYS; | 145 | return -ENOSYS; |
| 145 | } | 146 | } |
| 146 | 147 | ||
| 148 | static inline void cipso_v4_doi_free(struct cipso_v4_doi *doi_def) | ||
| 149 | { | ||
| 150 | return; | ||
| 151 | } | ||
| 152 | |||
| 147 | static inline int cipso_v4_doi_remove(u32 doi, | 153 | static inline int cipso_v4_doi_remove(u32 doi, |
| 148 | struct netlbl_audit *audit_info, | 154 | struct netlbl_audit *audit_info) |
| 149 | void (*callback) (struct rcu_head * head)) | ||
| 150 | { | 155 | { |
| 151 | return 0; | 156 | return 0; |
| 152 | } | 157 | } |
| @@ -206,10 +211,15 @@ void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway); | |||
| 206 | int cipso_v4_sock_setattr(struct sock *sk, | 211 | int cipso_v4_sock_setattr(struct sock *sk, |
| 207 | const struct cipso_v4_doi *doi_def, | 212 | const struct cipso_v4_doi *doi_def, |
| 208 | const struct netlbl_lsm_secattr *secattr); | 213 | const struct netlbl_lsm_secattr *secattr); |
| 214 | void cipso_v4_sock_delattr(struct sock *sk); | ||
| 209 | int cipso_v4_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr); | 215 | int cipso_v4_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr); |
| 216 | int cipso_v4_skbuff_setattr(struct sk_buff *skb, | ||
| 217 | const struct cipso_v4_doi *doi_def, | ||
| 218 | const struct netlbl_lsm_secattr *secattr); | ||
| 219 | int cipso_v4_skbuff_delattr(struct sk_buff *skb); | ||
| 210 | int cipso_v4_skbuff_getattr(const struct sk_buff *skb, | 220 | int cipso_v4_skbuff_getattr(const struct sk_buff *skb, |
| 211 | struct netlbl_lsm_secattr *secattr); | 221 | struct netlbl_lsm_secattr *secattr); |
| 212 | int cipso_v4_validate(unsigned char **option); | 222 | int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option); |
| 213 | #else | 223 | #else |
| 214 | static inline void cipso_v4_error(struct sk_buff *skb, | 224 | static inline void cipso_v4_error(struct sk_buff *skb, |
| 215 | int error, | 225 | int error, |
| @@ -225,19 +235,36 @@ static inline int cipso_v4_sock_setattr(struct sock *sk, | |||
| 225 | return -ENOSYS; | 235 | return -ENOSYS; |
| 226 | } | 236 | } |
| 227 | 237 | ||
| 238 | static inline void cipso_v4_sock_delattr(struct sock *sk) | ||
| 239 | { | ||
| 240 | } | ||
| 241 | |||
| 228 | static inline int cipso_v4_sock_getattr(struct sock *sk, | 242 | static inline int cipso_v4_sock_getattr(struct sock *sk, |
| 229 | struct netlbl_lsm_secattr *secattr) | 243 | struct netlbl_lsm_secattr *secattr) |
| 230 | { | 244 | { |
| 231 | return -ENOSYS; | 245 | return -ENOSYS; |
| 232 | } | 246 | } |
| 233 | 247 | ||
| 248 | static inline int cipso_v4_skbuff_setattr(struct sk_buff *skb, | ||
| 249 | const struct cipso_v4_doi *doi_def, | ||
| 250 | const struct netlbl_lsm_secattr *secattr) | ||
| 251 | { | ||
| 252 | return -ENOSYS; | ||
| 253 | } | ||
| 254 | |||
| 255 | static inline int cipso_v4_skbuff_delattr(struct sk_buff *skb) | ||
| 256 | { | ||
| 257 | return -ENOSYS; | ||
| 258 | } | ||
| 259 | |||
| 234 | static inline int cipso_v4_skbuff_getattr(const struct sk_buff *skb, | 260 | static inline int cipso_v4_skbuff_getattr(const struct sk_buff *skb, |
| 235 | struct netlbl_lsm_secattr *secattr) | 261 | struct netlbl_lsm_secattr *secattr) |
| 236 | { | 262 | { |
| 237 | return -ENOSYS; | 263 | return -ENOSYS; |
| 238 | } | 264 | } |
| 239 | 265 | ||
| 240 | static inline int cipso_v4_validate(unsigned char **option) | 266 | static inline int cipso_v4_validate(const struct sk_buff *skb, |
| 267 | unsigned char **option) | ||
| 241 | { | 268 | { |
| 242 | return -ENOSYS; | 269 | return -ENOSYS; |
| 243 | } | 270 | } |