diff options
Diffstat (limited to 'net/netlabel/netlabel_domainhash.c')
-rw-r--r-- | net/netlabel/netlabel_domainhash.c | 104 |
1 files changed, 49 insertions, 55 deletions
diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c index 6bb1d42f0fac..85d842e6e431 100644 --- a/net/netlabel/netlabel_domainhash.c +++ b/net/netlabel/netlabel_domainhash.c | |||
@@ -84,15 +84,15 @@ static void netlbl_domhsh_free_entry(struct rcu_head *entry) | |||
84 | #endif /* IPv6 */ | 84 | #endif /* IPv6 */ |
85 | 85 | ||
86 | ptr = container_of(entry, struct netlbl_dom_map, rcu); | 86 | ptr = container_of(entry, struct netlbl_dom_map, rcu); |
87 | if (ptr->type == NETLBL_NLTYPE_ADDRSELECT) { | 87 | if (ptr->def.type == NETLBL_NLTYPE_ADDRSELECT) { |
88 | netlbl_af4list_foreach_safe(iter4, tmp4, | 88 | netlbl_af4list_foreach_safe(iter4, tmp4, |
89 | &ptr->type_def.addrsel->list4) { | 89 | &ptr->def.addrsel->list4) { |
90 | netlbl_af4list_remove_entry(iter4); | 90 | netlbl_af4list_remove_entry(iter4); |
91 | kfree(netlbl_domhsh_addr4_entry(iter4)); | 91 | kfree(netlbl_domhsh_addr4_entry(iter4)); |
92 | } | 92 | } |
93 | #if IS_ENABLED(CONFIG_IPV6) | 93 | #if IS_ENABLED(CONFIG_IPV6) |
94 | netlbl_af6list_foreach_safe(iter6, tmp6, | 94 | netlbl_af6list_foreach_safe(iter6, tmp6, |
95 | &ptr->type_def.addrsel->list6) { | 95 | &ptr->def.addrsel->list6) { |
96 | netlbl_af6list_remove_entry(iter6); | 96 | netlbl_af6list_remove_entry(iter6); |
97 | kfree(netlbl_domhsh_addr6_entry(iter6)); | 97 | kfree(netlbl_domhsh_addr6_entry(iter6)); |
98 | } | 98 | } |
@@ -213,21 +213,21 @@ static void netlbl_domhsh_audit_add(struct netlbl_dom_map *entry, | |||
213 | if (addr4 != NULL) { | 213 | if (addr4 != NULL) { |
214 | struct netlbl_domaddr4_map *map4; | 214 | struct netlbl_domaddr4_map *map4; |
215 | map4 = netlbl_domhsh_addr4_entry(addr4); | 215 | map4 = netlbl_domhsh_addr4_entry(addr4); |
216 | type = map4->type; | 216 | type = map4->def.type; |
217 | cipsov4 = map4->type_def.cipsov4; | 217 | cipsov4 = map4->def.cipso; |
218 | netlbl_af4list_audit_addr(audit_buf, 0, NULL, | 218 | netlbl_af4list_audit_addr(audit_buf, 0, NULL, |
219 | addr4->addr, addr4->mask); | 219 | addr4->addr, addr4->mask); |
220 | #if IS_ENABLED(CONFIG_IPV6) | 220 | #if IS_ENABLED(CONFIG_IPV6) |
221 | } else if (addr6 != NULL) { | 221 | } else if (addr6 != NULL) { |
222 | struct netlbl_domaddr6_map *map6; | 222 | struct netlbl_domaddr6_map *map6; |
223 | map6 = netlbl_domhsh_addr6_entry(addr6); | 223 | map6 = netlbl_domhsh_addr6_entry(addr6); |
224 | type = map6->type; | 224 | type = map6->def.type; |
225 | netlbl_af6list_audit_addr(audit_buf, 0, NULL, | 225 | netlbl_af6list_audit_addr(audit_buf, 0, NULL, |
226 | &addr6->addr, &addr6->mask); | 226 | &addr6->addr, &addr6->mask); |
227 | #endif /* IPv6 */ | 227 | #endif /* IPv6 */ |
228 | } else { | 228 | } else { |
229 | type = entry->type; | 229 | type = entry->def.type; |
230 | cipsov4 = entry->type_def.cipsov4; | 230 | cipsov4 = entry->def.cipso; |
231 | } | 231 | } |
232 | switch (type) { | 232 | switch (type) { |
233 | case NETLBL_NLTYPE_UNLABELED: | 233 | case NETLBL_NLTYPE_UNLABELED: |
@@ -265,26 +265,25 @@ static int netlbl_domhsh_validate(const struct netlbl_dom_map *entry) | |||
265 | if (entry == NULL) | 265 | if (entry == NULL) |
266 | return -EINVAL; | 266 | return -EINVAL; |
267 | 267 | ||
268 | switch (entry->type) { | 268 | switch (entry->def.type) { |
269 | case NETLBL_NLTYPE_UNLABELED: | 269 | case NETLBL_NLTYPE_UNLABELED: |
270 | if (entry->type_def.cipsov4 != NULL || | 270 | if (entry->def.cipso != NULL || entry->def.addrsel != NULL) |
271 | entry->type_def.addrsel != NULL) | ||
272 | return -EINVAL; | 271 | return -EINVAL; |
273 | break; | 272 | break; |
274 | case NETLBL_NLTYPE_CIPSOV4: | 273 | case NETLBL_NLTYPE_CIPSOV4: |
275 | if (entry->type_def.cipsov4 == NULL) | 274 | if (entry->def.cipso == NULL) |
276 | return -EINVAL; | 275 | return -EINVAL; |
277 | break; | 276 | break; |
278 | case NETLBL_NLTYPE_ADDRSELECT: | 277 | case NETLBL_NLTYPE_ADDRSELECT: |
279 | netlbl_af4list_foreach(iter4, &entry->type_def.addrsel->list4) { | 278 | netlbl_af4list_foreach(iter4, &entry->def.addrsel->list4) { |
280 | map4 = netlbl_domhsh_addr4_entry(iter4); | 279 | map4 = netlbl_domhsh_addr4_entry(iter4); |
281 | switch (map4->type) { | 280 | switch (map4->def.type) { |
282 | case NETLBL_NLTYPE_UNLABELED: | 281 | case NETLBL_NLTYPE_UNLABELED: |
283 | if (map4->type_def.cipsov4 != NULL) | 282 | if (map4->def.cipso != NULL) |
284 | return -EINVAL; | 283 | return -EINVAL; |
285 | break; | 284 | break; |
286 | case NETLBL_NLTYPE_CIPSOV4: | 285 | case NETLBL_NLTYPE_CIPSOV4: |
287 | if (map4->type_def.cipsov4 == NULL) | 286 | if (map4->def.cipso == NULL) |
288 | return -EINVAL; | 287 | return -EINVAL; |
289 | break; | 288 | break; |
290 | default: | 289 | default: |
@@ -292,9 +291,9 @@ static int netlbl_domhsh_validate(const struct netlbl_dom_map *entry) | |||
292 | } | 291 | } |
293 | } | 292 | } |
294 | #if IS_ENABLED(CONFIG_IPV6) | 293 | #if IS_ENABLED(CONFIG_IPV6) |
295 | netlbl_af6list_foreach(iter6, &entry->type_def.addrsel->list6) { | 294 | netlbl_af6list_foreach(iter6, &entry->def.addrsel->list6) { |
296 | map6 = netlbl_domhsh_addr6_entry(iter6); | 295 | map6 = netlbl_domhsh_addr6_entry(iter6); |
297 | switch (map6->type) { | 296 | switch (map6->def.type) { |
298 | case NETLBL_NLTYPE_UNLABELED: | 297 | case NETLBL_NLTYPE_UNLABELED: |
299 | break; | 298 | break; |
300 | default: | 299 | default: |
@@ -402,32 +401,31 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry, | |||
402 | rcu_assign_pointer(netlbl_domhsh_def, entry); | 401 | rcu_assign_pointer(netlbl_domhsh_def, entry); |
403 | } | 402 | } |
404 | 403 | ||
405 | if (entry->type == NETLBL_NLTYPE_ADDRSELECT) { | 404 | if (entry->def.type == NETLBL_NLTYPE_ADDRSELECT) { |
406 | netlbl_af4list_foreach_rcu(iter4, | 405 | netlbl_af4list_foreach_rcu(iter4, |
407 | &entry->type_def.addrsel->list4) | 406 | &entry->def.addrsel->list4) |
408 | netlbl_domhsh_audit_add(entry, iter4, NULL, | 407 | netlbl_domhsh_audit_add(entry, iter4, NULL, |
409 | ret_val, audit_info); | 408 | ret_val, audit_info); |
410 | #if IS_ENABLED(CONFIG_IPV6) | 409 | #if IS_ENABLED(CONFIG_IPV6) |
411 | netlbl_af6list_foreach_rcu(iter6, | 410 | netlbl_af6list_foreach_rcu(iter6, |
412 | &entry->type_def.addrsel->list6) | 411 | &entry->def.addrsel->list6) |
413 | netlbl_domhsh_audit_add(entry, NULL, iter6, | 412 | netlbl_domhsh_audit_add(entry, NULL, iter6, |
414 | ret_val, audit_info); | 413 | ret_val, audit_info); |
415 | #endif /* IPv6 */ | 414 | #endif /* IPv6 */ |
416 | } else | 415 | } else |
417 | netlbl_domhsh_audit_add(entry, NULL, NULL, | 416 | netlbl_domhsh_audit_add(entry, NULL, NULL, |
418 | ret_val, audit_info); | 417 | ret_val, audit_info); |
419 | } else if (entry_old->type == NETLBL_NLTYPE_ADDRSELECT && | 418 | } else if (entry_old->def.type == NETLBL_NLTYPE_ADDRSELECT && |
420 | entry->type == NETLBL_NLTYPE_ADDRSELECT) { | 419 | entry->def.type == NETLBL_NLTYPE_ADDRSELECT) { |
421 | struct list_head *old_list4; | 420 | struct list_head *old_list4; |
422 | struct list_head *old_list6; | 421 | struct list_head *old_list6; |
423 | 422 | ||
424 | old_list4 = &entry_old->type_def.addrsel->list4; | 423 | old_list4 = &entry_old->def.addrsel->list4; |
425 | old_list6 = &entry_old->type_def.addrsel->list6; | 424 | old_list6 = &entry_old->def.addrsel->list6; |
426 | 425 | ||
427 | /* we only allow the addition of address selectors if all of | 426 | /* we only allow the addition of address selectors if all of |
428 | * the selectors do not exist in the existing domain map */ | 427 | * the selectors do not exist in the existing domain map */ |
429 | netlbl_af4list_foreach_rcu(iter4, | 428 | netlbl_af4list_foreach_rcu(iter4, &entry->def.addrsel->list4) |
430 | &entry->type_def.addrsel->list4) | ||
431 | if (netlbl_af4list_search_exact(iter4->addr, | 429 | if (netlbl_af4list_search_exact(iter4->addr, |
432 | iter4->mask, | 430 | iter4->mask, |
433 | old_list4)) { | 431 | old_list4)) { |
@@ -435,8 +433,7 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry, | |||
435 | goto add_return; | 433 | goto add_return; |
436 | } | 434 | } |
437 | #if IS_ENABLED(CONFIG_IPV6) | 435 | #if IS_ENABLED(CONFIG_IPV6) |
438 | netlbl_af6list_foreach_rcu(iter6, | 436 | netlbl_af6list_foreach_rcu(iter6, &entry->def.addrsel->list6) |
439 | &entry->type_def.addrsel->list6) | ||
440 | if (netlbl_af6list_search_exact(&iter6->addr, | 437 | if (netlbl_af6list_search_exact(&iter6->addr, |
441 | &iter6->mask, | 438 | &iter6->mask, |
442 | old_list6)) { | 439 | old_list6)) { |
@@ -446,7 +443,7 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry, | |||
446 | #endif /* IPv6 */ | 443 | #endif /* IPv6 */ |
447 | 444 | ||
448 | netlbl_af4list_foreach_safe(iter4, tmp4, | 445 | netlbl_af4list_foreach_safe(iter4, tmp4, |
449 | &entry->type_def.addrsel->list4) { | 446 | &entry->def.addrsel->list4) { |
450 | netlbl_af4list_remove_entry(iter4); | 447 | netlbl_af4list_remove_entry(iter4); |
451 | iter4->valid = 1; | 448 | iter4->valid = 1; |
452 | ret_val = netlbl_af4list_add(iter4, old_list4); | 449 | ret_val = netlbl_af4list_add(iter4, old_list4); |
@@ -457,7 +454,7 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry, | |||
457 | } | 454 | } |
458 | #if IS_ENABLED(CONFIG_IPV6) | 455 | #if IS_ENABLED(CONFIG_IPV6) |
459 | netlbl_af6list_foreach_safe(iter6, tmp6, | 456 | netlbl_af6list_foreach_safe(iter6, tmp6, |
460 | &entry->type_def.addrsel->list6) { | 457 | &entry->def.addrsel->list6) { |
461 | netlbl_af6list_remove_entry(iter6); | 458 | netlbl_af6list_remove_entry(iter6); |
462 | iter6->valid = 1; | 459 | iter6->valid = 1; |
463 | ret_val = netlbl_af6list_add(iter6, old_list6); | 460 | ret_val = netlbl_af6list_add(iter6, old_list6); |
@@ -538,18 +535,18 @@ int netlbl_domhsh_remove_entry(struct netlbl_dom_map *entry, | |||
538 | struct netlbl_af4list *iter4; | 535 | struct netlbl_af4list *iter4; |
539 | struct netlbl_domaddr4_map *map4; | 536 | struct netlbl_domaddr4_map *map4; |
540 | 537 | ||
541 | switch (entry->type) { | 538 | switch (entry->def.type) { |
542 | case NETLBL_NLTYPE_ADDRSELECT: | 539 | case NETLBL_NLTYPE_ADDRSELECT: |
543 | netlbl_af4list_foreach_rcu(iter4, | 540 | netlbl_af4list_foreach_rcu(iter4, |
544 | &entry->type_def.addrsel->list4) { | 541 | &entry->def.addrsel->list4) { |
545 | map4 = netlbl_domhsh_addr4_entry(iter4); | 542 | map4 = netlbl_domhsh_addr4_entry(iter4); |
546 | cipso_v4_doi_putdef(map4->type_def.cipsov4); | 543 | cipso_v4_doi_putdef(map4->def.cipso); |
547 | } | 544 | } |
548 | /* no need to check the IPv6 list since we currently | 545 | /* no need to check the IPv6 list since we currently |
549 | * support only unlabeled protocols for IPv6 */ | 546 | * support only unlabeled protocols for IPv6 */ |
550 | break; | 547 | break; |
551 | case NETLBL_NLTYPE_CIPSOV4: | 548 | case NETLBL_NLTYPE_CIPSOV4: |
552 | cipso_v4_doi_putdef(entry->type_def.cipsov4); | 549 | cipso_v4_doi_putdef(entry->def.cipso); |
553 | break; | 550 | break; |
554 | } | 551 | } |
555 | call_rcu(&entry->rcu, netlbl_domhsh_free_entry); | 552 | call_rcu(&entry->rcu, netlbl_domhsh_free_entry); |
@@ -590,20 +587,21 @@ int netlbl_domhsh_remove_af4(const char *domain, | |||
590 | entry_map = netlbl_domhsh_search(domain); | 587 | entry_map = netlbl_domhsh_search(domain); |
591 | else | 588 | else |
592 | entry_map = netlbl_domhsh_search_def(domain); | 589 | entry_map = netlbl_domhsh_search_def(domain); |
593 | if (entry_map == NULL || entry_map->type != NETLBL_NLTYPE_ADDRSELECT) | 590 | if (entry_map == NULL || |
591 | entry_map->def.type != NETLBL_NLTYPE_ADDRSELECT) | ||
594 | goto remove_af4_failure; | 592 | goto remove_af4_failure; |
595 | 593 | ||
596 | spin_lock(&netlbl_domhsh_lock); | 594 | spin_lock(&netlbl_domhsh_lock); |
597 | entry_addr = netlbl_af4list_remove(addr->s_addr, mask->s_addr, | 595 | entry_addr = netlbl_af4list_remove(addr->s_addr, mask->s_addr, |
598 | &entry_map->type_def.addrsel->list4); | 596 | &entry_map->def.addrsel->list4); |
599 | spin_unlock(&netlbl_domhsh_lock); | 597 | spin_unlock(&netlbl_domhsh_lock); |
600 | 598 | ||
601 | if (entry_addr == NULL) | 599 | if (entry_addr == NULL) |
602 | goto remove_af4_failure; | 600 | goto remove_af4_failure; |
603 | netlbl_af4list_foreach_rcu(iter4, &entry_map->type_def.addrsel->list4) | 601 | netlbl_af4list_foreach_rcu(iter4, &entry_map->def.addrsel->list4) |
604 | goto remove_af4_single_addr; | 602 | goto remove_af4_single_addr; |
605 | #if IS_ENABLED(CONFIG_IPV6) | 603 | #if IS_ENABLED(CONFIG_IPV6) |
606 | netlbl_af6list_foreach_rcu(iter6, &entry_map->type_def.addrsel->list6) | 604 | netlbl_af6list_foreach_rcu(iter6, &entry_map->def.addrsel->list6) |
607 | goto remove_af4_single_addr; | 605 | goto remove_af4_single_addr; |
608 | #endif /* IPv6 */ | 606 | #endif /* IPv6 */ |
609 | /* the domain mapping is empty so remove it from the mapping table */ | 607 | /* the domain mapping is empty so remove it from the mapping table */ |
@@ -616,7 +614,7 @@ remove_af4_single_addr: | |||
616 | * shouldn't be a problem */ | 614 | * shouldn't be a problem */ |
617 | synchronize_rcu(); | 615 | synchronize_rcu(); |
618 | entry = netlbl_domhsh_addr4_entry(entry_addr); | 616 | entry = netlbl_domhsh_addr4_entry(entry_addr); |
619 | cipso_v4_doi_putdef(entry->type_def.cipsov4); | 617 | cipso_v4_doi_putdef(entry->def.cipso); |
620 | kfree(entry); | 618 | kfree(entry); |
621 | return 0; | 619 | return 0; |
622 | 620 | ||
@@ -693,8 +691,8 @@ struct netlbl_dom_map *netlbl_domhsh_getentry(const char *domain) | |||
693 | * responsible for ensuring that rcu_read_[un]lock() is called. | 691 | * responsible for ensuring that rcu_read_[un]lock() is called. |
694 | * | 692 | * |
695 | */ | 693 | */ |
696 | struct netlbl_domaddr4_map *netlbl_domhsh_getentry_af4(const char *domain, | 694 | struct netlbl_dommap_def *netlbl_domhsh_getentry_af4(const char *domain, |
697 | __be32 addr) | 695 | __be32 addr) |
698 | { | 696 | { |
699 | struct netlbl_dom_map *dom_iter; | 697 | struct netlbl_dom_map *dom_iter; |
700 | struct netlbl_af4list *addr_iter; | 698 | struct netlbl_af4list *addr_iter; |
@@ -702,15 +700,13 @@ struct netlbl_domaddr4_map *netlbl_domhsh_getentry_af4(const char *domain, | |||
702 | dom_iter = netlbl_domhsh_search_def(domain); | 700 | dom_iter = netlbl_domhsh_search_def(domain); |
703 | if (dom_iter == NULL) | 701 | if (dom_iter == NULL) |
704 | return NULL; | 702 | return NULL; |
705 | if (dom_iter->type != NETLBL_NLTYPE_ADDRSELECT) | ||
706 | return NULL; | ||
707 | 703 | ||
708 | addr_iter = netlbl_af4list_search(addr, | 704 | if (dom_iter->def.type != NETLBL_NLTYPE_ADDRSELECT) |
709 | &dom_iter->type_def.addrsel->list4); | 705 | return &dom_iter->def; |
706 | addr_iter = netlbl_af4list_search(addr, &dom_iter->def.addrsel->list4); | ||
710 | if (addr_iter == NULL) | 707 | if (addr_iter == NULL) |
711 | return NULL; | 708 | return NULL; |
712 | 709 | return &(netlbl_domhsh_addr4_entry(addr_iter)->def); | |
713 | return netlbl_domhsh_addr4_entry(addr_iter); | ||
714 | } | 710 | } |
715 | 711 | ||
716 | #if IS_ENABLED(CONFIG_IPV6) | 712 | #if IS_ENABLED(CONFIG_IPV6) |
@@ -725,7 +721,7 @@ struct netlbl_domaddr4_map *netlbl_domhsh_getentry_af4(const char *domain, | |||
725 | * responsible for ensuring that rcu_read_[un]lock() is called. | 721 | * responsible for ensuring that rcu_read_[un]lock() is called. |
726 | * | 722 | * |
727 | */ | 723 | */ |
728 | struct netlbl_domaddr6_map *netlbl_domhsh_getentry_af6(const char *domain, | 724 | struct netlbl_dommap_def *netlbl_domhsh_getentry_af6(const char *domain, |
729 | const struct in6_addr *addr) | 725 | const struct in6_addr *addr) |
730 | { | 726 | { |
731 | struct netlbl_dom_map *dom_iter; | 727 | struct netlbl_dom_map *dom_iter; |
@@ -734,15 +730,13 @@ struct netlbl_domaddr6_map *netlbl_domhsh_getentry_af6(const char *domain, | |||
734 | dom_iter = netlbl_domhsh_search_def(domain); | 730 | dom_iter = netlbl_domhsh_search_def(domain); |
735 | if (dom_iter == NULL) | 731 | if (dom_iter == NULL) |
736 | return NULL; | 732 | return NULL; |
737 | if (dom_iter->type != NETLBL_NLTYPE_ADDRSELECT) | ||
738 | return NULL; | ||
739 | 733 | ||
740 | addr_iter = netlbl_af6list_search(addr, | 734 | if (dom_iter->def.type != NETLBL_NLTYPE_ADDRSELECT) |
741 | &dom_iter->type_def.addrsel->list6); | 735 | return &dom_iter->def; |
736 | addr_iter = netlbl_af6list_search(addr, &dom_iter->def.addrsel->list6); | ||
742 | if (addr_iter == NULL) | 737 | if (addr_iter == NULL) |
743 | return NULL; | 738 | return NULL; |
744 | 739 | return &(netlbl_domhsh_addr6_entry(addr_iter)->def); | |
745 | return netlbl_domhsh_addr6_entry(addr_iter); | ||
746 | } | 740 | } |
747 | #endif /* IPv6 */ | 741 | #endif /* IPv6 */ |
748 | 742 | ||