1 files changed, 98 insertions, 0 deletions
diff --git a/net/netlabel/netlabel_unlabeled.h b/net/netlabel/netlabel_unlabeled.h
new file mode 100644
index 000000000000..f300e54e14b6
--- /dev/null
+++ b/net/netlabel/netlabel_unlabeled.h
@@ -0,0 +1,98 @@
+/*
+ * NetLabel Unlabeled Support
+ *
+ * This file defines functions for dealing with unlabeled packets for the
+ * NetLabel system.  The NetLabel system manages static and dynamic label
+ * mappings for network protocols such as CIPSO and RIPSO.
+ *
+ * Author: Paul Moore <paul.moore@hp.com>
+ *
+ */
+/*
+ * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
+ *
+ * This program is free software;  you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY;  without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ * the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program;  if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ */
+#ifndef _NETLABEL_UNLABELED_H
+#define _NETLABEL_UNLABELED_H
+#include <net/netlabel.h>
+/*
+ * The following NetLabel payloads are supported by the Unlabeled subsystem.
+ *
+ * o ACK:
+ *   Sent by the kernel in response to an applications message, applications
+ *   should never send this message.
+ *
+ *   +----------------------+-----------------------+
+ *   | seq number (32 bits) | return code (32 bits) |
+ *   +----------------------+-----------------------+
+ *
+ *     seq number:  the sequence number of the original message, taken from the
+ *                  nlmsghdr structure
+ *     return code: return value, based on errno values
+ *
+ * o ACCEPT
+ *   This message is sent from an application to specify if the kernel should
+ *   allow unlabled packets to pass if they do not match any of the static
+ *   mappings defined in the unlabeled module.
+ *
+ *   +-----------------+
+ *   | allow (32 bits) |
+ *   +-----------------+
+ *
+ *     allow: if true (1) then allow the packets to pass, if false (0) then
+ *            reject the packets
+ *
+ * o LIST
+ *   This message can be sent either from an application or by the kernel in
+ *   response to an application generated LIST message.  When sent by an
+ *   application there is no payload.  The kernel should respond to a LIST
+ *   message either with a LIST message on success or an ACK message on
+ *   failure.
+ *
+ *   +-----------------------+
+ *   | accept flag (32 bits) |
+ *   +-----------------------+
+ *
+ *     accept flag: if true (1) then unlabeled packets are allowed to pass,
+ *                  if false (0) then unlabeled packets are rejected
+ *
+ */
+/* NetLabel Unlabeled commands */
+enum {
+        NLBL_UNLABEL_C_UNSPEC,
+        NLBL_UNLABEL_C_ACK,
+        NLBL_UNLABEL_C_ACCEPT,
+        NLBL_UNLABEL_C_LIST,
+        __NLBL_UNLABEL_C_MAX,
+};
+#define NLBL_UNLABEL_C_MAX (__NLBL_UNLABEL_C_MAX - 1)
+/* NetLabel protocol functions */
+int netlbl_unlabel_genl_init(void);
+/* Process Unlabeled incoming network packets */
+int netlbl_unlabel_getattr(struct netlbl_lsm_secattr *secattr);
+/* Set the default configuration to allow Unlabeled packets */
+int netlbl_unlabel_defconf(void);
+#endif

diff --git a/net/netlabel/netlabel_unlabeled.h b/net/netlabel/netlabel_unlabeled.h new file mode 100644 index 000000000000..f300e54e14b6 --- /dev/null +++ b/net/netlabel/netlabel_unlabeled.h
@@ -0,0 +1,98 @@
	1	/*
	2	* NetLabel Unlabeled Support
	3	*
	4	* This file defines functions for dealing with unlabeled packets for the
	5	* NetLabel system. The NetLabel system manages static and dynamic label
	6	* mappings for network protocols such as CIPSO and RIPSO.
	7	*
	8	* Author: Paul Moore <paul.moore@hp.com>
	9	*
	10	*/
	11
	12	/*
	13	* (c) Copyright Hewlett-Packard Development Company, L.P., 2006
	14	*
	15	* This program is free software; you can redistribute it and/or modify
	16	* it under the terms of the GNU General Public License as published by
	17	* the Free Software Foundation; either version 2 of the License, or
	18	* (at your option) any later version.
	19	*
	20	* This program is distributed in the hope that it will be useful,
	21	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	22	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
	23	* the GNU General Public License for more details.
	24	*
	25	* You should have received a copy of the GNU General Public License
	26	* along with this program; if not, write to the Free Software
	27	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	28	*
	29	*/
	30
	31	#ifndef _NETLABEL_UNLABELED_H
	32	#define _NETLABEL_UNLABELED_H
	33
	34	#include <net/netlabel.h>
	35
	36	/*
	37	* The following NetLabel payloads are supported by the Unlabeled subsystem.
	38	*
	39	* o ACK:
	40	* Sent by the kernel in response to an applications message, applications
	41	* should never send this message.
	42	*
	43	* +----------------------+-----------------------+
	44	* \| seq number (32 bits) \| return code (32 bits) \|
	45	* +----------------------+-----------------------+
	46	*
	47	* seq number: the sequence number of the original message, taken from the
	48	* nlmsghdr structure
	49	* return code: return value, based on errno values
	50	*
	51	* o ACCEPT
	52	* This message is sent from an application to specify if the kernel should
	53	* allow unlabled packets to pass if they do not match any of the static
	54	* mappings defined in the unlabeled module.
	55	*
	56	* +-----------------+
	57	* \| allow (32 bits) \|
	58	* +-----------------+
	59	*
	60	* allow: if true (1) then allow the packets to pass, if false (0) then
	61	* reject the packets
	62	*
	63	* o LIST
	64	* This message can be sent either from an application or by the kernel in
	65	* response to an application generated LIST message. When sent by an
	66	* application there is no payload. The kernel should respond to a LIST
	67	* message either with a LIST message on success or an ACK message on
	68	* failure.
	69	*
	70	* +-----------------------+
	71	* \| accept flag (32 bits) \|
	72	* +-----------------------+
	73	*
	74	* accept flag: if true (1) then unlabeled packets are allowed to pass,
	75	* if false (0) then unlabeled packets are rejected
	76	*
	77	*/
	78
	79	/* NetLabel Unlabeled commands */
	80	enum {
	81	NLBL_UNLABEL_C_UNSPEC,
	82	NLBL_UNLABEL_C_ACK,
	83	NLBL_UNLABEL_C_ACCEPT,
	84	NLBL_UNLABEL_C_LIST,
	85	__NLBL_UNLABEL_C_MAX,
	86	};
	87	#define NLBL_UNLABEL_C_MAX (__NLBL_UNLABEL_C_MAX - 1)
	88
	89	/* NetLabel protocol functions */
	90	int netlbl_unlabel_genl_init(void);
	91
	92	/* Process Unlabeled incoming network packets */
	93	int netlbl_unlabel_getattr(struct netlbl_lsm_secattr *secattr);
	94
	95	/* Set the default configuration to allow Unlabeled packets */
	96	int netlbl_unlabel_defconf(void);
	97
	98	#endif