Merge branch 'master' of git://git.infradead.org/users/pcmoore/lblnet-2.6_next into next

#include <linux/net.h>

#include <linux/skbuff.h>

#include <net/netlabel.h>

#include <asm/atomic.h>

/* known doi values */

#define CIPSO_V4_DOI_UNKNOWN          0x00000000

/* tag types */

/* standard tag types */

#define CIPSO_V4_TAG_INVALID          0

#define CIPSO_V4_TAG_RBITMAP          1

#define CIPSO_V4_TAG_ENUM             2

#define CIPSO_V4_TAG_PBITMAP          6

#define CIPSO_V4_TAG_FREEFORM         7

/* non-standard tag types (tags > 127) */

#define CIPSO_V4_TAG_LOCAL            128

/* doi mapping types */

#define CIPSO_V4_MAP_UNKNOWN          0

#define CIPSO_V4_MAP_STD              1

#define CIPSO_V4_MAP_TRANS            1

#define CIPSO_V4_MAP_PASS             2

#define CIPSO_V4_MAP_LOCAL            3

/* limits */

#define CIPSO_V4_MAX_REM_LVLS         255

	} map;

	u8 tags[CIPSO_V4_TAG_MAXCNT];

	u32 valid;

	atomic_t refcount;

	struct list_head list;

	struct rcu_head rcu;

	struct list_head dom_list;

};

/* Standard CIPSO mapping table */

#ifdef CONFIG_NETLABEL

int cipso_v4_doi_add(struct cipso_v4_doi *doi_def);

int cipso_v4_doi_remove(u32 doi,

			struct netlbl_audit *audit_info,

			void (*callback) (struct rcu_head * head));

void cipso_v4_doi_free(struct cipso_v4_doi *doi_def);

int cipso_v4_doi_remove(u32 doi, struct netlbl_audit *audit_info);

struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi);

void cipso_v4_doi_putdef(struct cipso_v4_doi *doi_def);

int cipso_v4_doi_walk(u32 *skip_cnt,

		     int (*callback) (struct cipso_v4_doi *doi_def, void *arg),

	             void *cb_arg);

int cipso_v4_doi_domhsh_add(struct cipso_v4_doi *doi_def, const char *domain);

int cipso_v4_doi_domhsh_remove(struct cipso_v4_doi *doi_def,

			       const char *domain);

#else

static inline int cipso_v4_doi_add(struct cipso_v4_doi *doi_def)

{

	return -ENOSYS;

}

static inline void cipso_v4_doi_free(struct cipso_v4_doi *doi_def)

{

	return;

}

static inline int cipso_v4_doi_remove(u32 doi,

				    struct netlbl_audit *audit_info,

				    void (*callback) (struct rcu_head * head))

				      struct netlbl_audit *audit_info)

{

	return 0;

}

int cipso_v4_sock_setattr(struct sock *sk,

			  const struct cipso_v4_doi *doi_def,

			  const struct netlbl_lsm_secattr *secattr);

void cipso_v4_sock_delattr(struct sock *sk);

int cipso_v4_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr);

int cipso_v4_skbuff_setattr(struct sk_buff *skb,

			    const struct cipso_v4_doi *doi_def,

			    const struct netlbl_lsm_secattr *secattr);

int cipso_v4_skbuff_delattr(struct sk_buff *skb);

int cipso_v4_skbuff_getattr(const struct sk_buff *skb,

			    struct netlbl_lsm_secattr *secattr);

int cipso_v4_validate(unsigned char **option);

int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option);

#else

static inline void cipso_v4_error(struct sk_buff *skb,

				  int error,

	return -ENOSYS;

}

static inline void cipso_v4_sock_delattr(struct sock *sk)

{

}

static inline int cipso_v4_sock_getattr(struct sock *sk,

					struct netlbl_lsm_secattr *secattr)

{

	return -ENOSYS;

}

static inline int cipso_v4_skbuff_setattr(struct sk_buff *skb,

				      const struct cipso_v4_doi *doi_def,

				      const struct netlbl_lsm_secattr *secattr)

{

	return -ENOSYS;

}

static inline int cipso_v4_skbuff_delattr(struct sk_buff *skb)

{

	return -ENOSYS;

}

static inline int cipso_v4_skbuff_getattr(const struct sk_buff *skb,

					  struct netlbl_lsm_secattr *secattr)

{

	return -ENOSYS;

}

static inline int cipso_v4_validate(unsigned char **option)

static inline int cipso_v4_validate(const struct sk_buff *skb,

				    unsigned char **option)

{

	return -ENOSYS;

}

 */

/*

 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006

 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006, 2008

 *

 * This program is free software;  you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

/* NetLabel NETLINK protocol version

 *  1: initial version

 *  2: added static labels for unlabeled connections

 *  3: network selectors added to the NetLabel/LSM domain mapping and the

 *     CIPSO_V4_MAP_LOCAL CIPSO mapping was added

 */

#define NETLBL_PROTO_VERSION            2

#define NETLBL_PROTO_VERSION            3

/* NetLabel NETLINK types/families */

#define NETLBL_NLTYPE_NONE              0

#define NETLBL_NLTYPE_CIPSOV6_NAME      "NLBL_CIPSOv6"

#define NETLBL_NLTYPE_UNLABELED         5

#define NETLBL_NLTYPE_UNLABELED_NAME    "NLBL_UNLBL"

#define NETLBL_NLTYPE_ADDRSELECT        6

#define NETLBL_NLTYPE_ADDRSELECT_NAME   "NLBL_ADRSEL"

/*

 * NetLabel - Kernel API for accessing the network packet label mappings.

	u32 type;

	char *domain;

	struct netlbl_lsm_cache *cache;

	union {

	struct {

		struct {

			struct netlbl_lsm_secattr_catmap *cat;

			u32 lvl;

int netlbl_cfg_map_del(const char *domain, struct netlbl_audit *audit_info);

int netlbl_cfg_unlbl_add_map(const char *domain,

			     struct netlbl_audit *audit_info);

int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def,

			   struct netlbl_audit *audit_info);

int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def,

			       const char *domain,

			       struct netlbl_audit *audit_info);

int netlbl_cfg_cipsov4_del(u32 doi, struct netlbl_audit *audit_info);

/*

 * LSM security attribute operations

int netlbl_enabled(void);

int netlbl_sock_setattr(struct sock *sk,

			const struct netlbl_lsm_secattr *secattr);

void netlbl_sock_delattr(struct sock *sk);

int netlbl_sock_getattr(struct sock *sk,

			struct netlbl_lsm_secattr *secattr);

int netlbl_conn_setattr(struct sock *sk,

			struct sockaddr *addr,

			const struct netlbl_lsm_secattr *secattr);

int netlbl_skbuff_setattr(struct sk_buff *skb,

			  u16 family,

			  const struct netlbl_lsm_secattr *secattr);

int netlbl_skbuff_getattr(const struct sk_buff *skb,

			  u16 family,

			  struct netlbl_lsm_secattr *secattr);

void netlbl_skbuff_err(struct sk_buff *skb, int error);

void netlbl_skbuff_err(struct sk_buff *skb, int error, int gateway);

/*

 * LSM label mapping cache operations

{

	return -ENOSYS;

}

static inline int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def,

					 struct netlbl_audit *audit_info)

{

	return -ENOSYS;

}

static inline int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def,

					     const char *domain,

					     struct netlbl_audit *audit_info)

{

	return -ENOSYS;

}

static inline int netlbl_cfg_cipsov4_del(u32 doi,

					 struct netlbl_audit *audit_info)

{

	return -ENOSYS;

}

static inline int netlbl_secattr_catmap_walk(

	                              struct netlbl_lsm_secattr_catmap *catmap,

				      u32 offset)

{

	return -ENOSYS;

}

static inline void netlbl_sock_delattr(struct sock *sk)

{

}

static inline int netlbl_sock_getattr(struct sock *sk,

				      struct netlbl_lsm_secattr *secattr)

{

	return -ENOSYS;

}

static inline int netlbl_conn_setattr(struct sock *sk,

				      struct sockaddr *addr,

				      const struct netlbl_lsm_secattr *secattr)

{

	return -ENOSYS;

}

static inline int netlbl_skbuff_setattr(struct sk_buff *skb,

				      u16 family,

				      const struct netlbl_lsm_secattr *secattr)

{

	return -ENOSYS;

}

static inline int netlbl_skbuff_getattr(const struct sk_buff *skb,

					u16 family,

					struct netlbl_lsm_secattr *secattr)

{

	return -ENOSYS;

}

static inline void netlbl_skbuff_err(struct sk_buff *skb, int error)

static inline void netlbl_skbuff_err(struct sk_buff *skb,

				     int error,

				     int gateway)

{

	return;

}

				goto error;

			}

			opt->cipso = optptr - iph;

			if (cipso_v4_validate(&optptr)) {

			if (cipso_v4_validate(skb, &optptr)) {

				pp_ptr = optptr;

				goto error;

			}

#

# base objects

obj-y	:= netlabel_user.o netlabel_kapi.o netlabel_domainhash.o

obj-y	:= netlabel_user.o netlabel_kapi.o

obj-y	+= netlabel_domainhash.o netlabel_addrlist.o

# management objects

obj-y	+= netlabel_mgmt.o