404

/*
 * CIPSO - Commercial IP Security Option
 *
 * This is an implementation of the CIPSO 2.2 protocol as specified in
 * draft-ietf-cipso-ipsecurity-01.txt with additional tag types as found in
 * FIPS-188, copies of both documents can be found in the Documentation
 * directory.  While CIPSO never became a full IETF RFC standard many vendors
 * have chosen to adopt the protocol and over the years it has become a
 * de-facto standard for labeled networking.
 *
 * Author: Paul Moore <paul@paul-moore.com>
 *
 */

/*
 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
 *
 * This program is free software;  you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY;  without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
 * the GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program;  if not, see <http://www.gnu.org/licenses/>.
 *
 */

#ifndef _CIPSO_IPV4_H
#define _CIPSO_IPV4_H

#include <linux/types.h>
#include <linux/rcupdate.h>
#include <linux/list.h>
#include <linux/net.h>
#include <linux/skbuff.h>
#include <net/netlabel.h>
#include <net/request_sock.h>
#include <linux/atomic.h>
#include <linux/refcount.h>
#include <asm/unaligned.h>

/* known doi values */
#define CIPSO_V4_DOI_UNKNOWN          0x00000000

/* standard tag types */
#define CIPSO_V4_TAG_INVALID          0
#define CIPSO_V4_TAG_RBITMAP          1
#define CIPSO_V4_TAG_ENUM             2
#define CIPSO_V4_TAG_RANGE            5
#define CIPSO_V4_TAG_PBITMAP          6
#define CIPSO_V4_TAG_FREEFORM         7

/* non-standard tag types (tags > 127) */
#define CIPSO_V4_TAG_LOCAL            128

/* doi mapping types */
#define CIPSO_V4_MAP_UNKNOWN          0
#define CIPSO_V4_MAP_TRANS            1
#define CIPSO_V4_MAP_PASS             2
#define CIPSO_V4_MAP_LOCAL            3

/* limits */
#define CIPSO_V4_MAX_REM_LVLS         255
#define CIPSO_V4_INV_LVL              0x80000000
#define CIPSO_V4_MAX_LOC_LVLS         (CIPSO_V4_INV_LVL - 1)
#define CIPSO_V4_MAX_REM_CATS         65534
#define CIPSO_V4_INV_CAT              0x80000000
#define CIPSO_V4_MAX_LOC_CATS         (CIPSO_V4_INV_CAT - 1)

/*
 * CIPSO DOI definitions
 */

/* DOI definition struct */
#define CIPSO_V4_TAG_MAXCNT           5
struct cipso_v4_doi {
	u32 doi;
	u32 type;
	union {
		struct cipso_v4_std_map_tbl *std;
	} map;
	u8 tags[CIPSO_V4_TAG_MAXCNT];

	refcount_t refcount;
	struct list_head list;
	struct rcu_head rcu;
};

/* Standard CIPSO mapping table */
/* NOTE: the highest order bit (i.e. 0x80000000) is an 'invalid' flag, if the
 *       bit is set then consider that value as unspecified, meaning the
 *       mapping for that particular level/category is invalid */
struct cipso_v4_std_map_tbl {
	struct {
		u32 *cipso;
		u32 *local;
		u32 cipso_size;
		u32 local_size;
	} lvl;
	struct {
		u32 *cipso;
		u32 *local;
		u32 cipso_size;
		u32 local_size;
	} cat;
};

/*
 * Sysctl Variables
 */

#ifdef CONFIG_NETLABEL
extern int cipso_v4_cache_enabled;
extern int cipso_v4_cache_bucketsize;
extern int cipso_v4_rbm_optfmt;
extern int cipso_v4_rbm_strictvalid;
#endif

/*
 * DOI List Functions
 */

#ifdef CONFIG_NETLABEL
int cipso_v4_doi_add(struct cipso_v4_doi *doi_def,
		     struct netlbl_audit *audit_info);
void cipso_v4_doi_free(struct cipso_v4_doi *doi_def);
int cipso_v4_doi_remove(u32 doi, struct netlbl_audit *audit_info);
struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi);
void cipso_v4_doi_putdef(struct cipso_v4_doi *doi_def);
int cipso_v4_doi_walk(u32 *skip_cnt,
		     int (*callback) (struct cipso_v4_doi *doi_def, void *arg),
	             void *cb_arg);
#else
static inline int cipso_v4_doi_add(struct cipso_v4_doi *doi_def,
				   struct netlbl_audit *audit_info)
{
	return -ENOSYS;
}

static inline void cipso_v4_doi_free(struct cipso_v4_doi *doi_def)
{
	return;
}

static inline int cipso_v4_doi_remove(u32 doi,
				      struct netlbl_audit *audit_info)
{
	return 0;
}

static inline struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi)
{
	return NULL;
}

static inline int cipso_v4_doi_walk(u32 *skip_cnt,
		     int (*callback) (struct cipso_v4_doi *doi_def, void *arg),
		     void *cb_arg)
{
	return 0;
}

static inline int cipso_v4_doi_domhsh_add(struct cipso_v4_doi *doi_def,
					  const char *domain)
{
	return -ENOSYS;
}

static inline int cipso_v4_doi_domhsh_remove(struct cipso_v4_doi *doi_def,
					     const char *domain)
{
	return 0;
}
#endif /* CONFIG_NETLABEL */

/*
 * Label Mapping Cache Functions
 */

#ifdef CONFIG_NETLABEL
void cipso_v4_cache_invalidate(void);
int cipso_v4_cache_add(const unsigned char *cipso_ptr,
		       const struct netlbl_lsm_secattr *secattr);
#else
static inline void cipso_v4_cache_invalidate(void)
{
	return;
}

static inline int cipso_v4_cache_add(const unsigned char *cipso_ptr,
				     const struct netlbl_lsm_secattr *secattr)
{
	return 0;
}
#endif /* CONFIG_NETLABEL */

/*
 * Protocol Handling Functions
 */

#ifdef CONFIG_NETLABEL
void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway);
int cipso_v4_getattr(const unsigned char *cipso,
		     struct netlbl_lsm_secattr *secattr);
int cipso_v4_sock_setattr(struct sock *sk,
			  const struct cipso_v4_doi *doi_def,
			  const struct netlbl_lsm_secattr *secattr);
void cipso_v4_sock_delattr(struct sock *sk);
int cipso_v4_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr);
int cipso_v4_req_setattr(struct request_sock *req,
			 const struct cipso_v4_doi *doi_def,
			 const struct netlbl_lsm_secattr *secattr);
void cipso_v4_req_delattr(struct request_sock *req);
int cipso_v4_skbuff_setattr(struct sk_buff *skb,
			    const struct cipso_v4_doi *doi_def,
			    const struct netlbl_lsm_secattr *secattr);
int cipso_v4_skbuff_delattr(struct sk_buff *skb);
int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
			    struct netlbl_lsm_secattr *secattr);
unsigned char *cipso_v4_optptr(const struct sk_buff *skb);
int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option);
#else
static inline void cipso_v4_error(struct sk_buff *skb,
				  int error,
				  u32 gateway)
{
	return;
}

static inline int cipso_v4_getattr(const unsigned char *cipso,
				   struct netlbl_lsm_secattr *secattr)
{
	return -ENOSYS;
}

static inline int cipso_v4_sock_setattr(struct sock *sk,
				      const struct cipso_v4_doi *doi_def,
				      const struct netlbl_lsm_secattr *secattr)
{
	return -ENOSYS;
}

static inline void cipso_v4_sock_delattr(struct sock *sk)
{
}

static inline int cipso_v4_sock_getattr(struct sock *sk,
					struct netlbl_lsm_secattr *secattr)
{
	return -ENOSYS;
}

static inline int cipso_v4_req_setattr(struct request_sock *req,
				       const struct cipso_v4_doi *doi_def,
				       const struct netlbl_lsm_secattr *secattr)
{
	return -ENOSYS;
}

static inline void cipso_v4_req_delattr(struct request_sock *req)
{
	return;
}

static inline int cipso_v4_skbuff_setattr(struct sk_buff *skb,
				      const struct cipso_v4_doi *doi_def,
				      const struct netlbl_lsm_secattr *secattr)
{
	return -ENOSYS;
}

static inline int cipso_v4_skbuff_delattr(struct sk_buff *skb)
{
	return -ENOSYS;
}

static inline int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
					  struct netlbl_lsm_secattr *secattr)
{
	return -ENOSYS;
}

static inline unsigned char *cipso_v4_optptr(const struct sk_buff *skb)
{
	return NULL;
}

static inline int cipso_v4_validate(const struct sk_buff *skb,
				    unsigned char **option)
{
	unsigned char *opt = *option;
	unsigned char err_offset = 0;
	u8 opt_len = opt[1];
	u8 opt_iter;
	u8 tag_len;

	if (opt_len < 8) {
		err_offset = 1;
		goto out;
	}

	if (get_unaligned_be32(&opt[2]) == 0) {
		err_offset = 2;
		goto out;
	}

	for (opt_iter = 6; opt_iter < opt_len;) {
		if (opt_iter + 1 == opt_len) {
			err_offset = opt_iter;
			goto out;
		}
		tag_len = opt[opt_iter + 1];
		if ((tag_len == 0) || (tag_len > (opt_len - opt_iter))) {
			err_offset = opt_iter + 1;
			goto out;
		}
		opt_iter += tag_len;
	}

out:
	*option = opt + err_offset;
	return err_offset;

}
#endif /* CONFIG_NETLABEL */

#endif /* _CIPSO_IPV4_H */

Name	Type	Size	Permission
9p	Folder		0755
bluetooth	Folder		0755
caif	Folder		0755
iucv	Folder		0755
netfilter	Folder		0755
netns	Folder		0755
nfc	Folder		0755
phonet	Folder		0755
sctp	Folder		0755
tc_act	Folder		0755
6lowpan.h	File	10.03 KB	0644
Space.h	File	1.15 KB	0644
act_api.h	File	6.38 KB	0644
addrconf.h	File	12.63 KB	0644
af_ieee802154.h	File	1.55 KB	0644
af_rxrpc.h	File	2.79 KB	0644
af_unix.h	File	2.22 KB	0644
af_vsock.h	File	7.21 KB	0644
ah.h	File	382 B	0644
arp.h	File	2 KB	0644
atmclip.h	File	1.48 KB	0644
ax25.h	File	15.02 KB	0644
ax88796.h	File	998 B	0644
bond_3ad.h	File	9.79 KB	0644
bond_alb.h	File	6.6 KB	0644
bond_options.h	File	3.92 KB	0644
bonding.h	File	19.1 KB	0644
busy_poll.h	File	3.81 KB	0644
calipso.h	File	2.15 KB	0644
cfg80211-wext.h	File	1.95 KB	0644
cfg80211.h	File	221.24 KB	0644
cfg802154.h	File	10.89 KB	0644
checksum.h	File	4.76 KB	0644
cipso_ipv4.h	File	8.2 KB	0644
cls_cgroup.h	File	2.15 KB	0644
codel.h	File	5.65 KB	0644
codel_impl.h	File	7.98 KB	0644
codel_qdisc.h	File	2.9 KB	0644
compat.h	File	2.11 KB	0644
datalink.h	File	619 B	0644
dcbevent.h	File	1.26 KB	0644
dcbnl.h	File	4.2 KB	0644
devlink.h	File	13.25 KB	0644
dn.h	File	6.88 KB	0644
dn_dev.h	File	5.36 KB	0644
dn_fib.h	File	3.98 KB	0644
dn_neigh.h	File	968 B	0644
dn_nsp.h	File	5.83 KB	0644
dn_route.h	File	4.36 KB	0644
dsa.h	File	13.94 KB	0644
dsfield.h	File	1.11 KB	0644
dst.h	File	13.48 KB	0644
dst_cache.h	File	2.53 KB	0644
dst_metadata.h	File	5.39 KB	0644
dst_ops.h	File	2 KB	0644
erspan.h	File	2.11 KB	0644
esp.h	File	877 B	0644
ethoc.h	File	538 B	0644
fib_notifier.h	File	1.29 KB	0644
fib_rules.h	File	4.18 KB	0644
firewire.h	File	636 B	0644
flow.h	File	6.16 KB	0644
flow_dissector.h	File	7.55 KB	0644
fou.h	File	549 B	0644
fq.h	File	2.67 KB	0644
fq_impl.h	File	6.9 KB	0644
garp.h	File	2.62 KB	0644
gen_stats.h	File	2.34 KB	0644
genetlink.h	File	11.3 KB	0644
geneve.h	File	1.67 KB	0644
gre.h	File	2.99 KB	0644
gro_cells.h	File	443 B	0644
gtp.h	File	633 B	0644
gue.h	File	3.23 KB	0644
hwbm.h	File	937 B	0644
icmp.h	File	2.01 KB	0644
ieee80211_radiotap.h	File	6.63 KB	0644
ieee802154_netdev.h	File	10.24 KB	0644
if_inet6.h	File	6.13 KB	0644
ife.h	File	1.06 KB	0644
ila.h	File	498 B	0644
inet6_connection_sock.h	File	976 B	0644
inet6_hashtables.h	File	3.7 KB	0644
inet_common.h	File	1.89 KB	0644
inet_connection_sock.h	File	10.48 KB	0644
inet_ecn.h	File	6.02 KB	0644
inet_frag.h	File	4.51 KB	0644
inet_hashtables.h	File	12.91 KB	0644
inet_sock.h	File	8.25 KB	0644
inet_timewait_sock.h	File	3.82 KB	0644
inetpeer.h	File	3.29 KB	0644
ip.h	File	18.51 KB	0644
ip6_checksum.h	File	2.89 KB	0644
ip6_fib.h	File	10.04 KB	0644
ip6_route.h	File	7.63 KB	0644
ip6_tunnel.h	File	4.72 KB	0644
ip_fib.h	File	10.72 KB	0644
ip_tunnels.h	File	13.61 KB	0644
ip_vs.h	File	46.78 KB	0644
ipcomp.h	File	659 B	0644
ipconfig.h	File	811 B	0644
ipv6.h	File	29.97 KB	0644
ipv6_frag.h	File	2.54 KB	0644
ipx.h	File	4.4 KB	0644
iw_handler.h	File	20.91 KB	0644
kcm.h	File	4.96 KB	0644
l3mdev.h	File	5.86 KB	0644
lapb.h	File	4.75 KB	0644
lib80211.h	File	3.92 KB	0644
llc.h	File	4.41 KB	0644
llc_c_ac.h	File	9.31 KB	0644
llc_c_ev.h	File	10.68 KB	0644
llc_c_st.h	File	1.72 KB	0644
llc_conn.h	File	4.06 KB	0644
llc_if.h	File	2.16 KB	0644
llc_pdu.h	File	14.44 KB	0644
llc_s_ac.h	File	1.55 KB	0644
llc_s_ev.h	File	2.2 KB	0644
llc_s_st.h	File	947 B	0644
llc_sap.h	File	1.08 KB	0644
lwtunnel.h	File	5.84 KB	0644
mac80211.h	File	230.36 KB	0644
mac802154.h	File	15.27 KB	0644
mip6.h	File	1.58 KB	0644
mld.h	File	2.8 KB	0644
mpls.h	File	932 B	0644
mpls_iptunnel.h	File	827 B	0644
mrp.h	File	3.05 KB	0644
ncsi.h	File	1.92 KB	0644
ndisc.h	File	13.77 KB	0644
neighbour.h	File	15.06 KB	0644
net_namespace.h	File	10.08 KB	0644
net_ratelimit.h	File	220 B	0644
netevent.h	File	910 B	0644
netlabel.h	File	20.74 KB	0644
netlink.h	File	40.39 KB	0644
netprio_cgroup.h	File	1.24 KB	0644
netrom.h	File	7.68 KB	0644
nexthop.h	File	865 B	0644
nl802154.h	File	12.09 KB	0644
nsh.h	File	12.31 KB	0644
p8022.h	File	447 B	0644
ping.h	File	3.45 KB	0644
pkt_cls.h	File	17.34 KB	0644
pkt_sched.h	File	4.05 KB	0644
pptp.h	File	557 B	0644
protocol.h	File	3.89 KB	0644
psample.h	File	860 B	0644
psnap.h	File	351 B	0644
raw.h	File	2.07 KB	0644
rawv6.h	File	854 B	0644
red.h	File	10.45 KB	0644
regulatory.h	File	10.12 KB	0644
request_sock.h	File	6.46 KB	0644
rose.h	File	7.62 KB	0644
route.h	File	10.02 KB	0644
rtnetlink.h	File	6.13 KB	0644
sch_generic.h	File	23.3 KB	0644
scm.h	File	3.5 KB	0644
secure_seq.h	File	855 B	0644
seg6.h	File	1.66 KB	0644
seg6_hmac.h	File	1.65 KB	0644
slhc_vj.h	File	6.67 KB	0644
smc.h	File	440 B	0644
snmp.h	File	5.23 KB	0644
sock.h	File	70.05 KB	0644
sock_reuseport.h	File	863 B	0644
stp.h	File	383 B	0644
strparser.h	File	3.75 KB	0644
switchdev.h	File	6.52 KB	0644
tcp.h	File	62.88 KB	0644
tcp_states.h	File	1.26 KB	0644
timewait_sock.h	File	1.11 KB	0644
tipc.h	File	2.34 KB	0644
tls.h	File	7.12 KB	0644
transp_v6.h	File	2.08 KB	0644
tso.h	File	515 B	0644
tun_proto.h	File	988 B	0644
udp.h	File	12.87 KB	0644
udp_tunnel.h	File	5.12 KB	0644
udplite.h	File	3.83 KB	0644
vsock_addr.h	File	1.05 KB	0644
vxlan.h	File	10.43 KB	0644
wext.h	File	1.51 KB	0644
wimax.h	File	19.97 KB	0644
x25.h	File	9.43 KB	0644
x25device.h	File	387 B	0644
xfrm.h	File	53.72 KB	0644

[ Avaa Bypassed ]

Upload:

Command:

Filemanager

Server Info

System Info

User Info