summaryrefslogtreecommitdiff
path: root/include/net/netlabel.h
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2008-12-31 20:54:11 +0300
committerPaul Moore <paul.moore@hp.com>2008-12-31 20:54:11 +0300
commit6c2e8ac0953fccdd24dc6c4b9e08e8f1cd68cf07 (patch)
treec52e242ec5e5c2d131af2d9dbb038f78f724a74c /include/net/netlabel.h
parent6a94cb73064c952255336cc57731904174b2c58f (diff)
downloadlinux-6c2e8ac0953fccdd24dc6c4b9e08e8f1cd68cf07.tar.xz
netlabel: Update kernel configuration API
Update the NetLabel kernel API to expose the new features added in kernel releases 2.6.25 and 2.6.28: the static/fallback label functionality and network address based selectors. Signed-off-by: Paul Moore <paul.moore@hp.com>
Diffstat (limited to 'include/net/netlabel.h')
-rw-r--r--include/net/netlabel.h86
1 files changed, 80 insertions, 6 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 17c442a4514e..749011eedc0b 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -33,6 +33,8 @@
#include <linux/types.h>
#include <linux/net.h>
#include <linux/skbuff.h>
+#include <linux/in.h>
+#include <linux/in6.h>
#include <net/netlink.h>
#include <asm/atomic.h>
@@ -353,13 +355,37 @@ static inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr)
/*
* LSM configuration operations
*/
-int netlbl_cfg_map_del(const char *domain, struct netlbl_audit *audit_info);
-int netlbl_cfg_unlbl_add_map(const char *domain,
+int netlbl_cfg_map_del(const char *domain,
+ u16 family,
+ const void *addr,
+ const void *mask,
+ struct netlbl_audit *audit_info);
+int netlbl_cfg_unlbl_map_add(const char *domain,
+ u16 family,
+ const void *addr,
+ const void *mask,
struct netlbl_audit *audit_info);
-int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def,
+int netlbl_cfg_unlbl_static_add(struct net *net,
+ const char *dev_name,
+ const void *addr,
+ const void *mask,
+ u16 family,
+ u32 secid,
+ struct netlbl_audit *audit_info);
+int netlbl_cfg_unlbl_static_del(struct net *net,
+ const char *dev_name,
+ const void *addr,
+ const void *mask,
+ u16 family,
+ struct netlbl_audit *audit_info);
+int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def,
+ struct netlbl_audit *audit_info);
+void netlbl_cfg_cipsov4_del(u32 doi, struct netlbl_audit *audit_info);
+int netlbl_cfg_cipsov4_map_add(u32 doi,
const char *domain,
+ const struct in_addr *addr,
+ const struct in_addr *mask,
struct netlbl_audit *audit_info);
-
/*
* LSM security attribute operations
*/
@@ -401,19 +427,62 @@ void netlbl_skbuff_err(struct sk_buff *skb, int error, int gateway);
void netlbl_cache_invalidate(void);
int netlbl_cache_add(const struct sk_buff *skb,
const struct netlbl_lsm_secattr *secattr);
+
+/*
+ * Protocol engine operations
+ */
+struct audit_buffer *netlbl_audit_start(int type,
+ struct netlbl_audit *audit_info);
#else
static inline int netlbl_cfg_map_del(const char *domain,
+ u16 family,
+ const void *addr,
+ const void *mask,
struct netlbl_audit *audit_info)
{
return -ENOSYS;
}
-static inline int netlbl_cfg_unlbl_add_map(const char *domain,
+static inline int netlbl_cfg_unlbl_map_add(const char *domain,
+ u16 family,
+ void *addr,
+ void *mask,
struct netlbl_audit *audit_info)
{
return -ENOSYS;
}
-static inline int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def,
+static inline int netlbl_cfg_unlbl_static_add(struct net *net,
+ const char *dev_name,
+ const void *addr,
+ const void *mask,
+ u16 family,
+ u32 secid,
+ struct netlbl_audit *audit_info)
+{
+ return -ENOSYS;
+}
+static inline int netlbl_cfg_unlbl_static_del(struct net *net,
+ const char *dev_name,
+ const void *addr,
+ const void *mask,
+ u16 family,
+ struct netlbl_audit *audit_info)
+{
+ return -ENOSYS;
+}
+static inline int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def,
+ struct netlbl_audit *audit_info)
+{
+ return -ENOSYS;
+}
+static inline void netlbl_cfg_cipsov4_del(u32 doi,
+ struct netlbl_audit *audit_info)
+{
+ return;
+}
+static inline int netlbl_cfg_cipsov4_map_add(u32 doi,
const char *domain,
+ const struct in_addr *addr,
+ const struct in_addr *mask,
struct netlbl_audit *audit_info)
{
return -ENOSYS;
@@ -495,6 +564,11 @@ static inline int netlbl_cache_add(const struct sk_buff *skb,
{
return 0;
}
+static inline struct audit_buffer *netlbl_audit_start(int type,
+ struct netlbl_audit *audit_info)
+{
+ return NULL;
+}
#endif /* CONFIG_NETLABEL */
#endif /* _NETLABEL_H */