projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[NetLabel]: add audit support for configuration changes
[deliverable/linux.git] / net / netlabel / netlabel_cipso_v4.c
CommitLineData
96cb8e33
PM		 1/*
2 * NetLabel CIPSO/IPv4 Support
3 *
4 * This file defines the CIPSO/IPv4 functions for the NetLabel system. The
5 * NetLabel system manages static and dynamic label mappings for network
6 * protocols such as CIPSO and RIPSO.
7 *
8 * Author: Paul Moore <paul.moore@hp.com>
9 *
10 */
11
12/*
13 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
14 *
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
17 * the Free Software Foundation; either version 2 of the License, or
18 * (at your option) any later version.
19 *
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
23 * the GNU General Public License for more details.
24 *
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
28 *
29 */
30
31#include <linux/types.h>
32#include <linux/socket.h>
33#include <linux/string.h>
34#include <linux/skbuff.h>
32f50cde 35#include <linux/audit.h>
96cb8e33
PM		 36#include <net/sock.h>
37#include <net/netlink.h>
38#include <net/genetlink.h>
39#include <net/netlabel.h>
40#include <net/cipso_ipv4.h>
41
42#include "netlabel_user.h"
43#include "netlabel_cipso_v4.h"
44
fd385855
PM		 45/* Argument struct for cipso_v4_doi_walk() */
46struct netlbl_cipsov4_doiwalk_arg {
47 struct netlink_callback *nl_cb;
48 struct sk_buff *skb;
49 u32 seq;
50};
51
96cb8e33
PM		 52/* NetLabel Generic NETLINK CIPSOv4 family */
53static struct genl_family netlbl_cipsov4_gnl_family = {
54 .id = GENL_ID_GENERATE,
55 .hdrsize = 0,
56 .name = NETLBL_NLTYPE_CIPSOV4_NAME,
57 .version = NETLBL_PROTO_VERSION,
fd385855 58 .maxattr = NLBL_CIPSOV4_A_MAX,
96cb8e33
PM		 59};
60
fd385855
PM		 61/* NetLabel Netlink attribute policy */
62static struct nla_policy netlbl_cipsov4_genl_policy[NLBL_CIPSOV4_A_MAX + 1] = {
63 [NLBL_CIPSOV4_A_DOI] = { .type = NLA_U32 },
64 [NLBL_CIPSOV4_A_MTYPE] = { .type = NLA_U32 },
65 [NLBL_CIPSOV4_A_TAG] = { .type = NLA_U8 },
66 [NLBL_CIPSOV4_A_TAGLST] = { .type = NLA_NESTED },
67 [NLBL_CIPSOV4_A_MLSLVLLOC] = { .type = NLA_U32 },
68 [NLBL_CIPSOV4_A_MLSLVLREM] = { .type = NLA_U32 },
69 [NLBL_CIPSOV4_A_MLSLVL] = { .type = NLA_NESTED },
70 [NLBL_CIPSOV4_A_MLSLVLLST] = { .type = NLA_NESTED },
71 [NLBL_CIPSOV4_A_MLSCATLOC] = { .type = NLA_U32 },
72 [NLBL_CIPSOV4_A_MLSCATREM] = { .type = NLA_U32 },
73 [NLBL_CIPSOV4_A_MLSCAT] = { .type = NLA_NESTED },
74 [NLBL_CIPSOV4_A_MLSCATLST] = { .type = NLA_NESTED },
75};
96cb8e33
PM		 76
77/*
78 * Helper Functions
79 */
80
81/**
82 * netlbl_cipsov4_doi_free - Frees a CIPSO V4 DOI definition
83 * @entry: the entry's RCU field
84 *
85 * Description:
86 * This function is designed to be used as a callback to the call_rcu()
87 * function so that the memory allocated to the DOI definition can be released
88 * safely.
89 *
90 */
91static void netlbl_cipsov4_doi_free(struct rcu_head *entry)
92{
93 struct cipso_v4_doi *ptr;
94
95 ptr = container_of(entry, struct cipso_v4_doi, rcu);
96 switch (ptr->type) {
97 case CIPSO_V4_MAP_STD:
98 kfree(ptr->map.std->lvl.cipso);
99 kfree(ptr->map.std->lvl.local);
100 kfree(ptr->map.std->cat.cipso);
101 kfree(ptr->map.std->cat.local);
102 break;
103 }
104 kfree(ptr);
105}
106
fd385855
PM		 107/**
108 * netlbl_cipsov4_add_common - Parse the common sections of a ADD message
109 * @info: the Generic NETLINK info block
110 * @doi_def: the CIPSO V4 DOI definition
111 *
112 * Description:
113 * Parse the common sections of a ADD message and fill in the related values
114 * in @doi_def. Returns zero on success, negative values on failure.
115 *
116 */
117static int netlbl_cipsov4_add_common(struct genl_info *info,
118 struct cipso_v4_doi *doi_def)
119{
120 struct nlattr *nla;
121 int nla_rem;
122 u32 iter = 0;
123
124 doi_def->doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
125
126 if (nla_validate_nested(info->attrs[NLBL_CIPSOV4_A_TAGLST],
127 NLBL_CIPSOV4_A_MAX,
128 netlbl_cipsov4_genl_policy) != 0)
129 return -EINVAL;
130
131 nla_for_each_nested(nla, info->attrs[NLBL_CIPSOV4_A_TAGLST], nla_rem)
132 if (nla->nla_type == NLBL_CIPSOV4_A_TAG) {
133 if (iter > CIPSO_V4_TAG_MAXCNT)
134 return -EINVAL;
135 doi_def->tags[iter++] = nla_get_u8(nla);
136 }
137 if (iter < CIPSO_V4_TAG_MAXCNT)
138 doi_def->tags[iter] = CIPSO_V4_TAG_INVALID;
139
140 return 0;
141}
96cb8e33
PM		 142
143/*
144 * NetLabel Command Handlers
145 */
146
147/**
148 * netlbl_cipsov4_add_std - Adds a CIPSO V4 DOI definition
fd385855 149 * @info: the Generic NETLINK info block
96cb8e33
PM		 150 *
151 * Description:
152 * Create a new CIPSO_V4_MAP_STD DOI definition based on the given ADD message
153 * and add it to the CIPSO V4 engine. Return zero on success and non-zero on
154 * error.
155 *
156 */
fd385855 157static int netlbl_cipsov4_add_std(struct genl_info *info)
96cb8e33
PM		 158{
159 int ret_val = -EINVAL;
96cb8e33 160 struct cipso_v4_doi *doi_def = NULL;
fd385855
PM		 161 struct nlattr *nla_a;
162 struct nlattr *nla_b;
163 int nla_a_rem;
164 int nla_b_rem;
96cb8e33 165
32f50cde 166 if (!info->attrs[NLBL_CIPSOV4_A_TAGLST] ||
fd385855
PM		 167 !info->attrs[NLBL_CIPSOV4_A_MLSLVLLST])
168 return -EINVAL;
169
170 if (nla_validate_nested(info->attrs[NLBL_CIPSOV4_A_MLSLVLLST],
171 NLBL_CIPSOV4_A_MAX,
172 netlbl_cipsov4_genl_policy) != 0)
173 return -EINVAL;
96cb8e33
PM		 174
175 doi_def = kmalloc(sizeof(*doi_def), GFP_KERNEL);
fd385855
PM		 176 if (doi_def == NULL)
177 return -ENOMEM;
96cb8e33
PM		 178 doi_def->map.std = kzalloc(sizeof(*doi_def->map.std), GFP_KERNEL);
179 if (doi_def->map.std == NULL) {
180 ret_val = -ENOMEM;
181 goto add_std_failure;
182 }
183 doi_def->type = CIPSO_V4_MAP_STD;
184
fd385855
PM		 185 ret_val = netlbl_cipsov4_add_common(info, doi_def);
186 if (ret_val != 0)
96cb8e33
PM		 187 goto add_std_failure;
188
fd385855
PM		 189 nla_for_each_nested(nla_a,
190 info->attrs[NLBL_CIPSOV4_A_MLSLVLLST],
191 nla_a_rem)
192 if (nla_a->nla_type == NLBL_CIPSOV4_A_MLSLVL) {
193 nla_for_each_nested(nla_b, nla_a, nla_b_rem)
194 switch (nla_b->nla_type) {
195 case NLBL_CIPSOV4_A_MLSLVLLOC:
196 if (nla_get_u32(nla_b) >=
197 doi_def->map.std->lvl.local_size)
198 doi_def->map.std->lvl.local_size =
199 nla_get_u32(nla_b) + 1;
200 break;
201 case NLBL_CIPSOV4_A_MLSLVLREM:
202 if (nla_get_u32(nla_b) >=
203 doi_def->map.std->lvl.cipso_size)
204 doi_def->map.std->lvl.cipso_size =
205 nla_get_u32(nla_b) + 1;
206 break;
207 }
208 }
209 if (doi_def->map.std->lvl.local_size > CIPSO_V4_MAX_LOC_LVLS ||
210 doi_def->map.std->lvl.cipso_size > CIPSO_V4_MAX_REM_LVLS)
96cb8e33
PM		 211 goto add_std_failure;
212 doi_def->map.std->lvl.local = kcalloc(doi_def->map.std->lvl.local_size,
213 sizeof(u32),
214 GFP_KERNEL);
215 if (doi_def->map.std->lvl.local == NULL) {
216 ret_val = -ENOMEM;
217 goto add_std_failure;
218 }
96cb8e33
PM		 219 doi_def->map.std->lvl.cipso = kcalloc(doi_def->map.std->lvl.cipso_size,
220 sizeof(u32),
221 GFP_KERNEL);
222 if (doi_def->map.std->lvl.cipso == NULL) {
223 ret_val = -ENOMEM;
224 goto add_std_failure;
225 }
fd385855
PM		 226 nla_for_each_nested(nla_a,
227 info->attrs[NLBL_CIPSOV4_A_MLSLVLLST],
228 nla_a_rem)
229 if (nla_a->nla_type == NLBL_CIPSOV4_A_MLSLVL) {
230 struct nlattr *lvl_loc;
231 struct nlattr *lvl_rem;
232
233 if (nla_validate_nested(nla_a,
234 NLBL_CIPSOV4_A_MAX,
235 netlbl_cipsov4_genl_policy) != 0)
236 goto add_std_failure;
237
238 lvl_loc = nla_find_nested(nla_a,
239 NLBL_CIPSOV4_A_MLSLVLLOC);
240 lvl_rem = nla_find_nested(nla_a,
241 NLBL_CIPSOV4_A_MLSLVLREM);
242 if (lvl_loc == NULL || lvl_rem == NULL)
243 goto add_std_failure;
244 doi_def->map.std->lvl.local[nla_get_u32(lvl_loc)] =
245 nla_get_u32(lvl_rem);
246 doi_def->map.std->lvl.cipso[nla_get_u32(lvl_rem)] =
247 nla_get_u32(lvl_loc);
248 }
96cb8e33 249
fd385855
PM		 250 if (info->attrs[NLBL_CIPSOV4_A_MLSCATLST]) {
251 if (nla_validate_nested(info->attrs[NLBL_CIPSOV4_A_MLSCATLST],
252 NLBL_CIPSOV4_A_MAX,
253 netlbl_cipsov4_genl_policy) != 0)
254 goto add_std_failure;
255
256 nla_for_each_nested(nla_a,
257 info->attrs[NLBL_CIPSOV4_A_MLSCATLST],
258 nla_a_rem)
259 if (nla_a->nla_type == NLBL_CIPSOV4_A_MLSCAT) {
260 if (nla_validate_nested(nla_a,
261 NLBL_CIPSOV4_A_MAX,
262 netlbl_cipsov4_genl_policy) != 0)
263 goto add_std_failure;
264 nla_for_each_nested(nla_b, nla_a, nla_b_rem)
265 switch (nla_b->nla_type) {
266 case NLBL_CIPSOV4_A_MLSCATLOC:
267 if (nla_get_u32(nla_b) >=
268 doi_def->map.std->cat.local_size)
269 doi_def->map.std->cat.local_size =
270 nla_get_u32(nla_b) + 1;
271 break;
272 case NLBL_CIPSOV4_A_MLSCATREM:
273 if (nla_get_u32(nla_b) >=
274 doi_def->map.std->cat.cipso_size)
275 doi_def->map.std->cat.cipso_size =
276 nla_get_u32(nla_b) + 1;
277 break;
278 }
279 }
280 if (doi_def->map.std->cat.local_size > CIPSO_V4_MAX_LOC_CATS ||
281 doi_def->map.std->cat.cipso_size > CIPSO_V4_MAX_REM_CATS)
282 goto add_std_failure;
283 doi_def->map.std->cat.local = kcalloc(
284 doi_def->map.std->cat.local_size,
96cb8e33
PM		 285 sizeof(u32),
286 GFP_KERNEL);
fd385855
PM		 287 if (doi_def->map.std->cat.local == NULL) {
288 ret_val = -ENOMEM;
289 goto add_std_failure;
290 }
291 doi_def->map.std->cat.cipso = kcalloc(
292 doi_def->map.std->cat.cipso_size,
96cb8e33
PM		 293 sizeof(u32),
294 GFP_KERNEL);
fd385855
PM		 295 if (doi_def->map.std->cat.cipso == NULL) {
296 ret_val = -ENOMEM;
96cb8e33 297 goto add_std_failure;
fd385855
PM		 298 }
299 nla_for_each_nested(nla_a,
300 info->attrs[NLBL_CIPSOV4_A_MLSCATLST],
301 nla_a_rem)
302 if (nla_a->nla_type == NLBL_CIPSOV4_A_MLSCAT) {
303 struct nlattr *cat_loc;
304 struct nlattr *cat_rem;
305
306 cat_loc = nla_find_nested(nla_a,
307 NLBL_CIPSOV4_A_MLSCATLOC);
308 cat_rem = nla_find_nested(nla_a,
309 NLBL_CIPSOV4_A_MLSCATREM);
310 if (cat_loc == NULL || cat_rem == NULL)
311 goto add_std_failure;
312 doi_def->map.std->cat.local[
313 nla_get_u32(cat_loc)] =
314 nla_get_u32(cat_rem);
315 doi_def->map.std->cat.cipso[
316 nla_get_u32(cat_rem)] =
317 nla_get_u32(cat_loc);
318 }
96cb8e33
PM		 319 }
320
96cb8e33
PM		 321 ret_val = cipso_v4_doi_add(doi_def);
322 if (ret_val != 0)
323 goto add_std_failure;
324 return 0;
325
326add_std_failure:
327 if (doi_def)
328 netlbl_cipsov4_doi_free(&doi_def->rcu);
329 return ret_val;
330}
331
332/**
333 * netlbl_cipsov4_add_pass - Adds a CIPSO V4 DOI definition
fd385855 334 * @info: the Generic NETLINK info block
96cb8e33
PM		 335 *
336 * Description:
337 * Create a new CIPSO_V4_MAP_PASS DOI definition based on the given ADD message
338 * and add it to the CIPSO V4 engine. Return zero on success and non-zero on
339 * error.
340 *
341 */
fd385855 342static int netlbl_cipsov4_add_pass(struct genl_info *info)
96cb8e33 343{
fd385855 344 int ret_val;
96cb8e33 345 struct cipso_v4_doi *doi_def = NULL;
96cb8e33 346
32f50cde 347 if (!info->attrs[NLBL_CIPSOV4_A_TAGLST])
fd385855 348 return -EINVAL;
96cb8e33
PM		 349
350 doi_def = kmalloc(sizeof(*doi_def), GFP_KERNEL);
fd385855
PM		 351 if (doi_def == NULL)
352 return -ENOMEM;
96cb8e33
PM		 353 doi_def->type = CIPSO_V4_MAP_PASS;
354
fd385855
PM		 355 ret_val = netlbl_cipsov4_add_common(info, doi_def);
356 if (ret_val != 0)
357 goto add_pass_failure;
96cb8e33 358
96cb8e33
PM		 359 ret_val = cipso_v4_doi_add(doi_def);
360 if (ret_val != 0)
361 goto add_pass_failure;
362 return 0;
363
364add_pass_failure:
fd385855 365 netlbl_cipsov4_doi_free(&doi_def->rcu);
96cb8e33
PM		 366 return ret_val;
367}
368
369/**
370 * netlbl_cipsov4_add - Handle an ADD message
371 * @skb: the NETLINK buffer
372 * @info: the Generic NETLINK info block
373 *
374 * Description:
375 * Create a new DOI definition based on the given ADD message and add it to the
376 * CIPSO V4 engine. Returns zero on success, negative values on failure.
377 *
378 */
379static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info)
380
381{
382 int ret_val = -EINVAL;
32f50cde
PM		 383 u32 type;
384 u32 doi;
385 const char *type_str = "(unknown)";
386 struct audit_buffer *audit_buf;
96cb8e33 387
32f50cde
PM		 388 if (!info->attrs[NLBL_CIPSOV4_A_DOI] ||
389 !info->attrs[NLBL_CIPSOV4_A_MTYPE])
fd385855 390 return -EINVAL;
96cb8e33 391
32f50cde
PM		 392 type = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_MTYPE]);
393 switch (type) {
96cb8e33 394 case CIPSO_V4_MAP_STD:
32f50cde 395 type_str = "std";
fd385855 396 ret_val = netlbl_cipsov4_add_std(info);
96cb8e33
PM		 397 break;
398 case CIPSO_V4_MAP_PASS:
32f50cde 399 type_str = "pass";
fd385855 400 ret_val = netlbl_cipsov4_add_pass(info);
96cb8e33
PM		 401 break;
402 }
403
32f50cde
PM		 404 if (ret_val == 0) {
405 doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
406 audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD,
407 NETLINK_CB(skb).sid);
408 audit_log_format(audit_buf, " doi=%u type=%s", doi, type_str);
409 audit_log_end(audit_buf);
410 }
411
96cb8e33
PM		 412 return ret_val;
413}
414
415/**
416 * netlbl_cipsov4_list - Handle a LIST message
417 * @skb: the NETLINK buffer
418 * @info: the Generic NETLINK info block
419 *
420 * Description:
fd385855
PM		 421 * Process a user generated LIST message and respond accordingly. While the
422 * response message generated by the kernel is straightforward, determining
423 * before hand the size of the buffer to allocate is not (we have to generate
424 * the message to know the size). In order to keep this function sane what we
425 * do is allocate a buffer of NLMSG_GOODSIZE and try to fit the response in
426 * that size, if we fail then we restart with a larger buffer and try again.
427 * We continue in this manner until we hit a limit of failed attempts then we
428 * give up and just send an error message. Returns zero on success and
429 * negative values on error.
96cb8e33
PM		 430 *
431 */
432static int netlbl_cipsov4_list(struct sk_buff *skb, struct genl_info *info)
433{
fd385855
PM		 434 int ret_val;
435 struct sk_buff *ans_skb = NULL;
436 u32 nlsze_mult = 1;
437 void *data;
96cb8e33 438 u32 doi;
fd385855
PM		 439 struct nlattr *nla_a;
440 struct nlattr *nla_b;
441 struct cipso_v4_doi *doi_def;
442 u32 iter;
96cb8e33 443
fd385855
PM		 444 if (!info->attrs[NLBL_CIPSOV4_A_DOI]) {
445 ret_val = -EINVAL;
96cb8e33 446 goto list_failure;
fd385855 447 }
96cb8e33 448
fd385855
PM		 449list_start:
450 ans_skb = nlmsg_new(NLMSG_GOODSIZE * nlsze_mult, GFP_KERNEL);
96cb8e33
PM		 451 if (ans_skb == NULL) {
452 ret_val = -ENOMEM;
453 goto list_failure;
454 }
fd385855
PM		 455 data = netlbl_netlink_hdr_put(ans_skb,
456 info->snd_pid,
457 info->snd_seq,
458 netlbl_cipsov4_gnl_family.id,
459 0,
460 NLBL_CIPSOV4_C_LIST);
461 if (data == NULL) {
462 ret_val = -ENOMEM;
463 goto list_failure;
464 }
465
466 doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
467
468 rcu_read_lock();
469 doi_def = cipso_v4_doi_getdef(doi);
470 if (doi_def == NULL) {
471 ret_val = -EINVAL;
472 goto list_failure;
473 }
474
475 ret_val = nla_put_u32(ans_skb, NLBL_CIPSOV4_A_MTYPE, doi_def->type);
476 if (ret_val != 0)
477 goto list_failure_lock;
478
479 nla_a = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_TAGLST);
480 if (nla_a == NULL) {
481 ret_val = -ENOMEM;
482 goto list_failure_lock;
483 }
484 for (iter = 0;
485 iter < CIPSO_V4_TAG_MAXCNT &&
486 doi_def->tags[iter] != CIPSO_V4_TAG_INVALID;
487 iter++) {
488 ret_val = nla_put_u8(ans_skb,
489 NLBL_CIPSOV4_A_TAG,
490 doi_def->tags[iter]);
491 if (ret_val != 0)
492 goto list_failure_lock;
493 }
494 nla_nest_end(ans_skb, nla_a);
495
496 switch (doi_def->type) {
497 case CIPSO_V4_MAP_STD:
498 nla_a = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_MLSLVLLST);
499 if (nla_a == NULL) {
500 ret_val = -ENOMEM;
501 goto list_failure_lock;
502 }
503 for (iter = 0;
504 iter < doi_def->map.std->lvl.local_size;
505 iter++) {
506 if (doi_def->map.std->lvl.local[iter] ==
507 CIPSO_V4_INV_LVL)
508 continue;
509
510 nla_b = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_MLSLVL);
511 if (nla_b == NULL) {
512 ret_val = -ENOMEM;
513 goto list_retry;
514 }
515 ret_val = nla_put_u32(ans_skb,
516 NLBL_CIPSOV4_A_MLSLVLLOC,
517 iter);
518 if (ret_val != 0)
519 goto list_retry;
520 ret_val = nla_put_u32(ans_skb,
521 NLBL_CIPSOV4_A_MLSLVLREM,
522 doi_def->map.std->lvl.local[iter]);
523 if (ret_val != 0)
524 goto list_retry;
525 nla_nest_end(ans_skb, nla_b);
526 }
527 nla_nest_end(ans_skb, nla_a);
528
529 nla_a = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_MLSCATLST);
530 if (nla_a == NULL) {
531 ret_val = -ENOMEM;
532 goto list_retry;
533 }
534 for (iter = 0;
535 iter < doi_def->map.std->cat.local_size;
536 iter++) {
537 if (doi_def->map.std->cat.local[iter] ==
538 CIPSO_V4_INV_CAT)
539 continue;
540
541 nla_b = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_MLSCAT);
542 if (nla_b == NULL) {
543 ret_val = -ENOMEM;
544 goto list_retry;
545 }
546 ret_val = nla_put_u32(ans_skb,
547 NLBL_CIPSOV4_A_MLSCATLOC,
548 iter);
549 if (ret_val != 0)
550 goto list_retry;
551 ret_val = nla_put_u32(ans_skb,
552 NLBL_CIPSOV4_A_MLSCATREM,
553 doi_def->map.std->cat.local[iter]);
554 if (ret_val != 0)
555 goto list_retry;
556 nla_nest_end(ans_skb, nla_b);
557 }
558 nla_nest_end(ans_skb, nla_a);
559
560 break;
561 }
562 rcu_read_unlock();
96cb8e33 563
fd385855
PM		 564 genlmsg_end(ans_skb, data);
565
566 ret_val = genlmsg_unicast(ans_skb, info->snd_pid);
96cb8e33
PM		 567 if (ret_val != 0)
568 goto list_failure;
569
570 return 0;
571
fd385855
PM		 572list_retry:
573 /* XXX - this limit is a guesstimate */
574 if (nlsze_mult < 4) {
575 rcu_read_unlock();
576 kfree_skb(ans_skb);
577 nlsze_mult++;
578 goto list_start;
579 }
580list_failure_lock:
581 rcu_read_unlock();
96cb8e33 582list_failure:
fd385855
PM		 583 kfree_skb(ans_skb);
584 return ret_val;
585}
586
587/**
588 * netlbl_cipsov4_listall_cb - cipso_v4_doi_walk() callback for LISTALL
589 * @doi_def: the CIPSOv4 DOI definition
590 * @arg: the netlbl_cipsov4_doiwalk_arg structure
591 *
592 * Description:
593 * This function is designed to be used as a callback to the
594 * cipso_v4_doi_walk() function for use in generating a response for a LISTALL
595 * message. Returns the size of the message on success, negative values on
596 * failure.
597 *
598 */
599static int netlbl_cipsov4_listall_cb(struct cipso_v4_doi *doi_def, void *arg)
600{
601 int ret_val = -ENOMEM;
602 struct netlbl_cipsov4_doiwalk_arg *cb_arg = arg;
603 void *data;
604
605 data = netlbl_netlink_hdr_put(cb_arg->skb,
606 NETLINK_CB(cb_arg->nl_cb->skb).pid,
607 cb_arg->seq,
608 netlbl_cipsov4_gnl_family.id,
609 NLM_F_MULTI,
610 NLBL_CIPSOV4_C_LISTALL);
611 if (data == NULL)
612 goto listall_cb_failure;
613
614 ret_val = nla_put_u32(cb_arg->skb, NLBL_CIPSOV4_A_DOI, doi_def->doi);
615 if (ret_val != 0)
616 goto listall_cb_failure;
617 ret_val = nla_put_u32(cb_arg->skb,
618 NLBL_CIPSOV4_A_MTYPE,
619 doi_def->type);
620 if (ret_val != 0)
621 goto listall_cb_failure;
622
623 return genlmsg_end(cb_arg->skb, data);
624
625listall_cb_failure:
626 genlmsg_cancel(cb_arg->skb, data);
96cb8e33
PM		 627 return ret_val;
628}
629
630/**
631 * netlbl_cipsov4_listall - Handle a LISTALL message
632 * @skb: the NETLINK buffer
fd385855 633 * @cb: the NETLINK callback
96cb8e33
PM		 634 *
635 * Description:
636 * Process a user generated LISTALL message and respond accordingly. Returns
637 * zero on success and negative values on error.
638 *
639 */
fd385855
PM		 640static int netlbl_cipsov4_listall(struct sk_buff *skb,
641 struct netlink_callback *cb)
96cb8e33 642{
fd385855
PM		 643 struct netlbl_cipsov4_doiwalk_arg cb_arg;
644 int doi_skip = cb->args[0];
96cb8e33 645
fd385855
PM		 646 cb_arg.nl_cb = cb;
647 cb_arg.skb = skb;
648 cb_arg.seq = cb->nlh->nlmsg_seq;
96cb8e33 649
fd385855 650 cipso_v4_doi_walk(&doi_skip, netlbl_cipsov4_listall_cb, &cb_arg);
96cb8e33 651
fd385855
PM		 652 cb->args[0] = doi_skip;
653 return skb->len;
96cb8e33
PM		 654}
655
656/**
657 * netlbl_cipsov4_remove - Handle a REMOVE message
658 * @skb: the NETLINK buffer
659 * @info: the Generic NETLINK info block
660 *
661 * Description:
662 * Process a user generated REMOVE message and respond accordingly. Returns
663 * zero on success, negative values on failure.
664 *
665 */
666static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info)
667{
fd385855 668 int ret_val = -EINVAL;
32f50cde
PM		 669 u32 doi = 0;
670 struct audit_buffer *audit_buf;
96cb8e33 671
fd385855
PM		 672 if (info->attrs[NLBL_CIPSOV4_A_DOI]) {
673 doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
32f50cde
PM		 674 ret_val = cipso_v4_doi_remove(doi,
675 NETLINK_CB(skb).sid,
676 netlbl_cipsov4_doi_free);
677 }
678
679 if (ret_val == 0) {
680 audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL,
681 NETLINK_CB(skb).sid);
682 audit_log_format(audit_buf, " doi=%u", doi);
683 audit_log_end(audit_buf);
96cb8e33
PM		 684 }
685
96cb8e33
PM		 686 return ret_val;
687}
688
689/*
690 * NetLabel Generic NETLINK Command Definitions
691 */
692
693static struct genl_ops netlbl_cipsov4_genl_c_add = {
694 .cmd = NLBL_CIPSOV4_C_ADD,
fd385855
PM		 695 .flags = GENL_ADMIN_PERM,
696 .policy = netlbl_cipsov4_genl_policy,
96cb8e33
PM		 697 .doit = netlbl_cipsov4_add,
698 .dumpit = NULL,
699};
700
701static struct genl_ops netlbl_cipsov4_genl_c_remove = {
702 .cmd = NLBL_CIPSOV4_C_REMOVE,
fd385855
PM		 703 .flags = GENL_ADMIN_PERM,
704 .policy = netlbl_cipsov4_genl_policy,
96cb8e33
PM		 705 .doit = netlbl_cipsov4_remove,
706 .dumpit = NULL,
707};
708
709static struct genl_ops netlbl_cipsov4_genl_c_list = {
710 .cmd = NLBL_CIPSOV4_C_LIST,
711 .flags = 0,
fd385855 712 .policy = netlbl_cipsov4_genl_policy,
96cb8e33
PM		 713 .doit = netlbl_cipsov4_list,
714 .dumpit = NULL,
715};
716
717static struct genl_ops netlbl_cipsov4_genl_c_listall = {
718 .cmd = NLBL_CIPSOV4_C_LISTALL,
719 .flags = 0,
fd385855
PM		 720 .policy = netlbl_cipsov4_genl_policy,
721 .doit = NULL,
722 .dumpit = netlbl_cipsov4_listall,
96cb8e33
PM		 723};
724
725/*
726 * NetLabel Generic NETLINK Protocol Functions
727 */
728
729/**
730 * netlbl_cipsov4_genl_init - Register the CIPSOv4 NetLabel component
731 *
732 * Description:
733 * Register the CIPSOv4 packet NetLabel component with the Generic NETLINK
734 * mechanism. Returns zero on success, negative values on failure.
735 *
736 */
737int netlbl_cipsov4_genl_init(void)
738{
739 int ret_val;
740
741 ret_val = genl_register_family(&netlbl_cipsov4_gnl_family);
742 if (ret_val != 0)
743 return ret_val;
744
745 ret_val = genl_register_ops(&netlbl_cipsov4_gnl_family,
746 &netlbl_cipsov4_genl_c_add);
747 if (ret_val != 0)
748 return ret_val;
749 ret_val = genl_register_ops(&netlbl_cipsov4_gnl_family,
750 &netlbl_cipsov4_genl_c_remove);
751 if (ret_val != 0)
752 return ret_val;
753 ret_val = genl_register_ops(&netlbl_cipsov4_gnl_family,
754 &netlbl_cipsov4_genl_c_list);
755 if (ret_val != 0)
756 return ret_val;
757 ret_val = genl_register_ops(&netlbl_cipsov4_gnl_family,
758 &netlbl_cipsov4_genl_c_listall);
759 if (ret_val != 0)
760 return ret_val;
761
762 return 0;
763}
Linux kernel - Deliverables
This page took 0.093577 seconds and 5 git commands to generate.