xref: /linux/include/net/calipso.h (revision f3a8b6645dc2e60d11f20c1c23afd964ff4e55ae) 
1 /*
2  * CALIPSO - Common Architecture Label IPv6 Security Option
3  *
4  * This is an implementation of the CALIPSO protocol as specified in
5  * RFC 5570.
6  *
7  * Authors: Paul Moore <paul@paul-moore.com>
8  *          Huw Davies <huw@codeweavers.com>
9  *
10  */
11 
12 /*
13  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
14  * (c) Copyright Huw Davies <huw@codeweavers.com>, 2015
15  *
16  * This program is free software;  you can redistribute it and/or modify
17  * it under the terms of the GNU General Public License as published by
18  * the Free Software Foundation; either version 2 of the License, or
19  * (at your option) any later version.
20  *
21  * This program is distributed in the hope that it will be useful,
22  * but WITHOUT ANY WARRANTY;  without even the implied warranty of
23  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
24  * the GNU General Public License for more details.
25  *
26  * You should have received a copy of the GNU General Public License
27  * along with this program;  if not, see <http://www.gnu.org/licenses/>.
28  *
29  */
30 
31 #ifndef _CALIPSO_H
32 #define _CALIPSO_H
33 
34 #include <linux/types.h>
35 #include <linux/rcupdate.h>
36 #include <linux/list.h>
37 #include <linux/net.h>
38 #include <linux/skbuff.h>
39 #include <net/netlabel.h>
40 #include <net/request_sock.h>
41 #include <linux/atomic.h>
42 #include <asm/unaligned.h>
43 
44 /* known doi values */
45 #define CALIPSO_DOI_UNKNOWN          0x00000000
46 
47 /* doi mapping types */
48 #define CALIPSO_MAP_UNKNOWN          0
49 #define CALIPSO_MAP_PASS             2
50 
51 /*
52  * CALIPSO DOI definitions
53  */
54 
55 /* DOI definition struct */
56 struct calipso_doi {
57 	u32 doi;
58 	u32 type;
59 
60 	atomic_t refcount;
61 	struct list_head list;
62 	struct rcu_head rcu;
63 };
64 
65 /*
66  * Sysctl Variables
67  */
68 extern int calipso_cache_enabled;
69 extern int calipso_cache_bucketsize;
70 
71 #ifdef CONFIG_NETLABEL
72 int __init calipso_init(void);
73 void calipso_exit(void);
74 bool calipso_validate(const struct sk_buff *skb, const unsigned char *option);
75 #else
76 static inline int __init calipso_init(void)
77 {
78 	return 0;
79 }
80 
81 static inline void calipso_exit(void)
82 {
83 }
84 static inline bool calipso_validate(const struct sk_buff *skb,
85 				    const unsigned char *option)
86 {
87 	return true;
88 }
89 #endif /* CONFIG_NETLABEL */
90 
91 #endif /* _CALIPSO_H */
92