/** @file
 * NetLabel userspace/kernel interface API.
 *
 * The NetLabel system manages static and dynamic security label mappings for
 * network protocols such as CIPSO and RIPSO.
 *
 * Author: Paul Moore <paul@paul-moore.com>
 *
 */

/*
 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of version 2 of the GNU General Public License as
 * published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

#ifndef _NETLABEL_H
#define _NETLABEL_H

/* NetLabel NETLINK protocol version
 *  1: initial version
 *  2: added static labels for unlabeled connections
 *  3: network selectors added to the NetLabel/LSM domain mapping
 */
#define NETLBL_PROTO_VERSION		3

/* NetLabel NETLINK types/families */
#define NETLBL_NLTYPE_NONE		0
#define NETLBL_NLTYPE_MGMT		1
#define NETLBL_NLTYPE_MGMT_NAME		"NLBL_MGMT"
#define NETLBL_NLTYPE_RIPSO		2
#define NETLBL_NLTYPE_RIPSO_NAME	"NLBL_RIPSO"
#define NETLBL_NLTYPE_CIPSOV4		3
#define NETLBL_NLTYPE_CIPSOV4_NAME	"NLBL_CIPSOv4"
#define NETLBL_NLTYPE_CIPSOV6		4
#define NETLBL_NLTYPE_CIPSOV6_NAME	"NLBL_CIPSOv6"
#define NETLBL_NLTYPE_UNLABELED		5
#define NETLBL_NLTYPE_UNLABELED_NAME	"NLBL_UNLBL"
#define NETLBL_NLTYPE_ADDRSELECT	6
#define NETLBL_NLTYPE_ADDRSELECT_NAME	"NLBL_ADRSEL"
#define NETLBL_NLTYPE_CALIPSO		7
#define NETLBL_NLTYPE_CALIPSO_NAME	"NLBL_CALIPSO"

/*
 * MGMT
 */

/**
 * NetLabel Management commands
 */
enum {
	NLBL_MGMT_C_UNSPEC,
	NLBL_MGMT_C_ADD,
	NLBL_MGMT_C_REMOVE,
	NLBL_MGMT_C_LISTALL,
	NLBL_MGMT_C_ADDDEF,
	NLBL_MGMT_C_REMOVEDEF,
	NLBL_MGMT_C_LISTDEF,
	NLBL_MGMT_C_PROTOCOLS,
	NLBL_MGMT_C_VERSION,
	__NLBL_MGMT_C_MAX,
};
#define NLBL_MGMT_C_MAX (__NLBL_MGMT_C_MAX - 1)

/**
 * NetLabel Management attributes
 */
enum {
	NLBL_MGMT_A_UNSPEC,
	NLBL_MGMT_A_DOMAIN,
	NLBL_MGMT_A_PROTOCOL,
	NLBL_MGMT_A_VERSION,
	NLBL_MGMT_A_CV4DOI,
	NLBL_MGMT_A_IPV6ADDR,
	NLBL_MGMT_A_IPV6MASK,
	NLBL_MGMT_A_IPV4ADDR,
	NLBL_MGMT_A_IPV4MASK,
	NLBL_MGMT_A_ADDRSELECTOR,
	NLBL_MGMT_A_SELECTORLIST,
	NLBL_MGMT_A_FAMILY,
	NLBL_MGMT_A_CLPDOI,
	__NLBL_MGMT_A_MAX,
};
#define NLBL_MGMT_A_MAX (__NLBL_MGMT_A_MAX - 1)

/*
 * CIPSO V4
 */

/* CIPSOv4 DOI map types */
#define CIPSO_V4_MAP_UNKNOWN		0
#define CIPSO_V4_MAP_TRANS		1
#define CIPSO_V4_MAP_PASS		2
#define CIPSO_V4_MAP_LOCAL		3

/**
 * NetLabel CIPSOv4 commands
 */
enum {
	NLBL_CIPSOV4_C_UNSPEC,
	NLBL_CIPSOV4_C_ADD,
	NLBL_CIPSOV4_C_REMOVE,
	NLBL_CIPSOV4_C_LIST,
	NLBL_CIPSOV4_C_LISTALL,
	__NLBL_CIPSOV4_C_MAX,
};
#define NLBL_CIPSOV4_C_MAX (__NLBL_CIPSOV4_C_MAX - 1)

/**
 * NetLabel CIPSOv4 attributes
 */
enum {
	NLBL_CIPSOV4_A_UNSPEC,
	NLBL_CIPSOV4_A_DOI,
	NLBL_CIPSOV4_A_MTYPE,
	NLBL_CIPSOV4_A_TAG,
	NLBL_CIPSOV4_A_TAGLST,
	NLBL_CIPSOV4_A_MLSLVLLOC,
	NLBL_CIPSOV4_A_MLSLVLREM,
	NLBL_CIPSOV4_A_MLSLVL,
	NLBL_CIPSOV4_A_MLSLVLLST,
	NLBL_CIPSOV4_A_MLSCATLOC,
	NLBL_CIPSOV4_A_MLSCATREM,
	NLBL_CIPSOV4_A_MLSCAT,
	NLBL_CIPSOV4_A_MLSCATLST,
	__NLBL_CIPSOV4_A_MAX,
};
#define NLBL_CIPSOV4_A_MAX (__NLBL_CIPSOV4_A_MAX - 1)

/*
 * CALIPSO
 */

/* CALIPSO DOI map types */
#define CALIPSO_MAP_UNKNOWN		0
#define CALIPSO_MAP_PASS		2

/**
 * NetLabel CALIPSO commands
 */
enum {
	NLBL_CALIPSO_C_UNSPEC,
	NLBL_CALIPSO_C_ADD,
	NLBL_CALIPSO_C_REMOVE,
	NLBL_CALIPSO_C_LIST,
	NLBL_CALIPSO_C_LISTALL,
	__NLBL_CALIPSO_C_MAX,
};
#define NLBL_CALIPSO_C_MAX (__NLBL_CALIPSO_C_MAX - 1)


/**
 * NetLabel CALIPSO attributes
 */
enum {
	NLBL_CALIPSO_A_UNSPEC,
	NLBL_CALIPSO_A_DOI,
	NLBL_CALIPSO_A_MTYPE,
	__NLBL_CALIPSO_A_MAX,
};
#define NLBL_CALIPSO_A_MAX (__NLBL_CALIPSO_A_MAX - 1)

/*
 * UNLABELED
 */

/**
 * NetLabel Unlabeled commands
 */
enum {
	NLBL_UNLABEL_C_UNSPEC,
	NLBL_UNLABEL_C_ACCEPT,
	NLBL_UNLABEL_C_LIST,
	NLBL_UNLABEL_C_STATICADD,
	NLBL_UNLABEL_C_STATICREMOVE,
	NLBL_UNLABEL_C_STATICLIST,
	NLBL_UNLABEL_C_STATICADDDEF,
	NLBL_UNLABEL_C_STATICREMOVEDEF,
	NLBL_UNLABEL_C_STATICLISTDEF,
	__NLBL_UNLABEL_C_MAX,
};
#define NLBL_UNLABEL_C_MAX (__NLBL_UNLABEL_C_MAX - 1)

/**
 * NetLabel Unlabeled attributes
 */
enum {
	NLBL_UNLABEL_A_UNSPEC,
	NLBL_UNLABEL_A_ACPTFLG,
	NLBL_UNLABEL_A_IPV6ADDR,
	NLBL_UNLABEL_A_IPV6MASK,
	NLBL_UNLABEL_A_IPV4ADDR,
	NLBL_UNLABEL_A_IPV4MASK,
	NLBL_UNLABEL_A_IFACE,
	NLBL_UNLABEL_A_SECCTX,
	__NLBL_UNLABEL_A_MAX,
};
#define NLBL_UNLABEL_A_MAX (__NLBL_UNLABEL_A_MAX - 1)

#endif /* _NETLABEL_H */