2 * NetLabel CIPSO/IPv4 Support
4 * This file defines the CIPSO/IPv4 functions for the NetLabel system. The
5 * NetLabel system manages static and dynamic label mappings for network
6 * protocols such as CIPSO and RIPSO.
8 * Author: Paul Moore <paul.moore@hp.com>
13 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
17 * the Free Software Foundation; either version 2 of the License, or
18 * (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
23 * the GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
31 #include <linux/types.h>
32 #include <linux/socket.h>
33 #include <linux/string.h>
34 #include <linux/skbuff.h>
35 #include <linux/audit.h>
37 #include <net/netlink.h>
38 #include <net/genetlink.h>
39 #include <net/netlabel.h>
40 #include <net/cipso_ipv4.h>
41 #include <asm/atomic.h>
43 #include "netlabel_user.h"
44 #include "netlabel_cipso_v4.h"
45 #include "netlabel_mgmt.h"
46 #include "netlabel_domainhash.h"
48 /* Argument struct for cipso_v4_doi_walk() */
49 struct netlbl_cipsov4_doiwalk_arg {
50 struct netlink_callback *nl_cb;
55 /* Argument struct for netlbl_domhsh_walk() */
56 struct netlbl_domhsh_walk_arg {
57 struct netlbl_audit *audit_info;
61 /* NetLabel Generic NETLINK CIPSOv4 family */
62 static struct genl_family netlbl_cipsov4_gnl_family = {
63 .id = GENL_ID_GENERATE,
65 .name = NETLBL_NLTYPE_CIPSOV4_NAME,
66 .version = NETLBL_PROTO_VERSION,
67 .maxattr = NLBL_CIPSOV4_A_MAX,
70 /* NetLabel Netlink attribute policy */
71 static const struct nla_policy netlbl_cipsov4_genl_policy[NLBL_CIPSOV4_A_MAX + 1] = {
72 [NLBL_CIPSOV4_A_DOI] = { .type = NLA_U32 },
73 [NLBL_CIPSOV4_A_MTYPE] = { .type = NLA_U32 },
74 [NLBL_CIPSOV4_A_TAG] = { .type = NLA_U8 },
75 [NLBL_CIPSOV4_A_TAGLST] = { .type = NLA_NESTED },
76 [NLBL_CIPSOV4_A_MLSLVLLOC] = { .type = NLA_U32 },
77 [NLBL_CIPSOV4_A_MLSLVLREM] = { .type = NLA_U32 },
78 [NLBL_CIPSOV4_A_MLSLVL] = { .type = NLA_NESTED },
79 [NLBL_CIPSOV4_A_MLSLVLLST] = { .type = NLA_NESTED },
80 [NLBL_CIPSOV4_A_MLSCATLOC] = { .type = NLA_U32 },
81 [NLBL_CIPSOV4_A_MLSCATREM] = { .type = NLA_U32 },
82 [NLBL_CIPSOV4_A_MLSCAT] = { .type = NLA_NESTED },
83 [NLBL_CIPSOV4_A_MLSCATLST] = { .type = NLA_NESTED },
91 * netlbl_cipsov4_add_common - Parse the common sections of a ADD message
92 * @info: the Generic NETLINK info block
93 * @doi_def: the CIPSO V4 DOI definition
96 * Parse the common sections of a ADD message and fill in the related values
97 * in @doi_def. Returns zero on success, negative values on failure.
100 static int netlbl_cipsov4_add_common(struct genl_info *info,
101 struct cipso_v4_doi *doi_def)
107 doi_def->doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
109 if (nla_validate_nested(info->attrs[NLBL_CIPSOV4_A_TAGLST],
111 netlbl_cipsov4_genl_policy) != 0)
114 nla_for_each_nested(nla, info->attrs[NLBL_CIPSOV4_A_TAGLST], nla_rem)
115 if (nla_type(nla) == NLBL_CIPSOV4_A_TAG) {
116 if (iter >= CIPSO_V4_TAG_MAXCNT)
118 doi_def->tags[iter++] = nla_get_u8(nla);
120 while (iter < CIPSO_V4_TAG_MAXCNT)
121 doi_def->tags[iter++] = CIPSO_V4_TAG_INVALID;
127 * NetLabel Command Handlers
131 * netlbl_cipsov4_add_std - Adds a CIPSO V4 DOI definition
132 * @info: the Generic NETLINK info block
135 * Create a new CIPSO_V4_MAP_TRANS DOI definition based on the given ADD
136 * message and add it to the CIPSO V4 engine. Return zero on success and
140 static int netlbl_cipsov4_add_std(struct genl_info *info)
142 int ret_val = -EINVAL;
143 struct cipso_v4_doi *doi_def = NULL;
144 struct nlattr *nla_a;
145 struct nlattr *nla_b;
150 if (!info->attrs[NLBL_CIPSOV4_A_TAGLST] ||
151 !info->attrs[NLBL_CIPSOV4_A_MLSLVLLST])
154 if (nla_validate_nested(info->attrs[NLBL_CIPSOV4_A_MLSLVLLST],
156 netlbl_cipsov4_genl_policy) != 0)
159 doi_def = kmalloc(sizeof(*doi_def), GFP_KERNEL);
162 doi_def->map.std = kzalloc(sizeof(*doi_def->map.std), GFP_KERNEL);
163 if (doi_def->map.std == NULL) {
165 goto add_std_failure;
167 doi_def->type = CIPSO_V4_MAP_TRANS;
169 ret_val = netlbl_cipsov4_add_common(info, doi_def);
171 goto add_std_failure;
174 nla_for_each_nested(nla_a,
175 info->attrs[NLBL_CIPSOV4_A_MLSLVLLST],
177 if (nla_type(nla_a) == NLBL_CIPSOV4_A_MLSLVL) {
178 if (nla_validate_nested(nla_a,
180 netlbl_cipsov4_genl_policy) != 0)
181 goto add_std_failure;
182 nla_for_each_nested(nla_b, nla_a, nla_b_rem)
183 switch (nla_type(nla_b)) {
184 case NLBL_CIPSOV4_A_MLSLVLLOC:
185 if (nla_get_u32(nla_b) >
186 CIPSO_V4_MAX_LOC_LVLS)
187 goto add_std_failure;
188 if (nla_get_u32(nla_b) >=
189 doi_def->map.std->lvl.local_size)
190 doi_def->map.std->lvl.local_size =
191 nla_get_u32(nla_b) + 1;
193 case NLBL_CIPSOV4_A_MLSLVLREM:
194 if (nla_get_u32(nla_b) >
195 CIPSO_V4_MAX_REM_LVLS)
196 goto add_std_failure;
197 if (nla_get_u32(nla_b) >=
198 doi_def->map.std->lvl.cipso_size)
199 doi_def->map.std->lvl.cipso_size =
200 nla_get_u32(nla_b) + 1;
204 doi_def->map.std->lvl.local = kcalloc(doi_def->map.std->lvl.local_size,
207 if (doi_def->map.std->lvl.local == NULL) {
209 goto add_std_failure;
211 doi_def->map.std->lvl.cipso = kcalloc(doi_def->map.std->lvl.cipso_size,
214 if (doi_def->map.std->lvl.cipso == NULL) {
216 goto add_std_failure;
218 for (iter = 0; iter < doi_def->map.std->lvl.local_size; iter++)
219 doi_def->map.std->lvl.local[iter] = CIPSO_V4_INV_LVL;
220 for (iter = 0; iter < doi_def->map.std->lvl.cipso_size; iter++)
221 doi_def->map.std->lvl.cipso[iter] = CIPSO_V4_INV_LVL;
222 nla_for_each_nested(nla_a,
223 info->attrs[NLBL_CIPSOV4_A_MLSLVLLST],
225 if (nla_type(nla_a) == NLBL_CIPSOV4_A_MLSLVL) {
226 struct nlattr *lvl_loc;
227 struct nlattr *lvl_rem;
229 lvl_loc = nla_find_nested(nla_a,
230 NLBL_CIPSOV4_A_MLSLVLLOC);
231 lvl_rem = nla_find_nested(nla_a,
232 NLBL_CIPSOV4_A_MLSLVLREM);
233 if (lvl_loc == NULL || lvl_rem == NULL)
234 goto add_std_failure;
235 doi_def->map.std->lvl.local[nla_get_u32(lvl_loc)] =
236 nla_get_u32(lvl_rem);
237 doi_def->map.std->lvl.cipso[nla_get_u32(lvl_rem)] =
238 nla_get_u32(lvl_loc);
241 if (info->attrs[NLBL_CIPSOV4_A_MLSCATLST]) {
242 if (nla_validate_nested(info->attrs[NLBL_CIPSOV4_A_MLSCATLST],
244 netlbl_cipsov4_genl_policy) != 0)
245 goto add_std_failure;
247 nla_for_each_nested(nla_a,
248 info->attrs[NLBL_CIPSOV4_A_MLSCATLST],
250 if (nla_type(nla_a) == NLBL_CIPSOV4_A_MLSCAT) {
251 if (nla_validate_nested(nla_a,
253 netlbl_cipsov4_genl_policy) != 0)
254 goto add_std_failure;
255 nla_for_each_nested(nla_b, nla_a, nla_b_rem)
256 switch (nla_type(nla_b)) {
257 case NLBL_CIPSOV4_A_MLSCATLOC:
258 if (nla_get_u32(nla_b) >
259 CIPSO_V4_MAX_LOC_CATS)
260 goto add_std_failure;
261 if (nla_get_u32(nla_b) >=
262 doi_def->map.std->cat.local_size)
263 doi_def->map.std->cat.local_size =
264 nla_get_u32(nla_b) + 1;
266 case NLBL_CIPSOV4_A_MLSCATREM:
267 if (nla_get_u32(nla_b) >
268 CIPSO_V4_MAX_REM_CATS)
269 goto add_std_failure;
270 if (nla_get_u32(nla_b) >=
271 doi_def->map.std->cat.cipso_size)
272 doi_def->map.std->cat.cipso_size =
273 nla_get_u32(nla_b) + 1;
277 doi_def->map.std->cat.local = kcalloc(
278 doi_def->map.std->cat.local_size,
281 if (doi_def->map.std->cat.local == NULL) {
283 goto add_std_failure;
285 doi_def->map.std->cat.cipso = kcalloc(
286 doi_def->map.std->cat.cipso_size,
289 if (doi_def->map.std->cat.cipso == NULL) {
291 goto add_std_failure;
293 for (iter = 0; iter < doi_def->map.std->cat.local_size; iter++)
294 doi_def->map.std->cat.local[iter] = CIPSO_V4_INV_CAT;
295 for (iter = 0; iter < doi_def->map.std->cat.cipso_size; iter++)
296 doi_def->map.std->cat.cipso[iter] = CIPSO_V4_INV_CAT;
297 nla_for_each_nested(nla_a,
298 info->attrs[NLBL_CIPSOV4_A_MLSCATLST],
300 if (nla_type(nla_a) == NLBL_CIPSOV4_A_MLSCAT) {
301 struct nlattr *cat_loc;
302 struct nlattr *cat_rem;
304 cat_loc = nla_find_nested(nla_a,
305 NLBL_CIPSOV4_A_MLSCATLOC);
306 cat_rem = nla_find_nested(nla_a,
307 NLBL_CIPSOV4_A_MLSCATREM);
308 if (cat_loc == NULL || cat_rem == NULL)
309 goto add_std_failure;
310 doi_def->map.std->cat.local[
311 nla_get_u32(cat_loc)] =
312 nla_get_u32(cat_rem);
313 doi_def->map.std->cat.cipso[
314 nla_get_u32(cat_rem)] =
315 nla_get_u32(cat_loc);
319 ret_val = cipso_v4_doi_add(doi_def);
321 goto add_std_failure;
326 cipso_v4_doi_free(doi_def);
331 * netlbl_cipsov4_add_pass - Adds a CIPSO V4 DOI definition
332 * @info: the Generic NETLINK info block
335 * Create a new CIPSO_V4_MAP_PASS DOI definition based on the given ADD message
336 * and add it to the CIPSO V4 engine. Return zero on success and non-zero on
340 static int netlbl_cipsov4_add_pass(struct genl_info *info)
343 struct cipso_v4_doi *doi_def = NULL;
345 if (!info->attrs[NLBL_CIPSOV4_A_TAGLST])
348 doi_def = kmalloc(sizeof(*doi_def), GFP_KERNEL);
351 doi_def->type = CIPSO_V4_MAP_PASS;
353 ret_val = netlbl_cipsov4_add_common(info, doi_def);
355 goto add_pass_failure;
357 ret_val = cipso_v4_doi_add(doi_def);
359 goto add_pass_failure;
363 cipso_v4_doi_free(doi_def);
368 * netlbl_cipsov4_add_local - Adds a CIPSO V4 DOI definition
369 * @info: the Generic NETLINK info block
372 * Create a new CIPSO_V4_MAP_LOCAL DOI definition based on the given ADD
373 * message and add it to the CIPSO V4 engine. Return zero on success and
377 static int netlbl_cipsov4_add_local(struct genl_info *info)
380 struct cipso_v4_doi *doi_def = NULL;
382 if (!info->attrs[NLBL_CIPSOV4_A_TAGLST])
385 doi_def = kmalloc(sizeof(*doi_def), GFP_KERNEL);
388 doi_def->type = CIPSO_V4_MAP_LOCAL;
390 ret_val = netlbl_cipsov4_add_common(info, doi_def);
392 goto add_local_failure;
394 ret_val = cipso_v4_doi_add(doi_def);
396 goto add_local_failure;
400 cipso_v4_doi_free(doi_def);
405 * netlbl_cipsov4_add - Handle an ADD message
406 * @skb: the NETLINK buffer
407 * @info: the Generic NETLINK info block
410 * Create a new DOI definition based on the given ADD message and add it to the
411 * CIPSO V4 engine. Returns zero on success, negative values on failure.
414 static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info)
417 int ret_val = -EINVAL;
420 const char *type_str = "(unknown)";
421 struct audit_buffer *audit_buf;
422 struct netlbl_audit audit_info;
424 if (!info->attrs[NLBL_CIPSOV4_A_DOI] ||
425 !info->attrs[NLBL_CIPSOV4_A_MTYPE])
428 doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
429 netlbl_netlink_auditinfo(skb, &audit_info);
431 type = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_MTYPE]);
433 case CIPSO_V4_MAP_TRANS:
435 ret_val = netlbl_cipsov4_add_std(info);
437 case CIPSO_V4_MAP_PASS:
439 ret_val = netlbl_cipsov4_add_pass(info);
441 case CIPSO_V4_MAP_LOCAL:
443 ret_val = netlbl_cipsov4_add_local(info);
447 atomic_inc(&netlabel_mgmt_protocount);
449 audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD,
451 if (audit_buf != NULL) {
452 audit_log_format(audit_buf,
453 " cipso_doi=%u cipso_type=%s res=%u",
456 ret_val == 0 ? 1 : 0);
457 audit_log_end(audit_buf);
464 * netlbl_cipsov4_list - Handle a LIST message
465 * @skb: the NETLINK buffer
466 * @info: the Generic NETLINK info block
469 * Process a user generated LIST message and respond accordingly. While the
470 * response message generated by the kernel is straightforward, determining
471 * before hand the size of the buffer to allocate is not (we have to generate
472 * the message to know the size). In order to keep this function sane what we
473 * do is allocate a buffer of NLMSG_GOODSIZE and try to fit the response in
474 * that size, if we fail then we restart with a larger buffer and try again.
475 * We continue in this manner until we hit a limit of failed attempts then we
476 * give up and just send an error message. Returns zero on success and
477 * negative values on error.
480 static int netlbl_cipsov4_list(struct sk_buff *skb, struct genl_info *info)
483 struct sk_buff *ans_skb = NULL;
487 struct nlattr *nla_a;
488 struct nlattr *nla_b;
489 struct cipso_v4_doi *doi_def;
492 if (!info->attrs[NLBL_CIPSOV4_A_DOI]) {
498 ans_skb = nlmsg_new(NLMSG_DEFAULT_SIZE * nlsze_mult, GFP_KERNEL);
499 if (ans_skb == NULL) {
503 data = genlmsg_put_reply(ans_skb, info, &netlbl_cipsov4_gnl_family,
504 0, NLBL_CIPSOV4_C_LIST);
510 doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
513 doi_def = cipso_v4_doi_getdef(doi);
514 if (doi_def == NULL) {
516 goto list_failure_lock;
519 ret_val = nla_put_u32(ans_skb, NLBL_CIPSOV4_A_MTYPE, doi_def->type);
521 goto list_failure_lock;
523 nla_a = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_TAGLST);
526 goto list_failure_lock;
529 iter < CIPSO_V4_TAG_MAXCNT &&
530 doi_def->tags[iter] != CIPSO_V4_TAG_INVALID;
532 ret_val = nla_put_u8(ans_skb,
534 doi_def->tags[iter]);
536 goto list_failure_lock;
538 nla_nest_end(ans_skb, nla_a);
540 switch (doi_def->type) {
541 case CIPSO_V4_MAP_TRANS:
542 nla_a = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_MLSLVLLST);
545 goto list_failure_lock;
548 iter < doi_def->map.std->lvl.local_size;
550 if (doi_def->map.std->lvl.local[iter] ==
554 nla_b = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_MLSLVL);
559 ret_val = nla_put_u32(ans_skb,
560 NLBL_CIPSOV4_A_MLSLVLLOC,
564 ret_val = nla_put_u32(ans_skb,
565 NLBL_CIPSOV4_A_MLSLVLREM,
566 doi_def->map.std->lvl.local[iter]);
569 nla_nest_end(ans_skb, nla_b);
571 nla_nest_end(ans_skb, nla_a);
573 nla_a = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_MLSCATLST);
579 iter < doi_def->map.std->cat.local_size;
581 if (doi_def->map.std->cat.local[iter] ==
585 nla_b = nla_nest_start(ans_skb, NLBL_CIPSOV4_A_MLSCAT);
590 ret_val = nla_put_u32(ans_skb,
591 NLBL_CIPSOV4_A_MLSCATLOC,
595 ret_val = nla_put_u32(ans_skb,
596 NLBL_CIPSOV4_A_MLSCATREM,
597 doi_def->map.std->cat.local[iter]);
600 nla_nest_end(ans_skb, nla_b);
602 nla_nest_end(ans_skb, nla_a);
608 genlmsg_end(ans_skb, data);
609 return genlmsg_reply(ans_skb, info);
612 /* XXX - this limit is a guesstimate */
613 if (nlsze_mult < 4) {
627 * netlbl_cipsov4_listall_cb - cipso_v4_doi_walk() callback for LISTALL
628 * @doi_def: the CIPSOv4 DOI definition
629 * @arg: the netlbl_cipsov4_doiwalk_arg structure
632 * This function is designed to be used as a callback to the
633 * cipso_v4_doi_walk() function for use in generating a response for a LISTALL
634 * message. Returns the size of the message on success, negative values on
638 static int netlbl_cipsov4_listall_cb(struct cipso_v4_doi *doi_def, void *arg)
640 int ret_val = -ENOMEM;
641 struct netlbl_cipsov4_doiwalk_arg *cb_arg = arg;
644 data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).pid,
645 cb_arg->seq, &netlbl_cipsov4_gnl_family,
646 NLM_F_MULTI, NLBL_CIPSOV4_C_LISTALL);
648 goto listall_cb_failure;
650 ret_val = nla_put_u32(cb_arg->skb, NLBL_CIPSOV4_A_DOI, doi_def->doi);
652 goto listall_cb_failure;
653 ret_val = nla_put_u32(cb_arg->skb,
654 NLBL_CIPSOV4_A_MTYPE,
657 goto listall_cb_failure;
659 return genlmsg_end(cb_arg->skb, data);
662 genlmsg_cancel(cb_arg->skb, data);
667 * netlbl_cipsov4_listall - Handle a LISTALL message
668 * @skb: the NETLINK buffer
669 * @cb: the NETLINK callback
672 * Process a user generated LISTALL message and respond accordingly. Returns
673 * zero on success and negative values on error.
676 static int netlbl_cipsov4_listall(struct sk_buff *skb,
677 struct netlink_callback *cb)
679 struct netlbl_cipsov4_doiwalk_arg cb_arg;
680 u32 doi_skip = cb->args[0];
684 cb_arg.seq = cb->nlh->nlmsg_seq;
686 cipso_v4_doi_walk(&doi_skip, netlbl_cipsov4_listall_cb, &cb_arg);
688 cb->args[0] = doi_skip;
693 * netlbl_cipsov4_remove_cb - netlbl_cipsov4_remove() callback for REMOVE
694 * @entry: LSM domain mapping entry
695 * @arg: the netlbl_domhsh_walk_arg structure
698 * This function is intended for use by netlbl_cipsov4_remove() as the callback
699 * for the netlbl_domhsh_walk() function; it removes LSM domain map entries
700 * which are associated with the CIPSO DOI specified in @arg. Returns zero on
701 * success, negative values on failure.
704 static int netlbl_cipsov4_remove_cb(struct netlbl_dom_map *entry, void *arg)
706 struct netlbl_domhsh_walk_arg *cb_arg = arg;
708 if (entry->type == NETLBL_NLTYPE_CIPSOV4 &&
709 entry->type_def.cipsov4->doi == cb_arg->doi)
710 return netlbl_domhsh_remove_entry(entry, cb_arg->audit_info);
716 * netlbl_cipsov4_remove - Handle a REMOVE message
717 * @skb: the NETLINK buffer
718 * @info: the Generic NETLINK info block
721 * Process a user generated REMOVE message and respond accordingly. Returns
722 * zero on success, negative values on failure.
725 static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info)
727 int ret_val = -EINVAL;
729 struct netlbl_domhsh_walk_arg cb_arg;
730 struct audit_buffer *audit_buf;
731 struct netlbl_audit audit_info;
735 if (!info->attrs[NLBL_CIPSOV4_A_DOI])
738 doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
739 netlbl_netlink_auditinfo(skb, &audit_info);
742 cb_arg.audit_info = &audit_info;
743 ret_val = netlbl_domhsh_walk(&skip_bkt, &skip_chain,
744 netlbl_cipsov4_remove_cb, &cb_arg);
745 if (ret_val == 0 || ret_val == -ENOENT) {
746 ret_val = cipso_v4_doi_remove(doi, &audit_info);
748 atomic_dec(&netlabel_mgmt_protocount);
751 audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL,
753 if (audit_buf != NULL) {
754 audit_log_format(audit_buf,
755 " cipso_doi=%u res=%u",
757 ret_val == 0 ? 1 : 0);
758 audit_log_end(audit_buf);
765 * NetLabel Generic NETLINK Command Definitions
768 static struct genl_ops netlbl_cipsov4_ops[] = {
770 .cmd = NLBL_CIPSOV4_C_ADD,
771 .flags = GENL_ADMIN_PERM,
772 .policy = netlbl_cipsov4_genl_policy,
773 .doit = netlbl_cipsov4_add,
777 .cmd = NLBL_CIPSOV4_C_REMOVE,
778 .flags = GENL_ADMIN_PERM,
779 .policy = netlbl_cipsov4_genl_policy,
780 .doit = netlbl_cipsov4_remove,
784 .cmd = NLBL_CIPSOV4_C_LIST,
786 .policy = netlbl_cipsov4_genl_policy,
787 .doit = netlbl_cipsov4_list,
791 .cmd = NLBL_CIPSOV4_C_LISTALL,
793 .policy = netlbl_cipsov4_genl_policy,
795 .dumpit = netlbl_cipsov4_listall,
800 * NetLabel Generic NETLINK Protocol Functions
804 * netlbl_cipsov4_genl_init - Register the CIPSOv4 NetLabel component
807 * Register the CIPSOv4 packet NetLabel component with the Generic NETLINK
808 * mechanism. Returns zero on success, negative values on failure.
811 int __init netlbl_cipsov4_genl_init(void)
815 ret_val = genl_register_family(&netlbl_cipsov4_gnl_family);
819 for (i = 0; i < ARRAY_SIZE(netlbl_cipsov4_ops); i++) {
820 ret_val = genl_register_ops(&netlbl_cipsov4_gnl_family,
821 &netlbl_cipsov4_ops[i]);
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob