1/* SPDX-License-Identifier: GPL-2.0-or-later */ 2/* 3 * CALIPSO - Common Architecture Label IPv6 Security Option 4 * 5 * This is an implementation of the CALIPSO protocol as specified in 6 * RFC 5570. 7 * 8 * Authors: Paul Moore <paul@paul-moore.com> 9 * Huw Davies <huw@codeweavers.com> 10 */ 11 12/* 13 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 14 * (c) Copyright Huw Davies <huw@codeweavers.com>, 2015 15 */ 16 17#ifndef _CALIPSO_H 18#define _CALIPSO_H 19 20#include <linux/types.h> 21#include <linux/rcupdate.h> 22#include <linux/list.h> 23#include <linux/net.h> 24#include <linux/skbuff.h> 25#include <net/netlabel.h> 26#include <net/request_sock.h> 27#include <linux/refcount.h> 28#include <asm/unaligned.h> 29 30/* known doi values */ 31#define CALIPSO_DOI_UNKNOWN 0x00000000 32 33/* doi mapping types */ 34#define CALIPSO_MAP_UNKNOWN 0 35#define CALIPSO_MAP_PASS 2 36 37/* 38 * CALIPSO DOI definitions 39 */ 40 41/* DOI definition struct */ 42struct calipso_doi { 43 u32 doi; 44 u32 type; 45 46 refcount_t refcount; 47 struct list_head list; 48 struct rcu_head rcu; 49}; 50 51/* 52 * Sysctl Variables 53 */ 54extern int calipso_cache_enabled; 55extern int calipso_cache_bucketsize; 56 57#ifdef CONFIG_NETLABEL 58int __init calipso_init(void); 59void calipso_exit(void); 60bool calipso_validate(const struct sk_buff *skb, const unsigned char *option); 61#else 62static inline int __init calipso_init(void) 63{ 64 return 0; 65} 66 67static inline void calipso_exit(void) 68{ 69} 70static inline bool calipso_validate(const struct sk_buff *skb, 71 const unsigned char *option) 72{ 73 return true; 74} 75#endif /* CONFIG_NETLABEL */ 76 77#endif /* _CALIPSO_H */ 78