search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'less_closed'
[unleashed.git] / include / sys / tsol / tndb.h
blobc7b68b66d8c99b479a8f2fac9fc1058392a05b2f
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 *
25 * from "tndb.h 7.34 01/08/31 SMI; TSOL 2.x"
26 */
27
28 #ifndef _SYS_TSOL_TNDB_H
29 #define _SYS_TSOL_TNDB_H
30
31 #include <sys/types.h>
32 #include <sys/zone.h>
33 #include <sys/tsol/label.h>
34 #include <sys/tsol/label_macro.h>
35 #include <net/if.h>
36
37 #ifdef _KERNEL
38 #include <net/route.h>
39 #endif
40
41 #ifdef __cplusplus
42 extern "C" {
43 #endif
44
45 /* same on ILP32 and LP64 */
46 typedef union tnaddr {
47 struct sockaddr_in ip_addr_v4;
48 struct sockaddr_in6 ip_addr_v6;
49 } tnaddr_t;
50
51 #define ta_family ip_addr_v4.sin_family
52 #define ta_addr_v4 ip_addr_v4.sin_addr
53 #define ta_addr_v6 ip_addr_v6.sin6_addr
54 #define ta_port_v4 ip_addr_v4.sin_port
55 #define ta_port_v6 ip_addr_v6.sin6_port
56
57 #define TNADDR_EQ(addr1, addr2) \
58 (((addr1)->ta_family == AF_INET && (addr2)->ta_family == AF_INET && \
59 (addr1)->ta_addr_v4.s_addr == (addr2)->ta_addr_v4.s_addr) || \
60 ((addr1)->ta_family == AF_INET6 && (addr2)->ta_family == AF_INET6 && \
61 IN6_ARE_ADDR_EQUAL(&(addr1)->ta_addr_v6, &(addr2)->ta_addr_v6)))
62
63 /*
64 * structure for TN database access routines and TN system calls
65 */
66
67 typedef enum tsol_dbops {
68 TNDB_NOOP = 0,
69 TNDB_LOAD = 1,
70 TNDB_DELETE = 2,
71 TNDB_FLUSH = 3,
72 TNDB_GET = 5
73 } tsol_dbops_t;
74
75 #define TNTNAMSIZ ZONENAME_MAX /* template name size */
76 #define IP_STR_SIZE 200 /* string ip address size */
77
78 #define TNRHDB_NCOL 2 /* # of columns in tnrhdb */
79
80 /*
81 * For tnrhdb access library routines and tnrh(2TSOL)
82 * same for both ILP32 and LP64.
83 */
84 typedef struct tsol_rhent {
85 short rh_prefix; /* length of subnet mask */
86 short rh_unused; /* padding */
87 tnaddr_t rh_address; /* IP address */
88 char rh_template[TNTNAMSIZ]; /* template name */
89 } tsol_rhent_t;
90
91 typedef struct tsol_rhstr_s {
92 int family;
93 char *address;
94 char *template;
95 } tsol_rhstr_t;
96
97 /*
98 * host types recognized by tsol hosts
99 */
100 typedef enum {
101 UNLABELED = 1,
102 SUN_CIPSO = 3
103 } tsol_host_type_t;
104
105 typedef enum {
106 OPT_NONE = 0,
107 OPT_CIPSO = 1
108 } tsol_ip_label_t;
109
110 typedef struct cipso_tag_type_1 {
111 uchar_t tag_type; /* Tag Type (1) */
112 uchar_t tag_length; /* Length of Tag */
113 uchar_t tag_align; /* Alignment Octet */
114 uchar_t tag_sl; /* Sensitivity Level */
115 uchar_t tag_cat[1]; /* Categories */
116 } cipso_tag_type_1_t;
117
118 #define TSOL_CIPSO_MIN_LENGTH 6
119 #define TSOL_CIPSO_MAX_LENGTH IP_MAX_OPT_LENGTH
120 #define TSOL_TT1_MIN_LENGTH 4
121 #define TSOL_TT1_MAX_LENGTH 34
122
123 #define TSOL_CIPSO_DOI_OFFSET 2
124 #define TSOL_CIPSO_TAG_OFFSET 6
125
126 typedef struct cipso_option {
127 uchar_t cipso_type; /* Type of option (134) */
128 uchar_t cipso_length; /* Length of option */
129 uchar_t cipso_doi[4]; /* Domain of Interpretation */
130 uchar_t cipso_tag_type[1]; /* variable length */
131 } cipso_option_t;
132
133 /*
134 * RIPSO classifications
135 */
136 #define TSOL_CL_TOP_SECRET 0x3d
137 #define TSOL_CL_SECRET 0x5a
138 #define TSOL_CL_CONFIDENTIAL 0x96
139 #define TSOL_CL_UNCLASSIFIED 0xab
140
141 /*
142 * RIPSO protection authorities
143 */
144 #define TSOL_PA_GENSER 0x80
145 #define TSOL_PA_SIOP_ESI 0x40
146 #define TSOL_PA_SCI 0x20
147 #define TSOL_PA_NSA 0x10
148 #define TSOL_PA_DOE 0x08
149
150 /*
151 * this mask is only used for tndb structures, and is different
152 * from t6mask_t bits definitions
153 */
154
155 typedef unsigned int tnmask_t;
156
157 /*
158 * unlabeled host structure for the tnrhtp template.
159 * same for both ILP32 and LP64.
160 */
161 struct tsol_unl {
162 tnmask_t mask; /* tells which attributes are returned by the library */
163 bslabel_t def_label; /* default label */
164 brange_t gw_sl_range; /* for routing only */
165 blset_t sl_set; /* label set */
166 };
167
168 /*
169 * CIPSO host structure for the tnrhtp template
170 * same for both ILP32 and LP64.
171 */
172 struct tsol_cipso {
173 tnmask_t mask; /* tells which attributes are returned by the library */
174 bclear_t def_cl; /* default clearance */
175 brange_t sl_range; /* min/max SL range */
176 blset_t sl_set; /* label set */
177 };
178
179 /*
180 * Valid keys and values of the key=value pairs for tnrhtp
181 */
182 #define TP_UNLABELED "unlabeled"
183 #define TP_CIPSO "cipso"
184 #define TP_ZONE "zone"
185 #define TP_HOSTTYPE "host_type"
186 #define TP_DOI "doi"
187 #define TP_DEFLABEL "def_label"
188 #define TP_MINLABEL "min_sl"
189 #define TP_MAXLABEL "max_sl"
190 #define TP_SET "sl_set"
191
192 #define TP_COMMA ","
193
194 #define TNRHTP_NCOL 2 /* # of columns in tnrhtp */
195
196 /*
197 * For tnrhtp access library routines and tnrhtp(2TSOL)
198 * same for both ILP32 and LP64.
199 */
200 typedef struct tsol_tpent {
201 char name[TNTNAMSIZ]; /* template name */
202 tsol_host_type_t host_type; /* specifies host type */
203 int tp_doi; /* Domain of Interpretation */
204 #define tp_cipso_doi_unl tp_doi
205 #define tp_cipso_doi_cipso tp_doi
206 union {
207 struct tsol_unl unl; /* template for unlabeled */
208 #define tp_mask_unl un.unl.mask
209 #define tp_def_label un.unl.def_label
210 #define tp_gw_sl_range un.unl.gw_sl_range
211 #define tp_gw_sl_set un.unl.sl_set
212
213 struct tsol_cipso cipso; /* template for CIPSO */
214 #define tp_mask_cipso un.cipso.mask
215 #define tp_def_cl_cipso un.cipso.def_cl
216 #define tp_sl_range_cipso un.cipso.sl_range
217 #define tp_sl_set_cipso un.cipso.sl_set
218 } un;
219 } tsol_tpent_t;
220
221 typedef struct tsol_tpstr_s {
222 char *template;
223 char *attrs;
224 } tsol_tpstr_t;
225
226 /*
227 * For tnmlp(2TSOL); same for both ILP32 and LP64.
228 */
229 typedef struct tsol_mlpent {
230 zoneid_t tsme_zoneid;
231 uint_t tsme_flags; /* TSOL_MEF_* */
232 tsol_mlp_t tsme_mlp;
233 } tsol_mlpent_t;
234
235 #define TSOL_MEF_SHARED 0x00000001 /* MLP defined on shared addresses */
236
237 /*
238 * For tnzonecfg access library routines.
239 * List of MLPs ends with null entry, where protocol and port are both zero.
240 */
241 typedef struct tsol_zcent {
242 char zc_name[ZONENAME_MAX];
243 int zc_doi;
244 bslabel_t zc_label;
245 int zc_match;
246 tsol_mlp_t *zc_private_mlp;
247 tsol_mlp_t *zc_shared_mlp;
248 } tsol_zcent_t;
249 #define TSOL_MLP_END(mlp) ((mlp)->mlp_ipp == 0 && (mlp)->mlp_port == 0)
250
251 typedef struct tsol_tpc {
252 kmutex_t tpc_lock; /* lock for structure */
253 uint_t tpc_refcnt; /* reference count */
254 boolean_t tpc_invalid; /* entry has been deleted */
255 struct tsol_tpent tpc_tp; /* template */
256 } tsol_tpc_t;
257
258 typedef struct tsol_tnrhc {
259 struct tsol_tnrhc *rhc_next; /* link to next entry */
260 kmutex_t rhc_lock; /* lock for structure */
261 tnaddr_t rhc_host; /* IPv4/IPv6 host address */
262 tsol_tpc_t *rhc_tpc; /* pointer to template */
263 uint_t rhc_refcnt; /* Number of references */
264 char rhc_invalid; /* out-of-date rhc */
265 char rhc_isbcast; /* broadcast address */
266 char rhc_local; /* loopback or local interace */
267 } tsol_tnrhc_t;
268
269 /* Size of remote host hash tables in kernel */
270 #define TNRHC_SIZE 256
271 #define TSOL_MASK_TABLE_SIZE 33
272 #define TSOL_MASK_TABLE_SIZE_V6 129
273
274 #ifdef _KERNEL
275 #define TNRHC_HOLD(a) { \
276 mutex_enter(&(a)->rhc_lock); \
277 (a)->rhc_refcnt++; \
278 ASSERT((a)->rhc_refcnt > 0); \
279 mutex_exit(&(a)->rhc_lock); \
280 }
281 #define TNRHC_RELE(a) { \
282 mutex_enter(&(a)->rhc_lock); \
283 ASSERT((a)->rhc_refcnt > 0); \
284 if (--(a)->rhc_refcnt <= 0) \
285 tnrhc_free(a); \
286 else \
287 mutex_exit(&(a)->rhc_lock); \
288 }
289 extern void tnrhc_free(tsol_tnrhc_t *);
290 #define TPC_HOLD(a) { \
291 mutex_enter(&(a)->tpc_lock); \
292 (a)->tpc_refcnt++; \
293 ASSERT((a)->tpc_refcnt > 0); \
294 mutex_exit(&(a)->tpc_lock); \
295 }
296 #define TPC_RELE(a) { \
297 mutex_enter(&(a)->tpc_lock); \
298 ASSERT((a)->tpc_refcnt > 0); \
299 if (--(a)->tpc_refcnt <= 0) \
300 tpc_free(a); \
301 else \
302 mutex_exit(&(a)->tpc_lock); \
303 }
304 extern void tpc_free(tsol_tpc_t *);
305 #endif /* _KERNEL */
306
307 /*
308 * The next three hashing macros are copied from macros in ip_ire.h.
309 */
310 #define TSOL_ADDR_HASH(addr, table_size) \
311 (((((addr) >> 16) ^ (addr)) ^ ((((addr) >> 16) ^ (addr))>> 8)) \
312 % (table_size))
313
314 #define TSOL_ADDR_HASH_V6(addr, table_size) \
315 (((addr).s6_addr8[8] ^ (addr).s6_addr8[9] ^ \
316 (addr).s6_addr8[10] ^ (addr).s6_addr8[13] ^ \
317 (addr).s6_addr8[14] ^ (addr).s6_addr8[15]) % (table_size))
318
319 /* This assumes that table_size is a power of 2. */
320 #define TSOL_ADDR_MASK_HASH_V6(addr, mask, table_size) \
321 ((((addr).s6_addr8[8] & (mask).s6_addr8[8]) ^ \
322 ((addr).s6_addr8[9] & (mask).s6_addr8[9]) ^ \
323 ((addr).s6_addr8[10] & (mask).s6_addr8[10]) ^ \
324 ((addr).s6_addr8[13] & (mask).s6_addr8[13]) ^ \
325 ((addr).s6_addr8[14] & (mask).s6_addr8[14]) ^ \
326 ((addr).s6_addr8[15] & (mask).s6_addr8[15])) & ((table_size) - 1))
327
328
329 /*
330 * Constants used for getting the mask value in struct tsol_tpent
331 */
332 enum {
333 TNT_DEF_LABEL,
334 TNT_DEF_CL,
335 TNT_SL_RANGE_TSOL, /* use this for both unl and zone */
336 TNT_CIPSO_DOI
337 };
338
339 /*
340 * mask definitions
341 */
342 #define tsol_tntmask(value) ((unsigned int)(1<<(value)))
343
344 #define TSOL_MSK_DEF_LABEL tsol_tntmask(TNT_DEF_LABEL)
345 #define TSOL_MSK_DEF_CL tsol_tntmask(TNT_DEF_CL)
346 #define TSOL_MSK_SL_RANGE_TSOL tsol_tntmask(TNT_SL_RANGE_TSOL)
347 #define TSOL_MSK_CIPSO_DOI tsol_tntmask(TNT_CIPSO_DOI)
348
349 /*
350 * TN errors
351 */
352 #define TSOL_PARSE_ERANGE 1 /* result buffer not allocated */
353 #define TSOL_NOT_SUPPORTED 2 /* address family not supported */
354 #define TSOL_NOT_FOUND 3 /* search by * routines target not found */
355
356 /*
357 * Structure used to hold a list of IP addresses.
358 */
359 typedef struct tsol_address {
360 struct tsol_address *next;
361 in_addr_t ip_address;
362 } tsol_address_t;
363
364 /* This is shared between tcache and mdb */
365 typedef struct tnrhc_hash_s {
366 tsol_tnrhc_t *tnrh_list;
367 kmutex_t tnrh_lock;
368 } tnrhc_hash_t;
369
370 #ifdef _KERNEL
371 typedef enum {
372 mlptSingle,
373 mlptPrivate,
374 mlptShared,
375 mlptBoth
376 } mlp_type_t;
377
378 extern tsol_tpc_t *find_tpc(const void *, uchar_t, boolean_t);
379 extern void tcache_init(void);
380 extern in_port_t tsol_next_port(zone_t *, in_port_t, int, boolean_t);
381 extern mlp_type_t tsol_mlp_port_type(zone_t *, uchar_t, uint16_t, mlp_type_t);
382 extern zoneid_t tsol_mlp_findzone(uchar_t, uint16_t);
383 extern int tsol_mlp_anon(zone_t *, mlp_type_t, uchar_t, uint16_t, boolean_t);
384 extern void tsol_print_label(const blevel_t *, const char *);
385
386 struct tsol_gc_s;
387 struct tsol_gcgrp_s;
388 struct tsol_gcgrp_addr_s;
389
390 extern struct tsol_gc_s *gc_create(struct rtsa_s *, struct tsol_gcgrp_s *,
391 boolean_t *);
392 extern void gc_inactive(struct tsol_gc_s *);
393 extern int rtsa_validate(const struct rtsa_s *);
394 extern struct tsol_gcgrp_s *gcgrp_lookup(struct tsol_gcgrp_addr_s *, boolean_t);
395 extern void gcgrp_inactive(struct tsol_gcgrp_s *);
396 extern int tnrh_load(const tsol_rhent_t *);
397 #endif /* _KERNEL */
398
399 #ifdef __cplusplus
400 }
401 #endif
402
403 #endif /* _SYS_TSOL_TNDB_H */
Unleashed OS