45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * CDDL HEADER START
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk *
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * The contents of this file are subject to the terms of the
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Common Development and Distribution License (the "License").
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * You may not use this file except in compliance with the License.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk *
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * or http://www.opensolaris.org/os/licensing.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * See the License for the specific language governing permissions
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * and limitations under the License.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk *
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * When distributing Covered Code, include this CDDL HEADER in each
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * If applicable, add the following below this CDDL HEADER, with the
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * fields enclosed by brackets "[]" replaced with your own identifying
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * information: Portions Copyright [yyyy] [name of copyright owner]
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk *
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * CDDL HEADER END
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
ebb7ba5d39a1fc27566910c47e9749493f961e3fTony Nguyen * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Use is subject to license terms.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk *
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * from "tndb.h 7.34 01/08/31 SMI; TSOL 2.x"
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#ifndef _SYS_TSOL_TNDB_H
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define _SYS_TSOL_TNDB_H
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#include <sys/types.h>
ebb7ba5d39a1fc27566910c47e9749493f961e3fTony Nguyen#include <sys/zone.h>
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#include <sys/tsol/label.h>
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#include <sys/tsol/label_macro.h>
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#include <net/if.h>
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#ifdef _KERNEL
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#include <net/route.h>
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#endif
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#ifdef __cplusplus
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkextern "C" {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#endif
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/* same on ILP32 and LP64 */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktypedef union tnaddr {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk struct sockaddr_in ip_addr_v4;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk struct sockaddr_in6 ip_addr_v6;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk} tnaddr_t;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define ta_family ip_addr_v4.sin_family
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define ta_addr_v4 ip_addr_v4.sin_addr
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define ta_addr_v6 ip_addr_v6.sin6_addr
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define ta_port_v4 ip_addr_v4.sin_port
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define ta_port_v6 ip_addr_v6.sin6_port
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TNADDR_EQ(addr1, addr2) \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk (((addr1)->ta_family == AF_INET && (addr2)->ta_family == AF_INET && \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk (addr1)->ta_addr_v4.s_addr == (addr2)->ta_addr_v4.s_addr) || \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk ((addr1)->ta_family == AF_INET6 && (addr2)->ta_family == AF_INET6 && \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk IN6_ARE_ADDR_EQUAL(&(addr1)->ta_addr_v6, &(addr2)->ta_addr_v6)))
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * structure for TN database access routines and TN system calls
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktypedef enum tsol_dbops {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk TNDB_NOOP = 0,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk TNDB_LOAD = 1,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk TNDB_DELETE = 2,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk TNDB_FLUSH = 3,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk TNDB_GET = 5
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk} tsol_dbops_t;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
ebb7ba5d39a1fc27566910c47e9749493f961e3fTony Nguyen#define TNTNAMSIZ ZONENAME_MAX /* template name size */
ebb7ba5d39a1fc27566910c47e9749493f961e3fTony Nguyen#define IP_STR_SIZE 200 /* string ip address size */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
ebb7ba5d39a1fc27566910c47e9749493f961e3fTony Nguyen#define TNRHDB_NCOL 2 /* # of columns in tnrhdb */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * For tnrhdb access library routines and tnrh(2TSOL)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * same for both ILP32 and LP64.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktypedef struct tsol_rhent {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk short rh_prefix; /* length of subnet mask */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk short rh_unused; /* padding */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk tnaddr_t rh_address; /* IP address */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk char rh_template[TNTNAMSIZ]; /* template name */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk} tsol_rhent_t;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktypedef struct tsol_rhstr_s {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk int family;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk char *address;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk char *template;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk} tsol_rhstr_t;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * host types recognized by tsol hosts
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktypedef enum {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk UNLABELED = 1,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk SUN_CIPSO = 3
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk} tsol_host_type_t;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktypedef enum {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk OPT_NONE = 0,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk OPT_CIPSO = 1
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk} tsol_ip_label_t;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktypedef struct cipso_tag_type_1 {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk uchar_t tag_type; /* Tag Type (1) */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk uchar_t tag_length; /* Length of Tag */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk uchar_t tag_align; /* Alignment Octet */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk uchar_t tag_sl; /* Sensitivity Level */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk uchar_t tag_cat[1]; /* Categories */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk} cipso_tag_type_1_t;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_CIPSO_MIN_LENGTH 6
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_CIPSO_MAX_LENGTH IP_MAX_OPT_LENGTH
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_TT1_MIN_LENGTH 4
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_TT1_MAX_LENGTH 34
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_CIPSO_DOI_OFFSET 2
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_CIPSO_TAG_OFFSET 6
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktypedef struct cipso_option {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk uchar_t cipso_type; /* Type of option (134) */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk uchar_t cipso_length; /* Length of option */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk uchar_t cipso_doi[4]; /* Domain of Interpretation */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk uchar_t cipso_tag_type[1]; /* variable length */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk} cipso_option_t;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * RIPSO classifications
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_CL_TOP_SECRET 0x3d
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_CL_SECRET 0x5a
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_CL_CONFIDENTIAL 0x96
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_CL_UNCLASSIFIED 0xab
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * RIPSO protection authorities
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_PA_GENSER 0x80
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_PA_SIOP_ESI 0x40
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_PA_SCI 0x20
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_PA_NSA 0x10
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_PA_DOE 0x08
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * this mask is only used for tndb structures, and is different
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * from t6mask_t bits definitions
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktypedef unsigned int tnmask_t;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * unlabeled host structure for the tnrhtp template.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * same for both ILP32 and LP64.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkstruct tsol_unl {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk tnmask_t mask; /* tells which attributes are returned by the library */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk bslabel_t def_label; /* default label */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk brange_t gw_sl_range; /* for routing only */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk blset_t sl_set; /* label set */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk};
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * CIPSO host structure for the tnrhtp template
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * same for both ILP32 and LP64.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkstruct tsol_cipso {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk tnmask_t mask; /* tells which attributes are returned by the library */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk bclear_t def_cl; /* default clearance */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk brange_t sl_range; /* min/max SL range */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk blset_t sl_set; /* label set */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk};
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Valid keys and values of the key=value pairs for tnrhtp
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TP_UNLABELED "unlabeled"
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TP_CIPSO "cipso"
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TP_ZONE "zone"
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TP_HOSTTYPE "host_type"
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TP_DOI "doi"
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TP_DEFLABEL "def_label"
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TP_MINLABEL "min_sl"
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TP_MAXLABEL "max_sl"
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TP_SET "sl_set"
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TP_COMMA ","
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TNRHTP_NCOL 2 /* # of columns in tnrhtp */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * For tnrhtp access library routines and tnrhtp(2TSOL)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * same for both ILP32 and LP64.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktypedef struct tsol_tpent {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk char name[TNTNAMSIZ]; /* template name */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk tsol_host_type_t host_type; /* specifies host type */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk int tp_doi; /* Domain of Interpretation */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define tp_cipso_doi_unl tp_doi
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define tp_cipso_doi_cipso tp_doi
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk union {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk struct tsol_unl unl; /* template for unlabeled */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define tp_mask_unl un.unl.mask
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define tp_def_label un.unl.def_label
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define tp_gw_sl_range un.unl.gw_sl_range
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define tp_gw_sl_set un.unl.sl_set
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk struct tsol_cipso cipso; /* template for CIPSO */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define tp_mask_cipso un.cipso.mask
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define tp_def_cl_cipso un.cipso.def_cl
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define tp_sl_range_cipso un.cipso.sl_range
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define tp_sl_set_cipso un.cipso.sl_set
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk } un;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk} tsol_tpent_t;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktypedef struct tsol_tpstr_s {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk char *template;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk char *attrs;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk} tsol_tpstr_t;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * For tnmlp(2TSOL); same for both ILP32 and LP64.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktypedef struct tsol_mlpent {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk zoneid_t tsme_zoneid;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk uint_t tsme_flags; /* TSOL_MEF_* */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk tsol_mlp_t tsme_mlp;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk} tsol_mlpent_t;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_MEF_SHARED 0x00000001 /* MLP defined on shared addresses */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * For tnzonecfg access library routines.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * List of MLPs ends with null entry, where protocol and port are both zero.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktypedef struct tsol_zcent {
ebb7ba5d39a1fc27566910c47e9749493f961e3fTony Nguyen char zc_name[ZONENAME_MAX];
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk int zc_doi;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk bslabel_t zc_label;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk int zc_match;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk tsol_mlp_t *zc_private_mlp;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk tsol_mlp_t *zc_shared_mlp;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk} tsol_zcent_t;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_MLP_END(mlp) ((mlp)->mlp_ipp == 0 && (mlp)->mlp_port == 0)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktypedef struct tsol_tpc {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk kmutex_t tpc_lock; /* lock for structure */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk uint_t tpc_refcnt; /* reference count */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk boolean_t tpc_invalid; /* entry has been deleted */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk struct tsol_tpent tpc_tp; /* template */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk} tsol_tpc_t;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktypedef struct tsol_tnrhc {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk struct tsol_tnrhc *rhc_next; /* link to next entry */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk kmutex_t rhc_lock; /* lock for structure */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk tnaddr_t rhc_host; /* IPv4/IPv6 host address */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk tsol_tpc_t *rhc_tpc; /* pointer to template */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk uint_t rhc_refcnt; /* Number of references */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk char rhc_invalid; /* out-of-date rhc */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk char rhc_isbcast; /* broadcast address */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk char rhc_local; /* loopback or local interace */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk} tsol_tnrhc_t;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/* Size of remote host hash tables in kernel */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TNRHC_SIZE 256
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_MASK_TABLE_SIZE 33
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_MASK_TABLE_SIZE_V6 129
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#ifdef _KERNEL
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TNRHC_HOLD(a) { \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk mutex_enter(&(a)->rhc_lock); \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk (a)->rhc_refcnt++; \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk ASSERT((a)->rhc_refcnt > 0); \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk mutex_exit(&(a)->rhc_lock); \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk}
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TNRHC_RELE(a) { \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk mutex_enter(&(a)->rhc_lock); \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk ASSERT((a)->rhc_refcnt > 0); \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (--(a)->rhc_refcnt <= 0) \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk tnrhc_free(a); \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk else \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk mutex_exit(&(a)->rhc_lock); \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk}
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkextern void tnrhc_free(tsol_tnrhc_t *);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TPC_HOLD(a) { \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk mutex_enter(&(a)->tpc_lock); \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk (a)->tpc_refcnt++; \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk ASSERT((a)->tpc_refcnt > 0); \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk mutex_exit(&(a)->tpc_lock); \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk}
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TPC_RELE(a) { \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk mutex_enter(&(a)->tpc_lock); \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk ASSERT((a)->tpc_refcnt > 0); \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (--(a)->tpc_refcnt <= 0) \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk tpc_free(a); \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk else \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk mutex_exit(&(a)->tpc_lock); \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk}
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkextern void tpc_free(tsol_tpc_t *);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#endif /* _KERNEL */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * The next three hashing macros are copied from macros in ip_ire.h.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_ADDR_HASH(addr, table_size) \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk (((((addr) >> 16) ^ (addr)) ^ ((((addr) >> 16) ^ (addr))>> 8)) \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk % (table_size))
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_ADDR_HASH_V6(addr, table_size) \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk (((addr).s6_addr8[8] ^ (addr).s6_addr8[9] ^ \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk (addr).s6_addr8[10] ^ (addr).s6_addr8[13] ^ \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk (addr).s6_addr8[14] ^ (addr).s6_addr8[15]) % (table_size))
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/* This assumes that table_size is a power of 2. */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_ADDR_MASK_HASH_V6(addr, mask, table_size) \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk ((((addr).s6_addr8[8] & (mask).s6_addr8[8]) ^ \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk ((addr).s6_addr8[9] & (mask).s6_addr8[9]) ^ \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk ((addr).s6_addr8[10] & (mask).s6_addr8[10]) ^ \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk ((addr).s6_addr8[13] & (mask).s6_addr8[13]) ^ \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk ((addr).s6_addr8[14] & (mask).s6_addr8[14]) ^ \
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk ((addr).s6_addr8[15] & (mask).s6_addr8[15])) & ((table_size) - 1))
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Constants used for getting the mask value in struct tsol_tpent
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkenum {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk TNT_DEF_LABEL,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk TNT_DEF_CL,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk TNT_SL_RANGE_TSOL, /* use this for both unl and zone */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk TNT_CIPSO_DOI
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk};
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * mask definitions
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define tsol_tntmask(value) ((unsigned int)(1<<(value)))
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_MSK_DEF_LABEL tsol_tntmask(TNT_DEF_LABEL)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_MSK_DEF_CL tsol_tntmask(TNT_DEF_CL)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_MSK_SL_RANGE_TSOL tsol_tntmask(TNT_SL_RANGE_TSOL)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_MSK_CIPSO_DOI tsol_tntmask(TNT_CIPSO_DOI)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * TN errors
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_PARSE_ERANGE 1 /* result buffer not allocated */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_NOT_SUPPORTED 2 /* address family not supported */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#define TSOL_NOT_FOUND 3 /* search by * routines target not found */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Structure used to hold a list of IP addresses.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktypedef struct tsol_address {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk struct tsol_address *next;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk in_addr_t ip_address;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk} tsol_address_t;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/* This is shared between tcache and mdb */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktypedef struct tnrhc_hash_s {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk tsol_tnrhc_t *tnrh_list;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk kmutex_t tnrh_lock;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk} tnrhc_hash_t;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#ifdef _KERNEL
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpktypedef enum {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk mlptSingle,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk mlptPrivate,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk mlptShared,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk mlptBoth
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk} mlp_type_t;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkextern tsol_tpc_t *find_tpc(const void *, uchar_t, boolean_t);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkextern void tcache_init(void);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkextern in_port_t tsol_next_port(zone_t *, in_port_t, int, boolean_t);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkextern mlp_type_t tsol_mlp_port_type(zone_t *, uchar_t, uint16_t, mlp_type_t);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkextern zoneid_t tsol_mlp_findzone(uchar_t, uint16_t);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkextern int tsol_mlp_anon(zone_t *, mlp_type_t, uchar_t, uint16_t, boolean_t);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkextern void tsol_print_label(const blevel_t *, const char *);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkstruct tsol_gc_s;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkstruct tsol_gcgrp_s;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkstruct tsol_gcgrp_addr_s;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkextern struct tsol_gc_s *gc_create(struct rtsa_s *, struct tsol_gcgrp_s *,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk boolean_t *);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkextern void gc_inactive(struct tsol_gc_s *);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkextern int rtsa_validate(const struct rtsa_s *);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkextern struct tsol_gcgrp_s *gcgrp_lookup(struct tsol_gcgrp_addr_s *, boolean_t);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkextern void gcgrp_inactive(struct tsol_gcgrp_s *);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkextern int tnrh_load(const tsol_rhent_t *);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#endif /* _KERNEL */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#ifdef __cplusplus
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk}
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#endif
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#endif /* _SYS_TSOL_TNDB_H */