include/net/netlabel.h
Source file repositories/reference/linux-study-clean/include/net/netlabel.h
File Facts
- System
- Linux kernel
- Corpus path
include/net/netlabel.h- Extension
.h- Size
- 21065 bytes
- Lines
- 695
- Domain
- Networking Core
- Bucket
- Sockets, Protocols, Packet Path, And Network Policy
- Inferred role
- Networking Core: implementation source
- Status
- source implementation candidate
Why This File Exists
Networking stack implementation surface: socket APIs, protocol dispatch, packet flow, routing, filtering, and network namespaces.
- Networking stack implementation surface: socket APIs, protocol dispatch, packet flow, routing, filtering, and network namespaces.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/types.hlinux/slab.hlinux/net.hlinux/skbuff.hlinux/in.hlinux/in6.hnet/netlink.hnet/request_sock.hlinux/refcount.h
Detected Declarations
struct cipso_v4_doistruct calipso_doistruct netlbl_auditstruct netlbl_lsm_cachestruct netlbl_lsm_catmapstruct netlbl_lsm_secattrstruct netlbl_calipso_opsfunction operationsfunction alloc_hooksfunction netlbl_catmap_freefunction netlbl_secattr_initfunction netlbl_secattr_initfunction netlbl_secattr_freefunction netlbl_cfg_map_delfunction netlbl_cfg_unlbl_map_addfunction netlbl_cfg_unlbl_static_addfunction netlbl_cfg_unlbl_static_delfunction netlbl_cfg_cipsov4_addfunction netlbl_cfg_cipsov4_delfunction netlbl_cfg_cipsov4_map_addfunction netlbl_cfg_calipso_addfunction netlbl_cfg_calipso_delfunction netlbl_cfg_calipso_map_addfunction netlbl_catmap_walkfunction netlbl_catmap_walkrngfunction netlbl_catmap_getlongfunction netlbl_catmap_setbitfunction netlbl_catmap_setrngfunction netlbl_catmap_setlongfunction netlbl_enabledfunction netlbl_sock_setattrfunction netlbl_sock_delattrfunction netlbl_conn_setattrfunction netlbl_req_setattrfunction netlbl_req_delattrfunction netlbl_skbuff_setattrfunction netlbl_skbuff_getattrfunction netlbl_skbuff_errfunction netlbl_cache_invalidatefunction netlbl_cache_addfunction netlbl_sk_lock_check
Annotated Snippet
struct netlbl_audit {
struct lsm_prop prop;
kuid_t loginuid;
unsigned int sessionid;
};
/*
* LSM security attributes
*/
/**
* struct netlbl_lsm_cache - NetLabel LSM security attribute cache
* @refcount: atomic reference counter
* @free: LSM supplied function to free the cache data
* @data: LSM supplied cache data
*
* Description:
* This structure is provided for LSMs which wish to make use of the NetLabel
* caching mechanism to store LSM specific data/attributes in the NetLabel
* cache. If the LSM has to perform a lot of translation from the NetLabel
* security attributes into it's own internal representation then the cache
* mechanism can provide a way to eliminate some or all of that translation
* overhead on a cache hit.
*
*/
struct netlbl_lsm_cache {
refcount_t refcount;
void (*free) (const void *data);
void *data;
};
/**
* struct netlbl_lsm_catmap - NetLabel LSM secattr category bitmap
* @startbit: the value of the lowest order bit in the bitmap
* @bitmap: the category bitmap
* @next: pointer to the next bitmap "node" or NULL
*
* Description:
* This structure is used to represent category bitmaps. Due to the large
* number of categories supported by most labeling protocols it is not
* practical to transfer a full bitmap internally so NetLabel adopts a sparse
* bitmap structure modeled after SELinux's ebitmap structure.
* The catmap bitmap field MUST be a power of two in length and large
* enough to hold at least 240 bits. Special care (i.e. check the code!)
* should be used when changing these values as the LSM implementation
* probably has functions which rely on the sizes of these types to speed
* processing.
*
*/
#define NETLBL_CATMAP_MAPCNT 4
#define NETLBL_CATMAP_MAPSIZE (sizeof(u64) * 8)
#define NETLBL_CATMAP_SIZE (NETLBL_CATMAP_MAPSIZE * \
NETLBL_CATMAP_MAPCNT)
#define NETLBL_CATMAP_BIT ((u64)0x01)
struct netlbl_lsm_catmap {
u32 startbit;
u64 bitmap[NETLBL_CATMAP_MAPCNT];
struct netlbl_lsm_catmap *next;
};
/**
* struct netlbl_lsm_secattr - NetLabel LSM security attributes
* @flags: indicate structure attributes, see NETLBL_SECATTR_*
* @type: indicate the NLTYPE of the attributes
* @domain: the NetLabel LSM domain
* @cache: NetLabel LSM specific cache
* @attr.mls: MLS sensitivity label
* @attr.mls.cat: MLS category bitmap
* @attr.mls.lvl: MLS sensitivity level
* @attr.secid: LSM specific secid token
*
* Description:
* This structure is used to pass security attributes between NetLabel and the
* LSM modules. The flags field is used to specify which fields within the
* struct are valid and valid values can be created by bitwise OR'ing the
* NETLBL_SECATTR_* defines. The domain field is typically set by the LSM to
* specify domain specific configuration settings and is not usually used by
* NetLabel itself when returning security attributes to the LSM.
*
*/
struct netlbl_lsm_secattr {
u32 flags;
/* bitmap values for 'flags' */
#define NETLBL_SECATTR_NONE 0x00000000
#define NETLBL_SECATTR_DOMAIN 0x00000001
#define NETLBL_SECATTR_DOMAIN_CPY (NETLBL_SECATTR_DOMAIN | \
NETLBL_SECATTR_FREE_DOMAIN)
#define NETLBL_SECATTR_CACHE 0x00000002
#define NETLBL_SECATTR_MLS_LVL 0x00000004
#define NETLBL_SECATTR_MLS_CAT 0x00000008
Annotation
- Immediate include surface: `linux/types.h`, `linux/slab.h`, `linux/net.h`, `linux/skbuff.h`, `linux/in.h`, `linux/in6.h`, `net/netlink.h`, `net/request_sock.h`.
- Detected declarations: `struct cipso_v4_doi`, `struct calipso_doi`, `struct netlbl_audit`, `struct netlbl_lsm_cache`, `struct netlbl_lsm_catmap`, `struct netlbl_lsm_secattr`, `struct netlbl_calipso_ops`, `function operations`, `function alloc_hooks`, `function netlbl_catmap_free`.
- Atlas domain: Networking Core / Sockets, Protocols, Packet Path, And Network Policy.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.