]>
Commit | Line | Data |
---|---|---|
d15c345f PM |
1 | /* |
2 | * NetLabel Domain Hash Table | |
3 | * | |
4 | * This file manages the domain hash table that NetLabel uses to determine | |
5 | * which network labeling protocol to use for a given domain. The NetLabel | |
6 | * system manages static and dynamic label mappings for network protocols such | |
7 | * as CIPSO and RIPSO. | |
8 | * | |
9 | * Author: Paul Moore <paul.moore@hp.com> | |
10 | * | |
11 | */ | |
12 | ||
13 | /* | |
63c41688 | 14 | * (c) Copyright Hewlett-Packard Development Company, L.P., 2006, 2008 |
d15c345f PM |
15 | * |
16 | * This program is free software; you can redistribute it and/or modify | |
17 | * it under the terms of the GNU General Public License as published by | |
18 | * the Free Software Foundation; either version 2 of the License, or | |
19 | * (at your option) any later version. | |
20 | * | |
21 | * This program is distributed in the hope that it will be useful, | |
22 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
23 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See | |
24 | * the GNU General Public License for more details. | |
25 | * | |
26 | * You should have received a copy of the GNU General Public License | |
27 | * along with this program; if not, write to the Free Software | |
28 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
29 | * | |
30 | */ | |
31 | ||
32 | #include <linux/types.h> | |
82524746 | 33 | #include <linux/rculist.h> |
d15c345f PM |
34 | #include <linux/skbuff.h> |
35 | #include <linux/spinlock.h> | |
36 | #include <linux/string.h> | |
32f50cde | 37 | #include <linux/audit.h> |
d15c345f PM |
38 | #include <net/netlabel.h> |
39 | #include <net/cipso_ipv4.h> | |
40 | #include <asm/bug.h> | |
41 | ||
42 | #include "netlabel_mgmt.h" | |
63c41688 | 43 | #include "netlabel_addrlist.h" |
d15c345f | 44 | #include "netlabel_domainhash.h" |
32f50cde | 45 | #include "netlabel_user.h" |
d15c345f PM |
46 | |
47 | struct netlbl_domhsh_tbl { | |
48 | struct list_head *tbl; | |
49 | u32 size; | |
50 | }; | |
51 | ||
52 | /* Domain hash table */ | |
53 | /* XXX - updates should be so rare that having one spinlock for the entire | |
54 | * hash table should be okay */ | |
8ce11e6a | 55 | static DEFINE_SPINLOCK(netlbl_domhsh_lock); |
d15c345f | 56 | static struct netlbl_domhsh_tbl *netlbl_domhsh = NULL; |
d15c345f PM |
57 | static struct netlbl_dom_map *netlbl_domhsh_def = NULL; |
58 | ||
59 | /* | |
60 | * Domain Hash Table Helper Functions | |
61 | */ | |
62 | ||
63 | /** | |
64 | * netlbl_domhsh_free_entry - Frees a domain hash table entry | |
65 | * @entry: the entry's RCU field | |
66 | * | |
67 | * Description: | |
68 | * This function is designed to be used as a callback to the call_rcu() | |
69 | * function so that the memory allocated to a hash table entry can be released | |
70 | * safely. | |
71 | * | |
72 | */ | |
73 | static void netlbl_domhsh_free_entry(struct rcu_head *entry) | |
74 | { | |
75 | struct netlbl_dom_map *ptr; | |
63c41688 PM |
76 | struct netlbl_af4list *iter4; |
77 | struct netlbl_af4list *tmp4; | |
78 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | |
79 | struct netlbl_af6list *iter6; | |
80 | struct netlbl_af6list *tmp6; | |
81 | #endif /* IPv6 */ | |
d15c345f PM |
82 | |
83 | ptr = container_of(entry, struct netlbl_dom_map, rcu); | |
63c41688 PM |
84 | if (ptr->type == NETLBL_NLTYPE_ADDRSELECT) { |
85 | netlbl_af4list_foreach_safe(iter4, tmp4, | |
86 | &ptr->type_def.addrsel->list4) { | |
87 | netlbl_af4list_remove_entry(iter4); | |
88 | kfree(netlbl_domhsh_addr4_entry(iter4)); | |
89 | } | |
90 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | |
91 | netlbl_af6list_foreach_safe(iter6, tmp6, | |
92 | &ptr->type_def.addrsel->list6) { | |
93 | netlbl_af6list_remove_entry(iter6); | |
94 | kfree(netlbl_domhsh_addr6_entry(iter6)); | |
95 | } | |
96 | #endif /* IPv6 */ | |
97 | } | |
d15c345f PM |
98 | kfree(ptr->domain); |
99 | kfree(ptr); | |
100 | } | |
101 | ||
102 | /** | |
103 | * netlbl_domhsh_hash - Hashing function for the domain hash table | |
104 | * @domain: the domain name to hash | |
105 | * | |
106 | * Description: | |
107 | * This is the hashing function for the domain hash table, it returns the | |
108 | * correct bucket number for the domain. The caller is responsibile for | |
109 | * calling the rcu_read_[un]lock() functions. | |
110 | * | |
111 | */ | |
112 | static u32 netlbl_domhsh_hash(const char *key) | |
113 | { | |
114 | u32 iter; | |
115 | u32 val; | |
116 | u32 len; | |
117 | ||
118 | /* This is taken (with slight modification) from | |
119 | * security/selinux/ss/symtab.c:symhash() */ | |
120 | ||
121 | for (iter = 0, val = 0, len = strlen(key); iter < len; iter++) | |
122 | val = (val << 4 | (val >> (8 * sizeof(u32) - 4))) ^ key[iter]; | |
123 | return val & (rcu_dereference(netlbl_domhsh)->size - 1); | |
124 | } | |
125 | ||
126 | /** | |
127 | * netlbl_domhsh_search - Search for a domain entry | |
128 | * @domain: the domain | |
d15c345f PM |
129 | * |
130 | * Description: | |
131 | * Searches the domain hash table and returns a pointer to the hash table | |
b64397e0 PM |
132 | * entry if found, otherwise NULL is returned. The caller is responsibile for |
133 | * the rcu hash table locks (i.e. the caller much call rcu_read_[un]lock()). | |
d15c345f PM |
134 | * |
135 | */ | |
b64397e0 | 136 | static struct netlbl_dom_map *netlbl_domhsh_search(const char *domain) |
d15c345f PM |
137 | { |
138 | u32 bkt; | |
56196701 | 139 | struct list_head *bkt_list; |
d15c345f PM |
140 | struct netlbl_dom_map *iter; |
141 | ||
142 | if (domain != NULL) { | |
143 | bkt = netlbl_domhsh_hash(domain); | |
56196701 PM |
144 | bkt_list = &rcu_dereference(netlbl_domhsh)->tbl[bkt]; |
145 | list_for_each_entry_rcu(iter, bkt_list, list) | |
d15c345f PM |
146 | if (iter->valid && strcmp(iter->domain, domain) == 0) |
147 | return iter; | |
148 | } | |
149 | ||
b64397e0 PM |
150 | return NULL; |
151 | } | |
152 | ||
153 | /** | |
154 | * netlbl_domhsh_search_def - Search for a domain entry | |
155 | * @domain: the domain | |
156 | * @def: return default if no match is found | |
157 | * | |
158 | * Description: | |
159 | * Searches the domain hash table and returns a pointer to the hash table | |
160 | * entry if an exact match is found, if an exact match is not present in the | |
161 | * hash table then the default entry is returned if valid otherwise NULL is | |
162 | * returned. The caller is responsibile for the rcu hash table locks | |
163 | * (i.e. the caller much call rcu_read_[un]lock()). | |
164 | * | |
165 | */ | |
166 | static struct netlbl_dom_map *netlbl_domhsh_search_def(const char *domain) | |
167 | { | |
168 | struct netlbl_dom_map *entry; | |
169 | ||
170 | entry = netlbl_domhsh_search(domain); | |
171 | if (entry == NULL) { | |
172 | entry = rcu_dereference(netlbl_domhsh_def); | |
4c3a0a25 PE |
173 | if (entry != NULL && !entry->valid) |
174 | entry = NULL; | |
d15c345f PM |
175 | } |
176 | ||
4c3a0a25 | 177 | return entry; |
d15c345f PM |
178 | } |
179 | ||
63c41688 PM |
180 | /** |
181 | * netlbl_domhsh_audit_add - Generate an audit entry for an add event | |
182 | * @entry: the entry being added | |
183 | * @addr4: the IPv4 address information | |
184 | * @addr6: the IPv6 address information | |
185 | * @result: the result code | |
186 | * @audit_info: NetLabel audit information | |
187 | * | |
188 | * Description: | |
189 | * Generate an audit record for adding a new NetLabel/LSM mapping entry with | |
190 | * the given information. Caller is responsibile for holding the necessary | |
191 | * locks. | |
192 | * | |
193 | */ | |
194 | static void netlbl_domhsh_audit_add(struct netlbl_dom_map *entry, | |
195 | struct netlbl_af4list *addr4, | |
196 | struct netlbl_af6list *addr6, | |
197 | int result, | |
198 | struct netlbl_audit *audit_info) | |
199 | { | |
200 | struct audit_buffer *audit_buf; | |
201 | struct cipso_v4_doi *cipsov4 = NULL; | |
202 | u32 type; | |
203 | ||
204 | audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_ADD, audit_info); | |
205 | if (audit_buf != NULL) { | |
206 | audit_log_format(audit_buf, " nlbl_domain=%s", | |
207 | entry->domain ? entry->domain : "(default)"); | |
208 | if (addr4 != NULL) { | |
209 | struct netlbl_domaddr4_map *map4; | |
210 | map4 = netlbl_domhsh_addr4_entry(addr4); | |
211 | type = map4->type; | |
212 | cipsov4 = map4->type_def.cipsov4; | |
213 | netlbl_af4list_audit_addr(audit_buf, 0, NULL, | |
214 | addr4->addr, addr4->mask); | |
215 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | |
216 | } else if (addr6 != NULL) { | |
217 | struct netlbl_domaddr6_map *map6; | |
218 | map6 = netlbl_domhsh_addr6_entry(addr6); | |
219 | type = map6->type; | |
220 | netlbl_af6list_audit_addr(audit_buf, 0, NULL, | |
221 | &addr6->addr, &addr6->mask); | |
222 | #endif /* IPv6 */ | |
223 | } else { | |
224 | type = entry->type; | |
225 | cipsov4 = entry->type_def.cipsov4; | |
226 | } | |
227 | switch (type) { | |
228 | case NETLBL_NLTYPE_UNLABELED: | |
229 | audit_log_format(audit_buf, " nlbl_protocol=unlbl"); | |
230 | break; | |
231 | case NETLBL_NLTYPE_CIPSOV4: | |
232 | BUG_ON(cipsov4 == NULL); | |
233 | audit_log_format(audit_buf, | |
234 | " nlbl_protocol=cipsov4 cipso_doi=%u", | |
235 | cipsov4->doi); | |
236 | break; | |
237 | } | |
238 | audit_log_format(audit_buf, " res=%u", result == 0 ? 1 : 0); | |
239 | audit_log_end(audit_buf); | |
240 | } | |
241 | } | |
242 | ||
d15c345f PM |
243 | /* |
244 | * Domain Hash Table Functions | |
245 | */ | |
246 | ||
247 | /** | |
248 | * netlbl_domhsh_init - Init for the domain hash | |
249 | * @size: the number of bits to use for the hash buckets | |
250 | * | |
251 | * Description: | |
252 | * Initializes the domain hash table, should be called only by | |
253 | * netlbl_user_init() during initialization. Returns zero on success, non-zero | |
254 | * values on error. | |
255 | * | |
256 | */ | |
05705e4e | 257 | int __init netlbl_domhsh_init(u32 size) |
d15c345f PM |
258 | { |
259 | u32 iter; | |
260 | struct netlbl_domhsh_tbl *hsh_tbl; | |
261 | ||
262 | if (size == 0) | |
263 | return -EINVAL; | |
264 | ||
265 | hsh_tbl = kmalloc(sizeof(*hsh_tbl), GFP_KERNEL); | |
266 | if (hsh_tbl == NULL) | |
267 | return -ENOMEM; | |
268 | hsh_tbl->size = 1 << size; | |
269 | hsh_tbl->tbl = kcalloc(hsh_tbl->size, | |
270 | sizeof(struct list_head), | |
271 | GFP_KERNEL); | |
272 | if (hsh_tbl->tbl == NULL) { | |
273 | kfree(hsh_tbl); | |
274 | return -ENOMEM; | |
275 | } | |
276 | for (iter = 0; iter < hsh_tbl->size; iter++) | |
277 | INIT_LIST_HEAD(&hsh_tbl->tbl[iter]); | |
278 | ||
d15c345f PM |
279 | spin_lock(&netlbl_domhsh_lock); |
280 | rcu_assign_pointer(netlbl_domhsh, hsh_tbl); | |
281 | spin_unlock(&netlbl_domhsh_lock); | |
d15c345f PM |
282 | |
283 | return 0; | |
284 | } | |
285 | ||
286 | /** | |
287 | * netlbl_domhsh_add - Adds a entry to the domain hash table | |
288 | * @entry: the entry to add | |
95d4e6be | 289 | * @audit_info: NetLabel audit information |
d15c345f PM |
290 | * |
291 | * Description: | |
292 | * Adds a new entry to the domain hash table and handles any updates to the | |
293 | * lower level protocol handler (i.e. CIPSO). Returns zero on success, | |
294 | * negative on failure. | |
295 | * | |
296 | */ | |
95d4e6be PM |
297 | int netlbl_domhsh_add(struct netlbl_dom_map *entry, |
298 | struct netlbl_audit *audit_info) | |
d15c345f | 299 | { |
63c41688 PM |
300 | int ret_val = 0; |
301 | struct netlbl_dom_map *entry_old; | |
302 | struct netlbl_af4list *iter4; | |
303 | struct netlbl_af4list *tmp4; | |
304 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | |
305 | struct netlbl_af6list *iter6; | |
306 | struct netlbl_af6list *tmp6; | |
307 | #endif /* IPv6 */ | |
d15c345f | 308 | |
d15c345f | 309 | rcu_read_lock(); |
63c41688 | 310 | |
1c3fad93 | 311 | spin_lock(&netlbl_domhsh_lock); |
63c41688 PM |
312 | if (entry->domain != NULL) |
313 | entry_old = netlbl_domhsh_search(entry->domain); | |
314 | else | |
315 | entry_old = netlbl_domhsh_search_def(entry->domain); | |
316 | if (entry_old == NULL) { | |
317 | entry->valid = 1; | |
318 | INIT_RCU_HEAD(&entry->rcu); | |
319 | ||
320 | if (entry->domain != NULL) { | |
321 | u32 bkt = netlbl_domhsh_hash(entry->domain); | |
d15c345f | 322 | list_add_tail_rcu(&entry->list, |
3482fd90 | 323 | &rcu_dereference(netlbl_domhsh)->tbl[bkt]); |
63c41688 PM |
324 | } else { |
325 | INIT_LIST_HEAD(&entry->list); | |
d15c345f | 326 | rcu_assign_pointer(netlbl_domhsh_def, entry); |
de64688f | 327 | } |
d15c345f | 328 | |
63c41688 PM |
329 | if (entry->type == NETLBL_NLTYPE_ADDRSELECT) { |
330 | netlbl_af4list_foreach_rcu(iter4, | |
331 | &entry->type_def.addrsel->list4) | |
332 | netlbl_domhsh_audit_add(entry, iter4, NULL, | |
333 | ret_val, audit_info); | |
334 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | |
335 | netlbl_af6list_foreach_rcu(iter6, | |
336 | &entry->type_def.addrsel->list6) | |
337 | netlbl_domhsh_audit_add(entry, NULL, iter6, | |
338 | ret_val, audit_info); | |
339 | #endif /* IPv6 */ | |
340 | } else | |
341 | netlbl_domhsh_audit_add(entry, NULL, NULL, | |
342 | ret_val, audit_info); | |
343 | } else if (entry_old->type == NETLBL_NLTYPE_ADDRSELECT && | |
344 | entry->type == NETLBL_NLTYPE_ADDRSELECT) { | |
345 | struct list_head *old_list4; | |
346 | struct list_head *old_list6; | |
347 | ||
348 | old_list4 = &entry_old->type_def.addrsel->list4; | |
349 | old_list6 = &entry_old->type_def.addrsel->list6; | |
350 | ||
351 | /* we only allow the addition of address selectors if all of | |
352 | * the selectors do not exist in the existing domain map */ | |
353 | netlbl_af4list_foreach_rcu(iter4, | |
354 | &entry->type_def.addrsel->list4) | |
355 | if (netlbl_af4list_search_exact(iter4->addr, | |
356 | iter4->mask, | |
357 | old_list4)) { | |
358 | ret_val = -EEXIST; | |
359 | goto add_return; | |
360 | } | |
361 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | |
362 | netlbl_af6list_foreach_rcu(iter6, | |
363 | &entry->type_def.addrsel->list6) | |
364 | if (netlbl_af6list_search_exact(&iter6->addr, | |
365 | &iter6->mask, | |
366 | old_list6)) { | |
367 | ret_val = -EEXIST; | |
368 | goto add_return; | |
369 | } | |
370 | #endif /* IPv6 */ | |
371 | ||
372 | netlbl_af4list_foreach_safe(iter4, tmp4, | |
373 | &entry->type_def.addrsel->list4) { | |
374 | netlbl_af4list_remove_entry(iter4); | |
375 | iter4->valid = 1; | |
376 | ret_val = netlbl_af4list_add(iter4, old_list4); | |
377 | netlbl_domhsh_audit_add(entry_old, iter4, NULL, | |
378 | ret_val, audit_info); | |
379 | if (ret_val != 0) | |
380 | goto add_return; | |
381 | } | |
382 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | |
383 | netlbl_af6list_foreach_safe(iter6, tmp6, | |
384 | &entry->type_def.addrsel->list6) { | |
385 | netlbl_af6list_remove_entry(iter6); | |
386 | iter6->valid = 1; | |
387 | ret_val = netlbl_af6list_add(iter6, old_list6); | |
388 | netlbl_domhsh_audit_add(entry_old, NULL, iter6, | |
389 | ret_val, audit_info); | |
390 | if (ret_val != 0) | |
391 | goto add_return; | |
392 | } | |
393 | #endif /* IPv6 */ | |
394 | } else | |
395 | ret_val = -EINVAL; | |
396 | ||
397 | add_return: | |
398 | spin_unlock(&netlbl_domhsh_lock); | |
399 | rcu_read_unlock(); | |
d15c345f PM |
400 | return ret_val; |
401 | } | |
402 | ||
403 | /** | |
404 | * netlbl_domhsh_add_default - Adds the default entry to the domain hash table | |
405 | * @entry: the entry to add | |
95d4e6be | 406 | * @audit_info: NetLabel audit information |
d15c345f PM |
407 | * |
408 | * Description: | |
409 | * Adds a new default entry to the domain hash table and handles any updates | |
410 | * to the lower level protocol handler (i.e. CIPSO). Returns zero on success, | |
411 | * negative on failure. | |
412 | * | |
413 | */ | |
95d4e6be PM |
414 | int netlbl_domhsh_add_default(struct netlbl_dom_map *entry, |
415 | struct netlbl_audit *audit_info) | |
d15c345f | 416 | { |
95d4e6be | 417 | return netlbl_domhsh_add(entry, audit_info); |
d15c345f PM |
418 | } |
419 | ||
420 | /** | |
b1edeb10 PM |
421 | * netlbl_domhsh_remove_entry - Removes a given entry from the domain table |
422 | * @entry: the entry to remove | |
95d4e6be | 423 | * @audit_info: NetLabel audit information |
d15c345f PM |
424 | * |
425 | * Description: | |
426 | * Removes an entry from the domain hash table and handles any updates to the | |
b1edeb10 PM |
427 | * lower level protocol handler (i.e. CIPSO). Caller is responsible for |
428 | * ensuring that the RCU read lock is held. Returns zero on success, negative | |
429 | * on failure. | |
d15c345f PM |
430 | * |
431 | */ | |
b1edeb10 PM |
432 | int netlbl_domhsh_remove_entry(struct netlbl_dom_map *entry, |
433 | struct netlbl_audit *audit_info) | |
d15c345f | 434 | { |
b1edeb10 | 435 | int ret_val = 0; |
32f50cde | 436 | struct audit_buffer *audit_buf; |
d15c345f | 437 | |
d15c345f | 438 | if (entry == NULL) |
b1edeb10 PM |
439 | return -ENOENT; |
440 | ||
1c3fad93 PM |
441 | spin_lock(&netlbl_domhsh_lock); |
442 | if (entry->valid) { | |
443 | entry->valid = 0; | |
444 | if (entry != rcu_dereference(netlbl_domhsh_def)) | |
d15c345f | 445 | list_del_rcu(&entry->list); |
1c3fad93 | 446 | else |
d15c345f | 447 | rcu_assign_pointer(netlbl_domhsh_def, NULL); |
b1edeb10 PM |
448 | } else |
449 | ret_val = -ENOENT; | |
1c3fad93 | 450 | spin_unlock(&netlbl_domhsh_lock); |
32f50cde | 451 | |
95d4e6be | 452 | audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL, audit_info); |
de64688f PM |
453 | if (audit_buf != NULL) { |
454 | audit_log_format(audit_buf, | |
455 | " nlbl_domain=%s res=%u", | |
456 | entry->domain ? entry->domain : "(default)", | |
457 | ret_val == 0 ? 1 : 0); | |
458 | audit_log_end(audit_buf); | |
459 | } | |
95d4e6be | 460 | |
b1edeb10 | 461 | if (ret_val == 0) { |
63c41688 PM |
462 | struct netlbl_af4list *iter4; |
463 | struct netlbl_domaddr4_map *map4; | |
464 | ||
b1edeb10 | 465 | switch (entry->type) { |
63c41688 PM |
466 | case NETLBL_NLTYPE_ADDRSELECT: |
467 | netlbl_af4list_foreach_rcu(iter4, | |
468 | &entry->type_def.addrsel->list4) { | |
469 | map4 = netlbl_domhsh_addr4_entry(iter4); | |
470 | cipso_v4_doi_putdef(map4->type_def.cipsov4); | |
471 | } | |
472 | /* no need to check the IPv6 list since we currently | |
473 | * support only unlabeled protocols for IPv6 */ | |
474 | break; | |
b1edeb10 PM |
475 | case NETLBL_NLTYPE_CIPSOV4: |
476 | cipso_v4_doi_putdef(entry->type_def.cipsov4); | |
477 | break; | |
478 | } | |
4be2700f | 479 | call_rcu(&entry->rcu, netlbl_domhsh_free_entry); |
b1edeb10 PM |
480 | } |
481 | ||
482 | return ret_val; | |
483 | } | |
484 | ||
485 | /** | |
486 | * netlbl_domhsh_remove - Removes an entry from the domain hash table | |
487 | * @domain: the domain to remove | |
488 | * @audit_info: NetLabel audit information | |
489 | * | |
490 | * Description: | |
491 | * Removes an entry from the domain hash table and handles any updates to the | |
492 | * lower level protocol handler (i.e. CIPSO). Returns zero on success, | |
493 | * negative on failure. | |
494 | * | |
495 | */ | |
496 | int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info) | |
497 | { | |
498 | int ret_val; | |
499 | struct netlbl_dom_map *entry; | |
500 | ||
501 | rcu_read_lock(); | |
502 | if (domain) | |
503 | entry = netlbl_domhsh_search(domain); | |
504 | else | |
505 | entry = netlbl_domhsh_search_def(domain); | |
506 | ret_val = netlbl_domhsh_remove_entry(entry, audit_info); | |
507 | rcu_read_unlock(); | |
508 | ||
d15c345f PM |
509 | return ret_val; |
510 | } | |
511 | ||
512 | /** | |
513 | * netlbl_domhsh_remove_default - Removes the default entry from the table | |
95d4e6be | 514 | * @audit_info: NetLabel audit information |
d15c345f PM |
515 | * |
516 | * Description: | |
517 | * Removes/resets the default entry for the domain hash table and handles any | |
518 | * updates to the lower level protocol handler (i.e. CIPSO). Returns zero on | |
519 | * success, non-zero on failure. | |
520 | * | |
521 | */ | |
95d4e6be | 522 | int netlbl_domhsh_remove_default(struct netlbl_audit *audit_info) |
d15c345f | 523 | { |
95d4e6be | 524 | return netlbl_domhsh_remove(NULL, audit_info); |
d15c345f PM |
525 | } |
526 | ||
527 | /** | |
528 | * netlbl_domhsh_getentry - Get an entry from the domain hash table | |
529 | * @domain: the domain name to search for | |
530 | * | |
531 | * Description: | |
532 | * Look through the domain hash table searching for an entry to match @domain, | |
533 | * return a pointer to a copy of the entry or NULL. The caller is responsibile | |
534 | * for ensuring that rcu_read_[un]lock() is called. | |
535 | * | |
536 | */ | |
537 | struct netlbl_dom_map *netlbl_domhsh_getentry(const char *domain) | |
538 | { | |
b64397e0 | 539 | return netlbl_domhsh_search_def(domain); |
d15c345f PM |
540 | } |
541 | ||
63c41688 PM |
542 | /** |
543 | * netlbl_domhsh_getentry_af4 - Get an entry from the domain hash table | |
544 | * @domain: the domain name to search for | |
545 | * @addr: the IP address to search for | |
546 | * | |
547 | * Description: | |
548 | * Look through the domain hash table searching for an entry to match @domain | |
549 | * and @addr, return a pointer to a copy of the entry or NULL. The caller is | |
550 | * responsible for ensuring that rcu_read_[un]lock() is called. | |
551 | * | |
552 | */ | |
553 | struct netlbl_domaddr4_map *netlbl_domhsh_getentry_af4(const char *domain, | |
554 | __be32 addr) | |
555 | { | |
556 | struct netlbl_dom_map *dom_iter; | |
557 | struct netlbl_af4list *addr_iter; | |
558 | ||
559 | dom_iter = netlbl_domhsh_search_def(domain); | |
560 | if (dom_iter == NULL) | |
561 | return NULL; | |
562 | if (dom_iter->type != NETLBL_NLTYPE_ADDRSELECT) | |
563 | return NULL; | |
564 | ||
565 | addr_iter = netlbl_af4list_search(addr, | |
566 | &dom_iter->type_def.addrsel->list4); | |
567 | if (addr_iter == NULL) | |
568 | return NULL; | |
569 | ||
570 | return netlbl_domhsh_addr4_entry(addr_iter); | |
571 | } | |
572 | ||
573 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | |
574 | /** | |
575 | * netlbl_domhsh_getentry_af6 - Get an entry from the domain hash table | |
576 | * @domain: the domain name to search for | |
577 | * @addr: the IP address to search for | |
578 | * | |
579 | * Description: | |
580 | * Look through the domain hash table searching for an entry to match @domain | |
581 | * and @addr, return a pointer to a copy of the entry or NULL. The caller is | |
582 | * responsible for ensuring that rcu_read_[un]lock() is called. | |
583 | * | |
584 | */ | |
585 | struct netlbl_domaddr6_map *netlbl_domhsh_getentry_af6(const char *domain, | |
586 | const struct in6_addr *addr) | |
587 | { | |
588 | struct netlbl_dom_map *dom_iter; | |
589 | struct netlbl_af6list *addr_iter; | |
590 | ||
591 | dom_iter = netlbl_domhsh_search_def(domain); | |
592 | if (dom_iter == NULL) | |
593 | return NULL; | |
594 | if (dom_iter->type != NETLBL_NLTYPE_ADDRSELECT) | |
595 | return NULL; | |
596 | ||
597 | addr_iter = netlbl_af6list_search(addr, | |
598 | &dom_iter->type_def.addrsel->list6); | |
599 | if (addr_iter == NULL) | |
600 | return NULL; | |
601 | ||
602 | return netlbl_domhsh_addr6_entry(addr_iter); | |
603 | } | |
604 | #endif /* IPv6 */ | |
605 | ||
d15c345f | 606 | /** |
fcd48280 PM |
607 | * netlbl_domhsh_walk - Iterate through the domain mapping hash table |
608 | * @skip_bkt: the number of buckets to skip at the start | |
609 | * @skip_chain: the number of entries to skip in the first iterated bucket | |
610 | * @callback: callback for each entry | |
611 | * @cb_arg: argument for the callback function | |
d15c345f PM |
612 | * |
613 | * Description: | |
fcd48280 PM |
614 | * Interate over the domain mapping hash table, skipping the first @skip_bkt |
615 | * buckets and @skip_chain entries. For each entry in the table call | |
616 | * @callback, if @callback returns a negative value stop 'walking' through the | |
617 | * table and return. Updates the values in @skip_bkt and @skip_chain on | |
618 | * return. Returns zero on succcess, negative values on failure. | |
d15c345f PM |
619 | * |
620 | */ | |
fcd48280 PM |
621 | int netlbl_domhsh_walk(u32 *skip_bkt, |
622 | u32 *skip_chain, | |
623 | int (*callback) (struct netlbl_dom_map *entry, void *arg), | |
624 | void *cb_arg) | |
d15c345f | 625 | { |
fcd48280 PM |
626 | int ret_val = -ENOENT; |
627 | u32 iter_bkt; | |
56196701 | 628 | struct list_head *iter_list; |
fcd48280 PM |
629 | struct netlbl_dom_map *iter_entry; |
630 | u32 chain_cnt = 0; | |
d15c345f | 631 | |
d15c345f | 632 | rcu_read_lock(); |
fcd48280 PM |
633 | for (iter_bkt = *skip_bkt; |
634 | iter_bkt < rcu_dereference(netlbl_domhsh)->size; | |
635 | iter_bkt++, chain_cnt = 0) { | |
56196701 PM |
636 | iter_list = &rcu_dereference(netlbl_domhsh)->tbl[iter_bkt]; |
637 | list_for_each_entry_rcu(iter_entry, iter_list, list) | |
fcd48280 PM |
638 | if (iter_entry->valid) { |
639 | if (chain_cnt++ < *skip_chain) | |
640 | continue; | |
641 | ret_val = callback(iter_entry, cb_arg); | |
642 | if (ret_val < 0) { | |
643 | chain_cnt--; | |
644 | goto walk_return; | |
645 | } | |
d15c345f | 646 | } |
fcd48280 | 647 | } |
d15c345f | 648 | |
fcd48280 | 649 | walk_return: |
d15c345f | 650 | rcu_read_unlock(); |
fcd48280 PM |
651 | *skip_bkt = iter_bkt; |
652 | *skip_chain = chain_cnt; | |
653 | return ret_val; | |
d15c345f | 654 | } |