Sisyphus repository
Last update: 1 october 2023 | SRPMs: 18631 | Visits: 37415993
en ru br
ALT Linux repos
S:0.30.0-alt3

Group :: System/Base
RPM: netlabel_tools

 Main   Changelog   Spec   Patches   Sources   Download   Gear   Bugs and FR  Repocop 

Patch: alt-s0-mark-flag-0.21.patch
Download

--- a/libnetlabel/mod_mgmt.c
+++ b/libnetlabel/mod_mgmt.c
@@ -333,6 +333,155 @@ init_return:
  */
 
 /**
+ * Set the mark s0 flag
+ * @param hndl the NetLabel handle
+ * @param mark_flag the desired s0 flag setting
+ *
+ * Set the mark s0 flag in the NetLabel system; if @mark_flag is
+ * true then set the mark s0 flag, otherwise clear the flag.  If @hndl is NULL
+ * then the function will handle opening and closing it's own NetLabel handle.
+ * Returns zero on success, negative values on failure.
+ *
+ */
+int nlbl_mgmt_s0_set(struct nlbl_handle *hndl, uint8_t mark_flag)
+{
+	int ret_val = -ENOMEM;
+	struct nlbl_handle *p_hndl = hndl;
+	nlbl_msg *msg = NULL;
+	nlbl_msg *ans_msg = NULL;
+
+	/* sanity checks */
+	if (nlbl_mgmt_fid == 0)
+		return -ENOPROTOOPT;
+
+	/* open a handle if we need one */
+	if (p_hndl == NULL) {
+		p_hndl = nlbl_comm_open();
+		if (p_hndl == NULL)
+			goto accept_return;
+	}
+
+	/* create a new message */
+	msg = nlbl_mgmt_msg_new(NLBL_MGMT_C_S0_SET, 0);
+	if (msg == NULL)
+		goto accept_return;
+
+	/* add the required attributes to the message */
+	if (mark_flag)
+		ret_val = nla_put_u8(msg, NLBL_MGMT_A_S0, 1);
+	else
+		ret_val = nla_put_u8(msg, NLBL_MGMT_A_S0, 0);
+	if (ret_val != 0)
+		goto accept_return;
+
+	/* send the request */
+	ret_val = nlbl_comm_send(p_hndl, msg);
+	if (ret_val <= 0) {
+		if (ret_val == 0)
+			ret_val = -ENODATA;
+		goto accept_return;
+	}
+
+	/* read the response */
+	ret_val = nlbl_mgmt_recv(p_hndl, &ans_msg);
+	if (ret_val <= 0) {
+		if (ret_val == 0)
+			ret_val = -ENODATA;
+		goto accept_return;
+	}
+
+	/* process the response */
+	ret_val = nlbl_mgmt_parse_ack(ans_msg);
+
+accept_return:
+	if (hndl == NULL)
+		nlbl_comm_close(p_hndl);
+	nlbl_msg_free(msg);
+	nlbl_msg_free(ans_msg);
+	return ret_val;
+}
+
+/**
+ * Query the s0 mark flag
+ * @param hndl the NetLabel handle
+ * @param mark_flag the current s0 mark flag setting
+ *
+ * Query the s0 mark flag in the NetLabel system.  If @hndl is NULL then
+ * the function will handle opening and closing it's own NetLabel handle.
+ * Returns zero on success, negative values on failure.
+ *
+ */
+int nlbl_mgmt_s0_get(struct nlbl_handle *hndl, uint8_t *mark_flag)
+{
+	int ret_val = -ENOMEM;
+	struct nlbl_handle *p_hndl = hndl;
+	nlbl_msg *msg = NULL;
+	nlbl_msg *ans_msg = NULL;
+	struct genlmsghdr *genl_hdr;
+	struct nlattr *nla;
+
+	/* sanity checks */
+	if (mark_flag == NULL)
+		return -EINVAL;
+	if (nlbl_mgmt_fid == 0)
+		return -ENOPROTOOPT;
+
+	/* open a handle if we need one */
+	if (p_hndl == NULL) {
+		p_hndl = nlbl_comm_open();
+		if (p_hndl == NULL)
+			goto list_return;
+	}
+
+	/* create a new message */
+	msg = nlbl_mgmt_msg_new(NLBL_MGMT_C_S0_GET, 0);
+	if (msg == NULL)
+		goto list_return;
+
+	/* send the request */
+	ret_val = nlbl_comm_send(p_hndl, msg);
+	if (ret_val <= 0) {
+		if (ret_val == 0)
+			ret_val = -ENODATA;
+		goto list_return;
+	}
+
+	/* read the response */
+	ret_val = nlbl_mgmt_recv(p_hndl, &ans_msg);
+	if (ret_val <= 0) {
+		if (ret_val == 0)
+			ret_val = -ENODATA;
+		goto list_return;
+	}
+
+	/* check the response */
+	ret_val = nlbl_mgmt_parse_ack(ans_msg);
+	if (ret_val < 0 && ret_val != -ENOMSG)
+		goto list_return;
+	genl_hdr = nlbl_msg_genlhdr(ans_msg);
+	if (genl_hdr == NULL || genl_hdr->cmd != NLBL_MGMT_C_S0_GET) {
+		ret_val = -EBADMSG;
+		goto list_return;
+	}
+
+	/* process the response */
+	nla = nlbl_attr_find(ans_msg, NLBL_MGMT_A_S0);
+	if (nla == NULL)
+		goto list_return;
+	*mark_flag = nla_get_u8(nla);
+
+	ret_val = 0;
+
+list_return:
+	if (hndl == NULL)
+		nlbl_comm_close(p_hndl);
+	nlbl_msg_free(msg);
+	nlbl_msg_free(ans_msg);
+	return ret_val;
+}
+
+
+/**
  * Determine the supported list of NetLabel protocols
  * @param hndl the NetLabel handle
  * @param protocols protocol array
--- a/include/libnetlabel.h
+++ b/include/libnetlabel.h
@@ -306,6 +306,8 @@ int nlbl_mgmt_del(struct nlbl_handle *hndl, char *domain);
 int nlbl_mgmt_deldef(struct nlbl_handle *hndl);
 int nlbl_mgmt_listall(struct nlbl_handle *hndl, struct nlbl_dommap **domains);
 int nlbl_mgmt_listdef(struct nlbl_handle *hndl, struct nlbl_dommap *domain);
+int nlbl_mgmt_s0_set(struct nlbl_handle *hndl, uint8_t mark_flag);
+int nlbl_mgmt_s0_get(struct nlbl_handle *hndl, uint8_t *mark_flag);
 
 /* Unlabeled Traffic */
 int nlbl_unlbl_accept(struct nlbl_handle *hndl, uint8_t allow_flag);
--- a/include/netlabel.h
+++ b/include/netlabel.h
@@ -67,6 +67,8 @@ enum {
 	NLBL_MGMT_C_LISTDEF,
 	NLBL_MGMT_C_PROTOCOLS,
 	NLBL_MGMT_C_VERSION,
+	NLBL_MGMT_C_S0_SET,
+	NLBL_MGMT_C_S0_GET,
 	__NLBL_MGMT_C_MAX,
 };
 #define NLBL_MGMT_C_MAX (__NLBL_MGMT_C_MAX - 1)
@@ -86,6 +88,7 @@ enum {
 	NLBL_MGMT_A_IPV4MASK,
 	NLBL_MGMT_A_ADDRSELECTOR,
 	NLBL_MGMT_A_SELECTORLIST,
+	NLBL_MGMT_A_S0,
 	__NLBL_MGMT_A_MAX,
 };
 #define NLBL_MGMT_A_MAX (__NLBL_MGMT_A_MAX - 1)
diff --git a/netlabelctl/main.c b/netlabelctl/main.c
index 8f41faa..5c0ae69 100644
--- a/netlabelctl/main.c
+++ b/netlabelctl/main.c
@@ -97,6 +97,7 @@ static void nlctl_help_print(FILE *fp)
 		"    version\n"
 		"    protocols\n"
 		"  map : Domain/Protocol mapping\n"
+		"    s0 on|off\n"
 		"    add default|domain:<domain> [address:<ADDR>[/<MASK>]]\n"
 		"                                protocol:<protocol>[,<extra>]\n"
 		"    del default|domain:<domain>\n"
diff --git a/netlabelctl/map.c b/netlabelctl/map.c
index 90ee356..69b4e40 100644
--- a/netlabelctl/map.c
+++ b/netlabelctl/map.c
@@ -35,6 +35,39 @@
 #include "netlabelctl.h"
 
 /**
+ * Set the NetLabel s0 flag
+ * @param argc the number of arguments
+ * @param argv the argument list
+ *
+ * Set the kernel's label s0 flag.  Returns zero on success,
+ * negative values on failure.
+ *
+ */
+int map_s0(int argc, char *argv[])
+{
+	int rc;
+	uint8_t flag;
+
+	/* sanity check */
+	if (argc != 1 || argv == NULL || argv[0] == NULL)
+		return -EINVAL;
+
+	/* set or reset the flag? */
+	if (strcasecmp(argv[0], "on") == 0 || strcmp(argv[0], "1") == 0)
+		flag = 1;
+	else if (strcasecmp(argv[0], "off") == 0 || strcmp(argv[0], "0") == 0)
+		flag = 0;
+	else
+		return -EINVAL;
+
+	rc = nlbl_mgmt_s0_set(NULL, flag);
+	if (rc < 0)
+		return rc;
+
+	return 0;
+}
+
+/**
  * Add a domain mapping to NetLabel
  * @param argc the number of arguments
  * @param argv the argument list
@@ -272,6 +305,15 @@ int map_list(int argc, char *argv[])
 	struct nlbl_dommap *mapping, *mapping_new;
 	size_t count;
 	uint32_t iter;
+    uint8_t flag;
+
+	/* display the s0 mark flag */
+    rc = nlbl_mgmt_s0_get(NULL, &flag);
+    if (rc < 0)
+        printf("Mark s0 packets: %s\n", "unsupported");
+    else
+        printf("Mark s0 packets: %s\n",
+                (flag ? "on" : "off"));
 
 	/* get the list of mappings */
 	rc = nlbl_mgmt_listall(NULL, &mapping);
@@ -336,6 +378,9 @@ int map_main(int argc, char *argv[])
 	} else if (strcmp(argv[0], "list") == 0) {
 		/* list the domain mappings */
 		rc = map_list(argc - 1, argv + 1);
+	} else if (strcmp(argv[0], "s0") == 0) {
+		/* accept flag */
+		rc = map_s0(argc - 1, argv + 1);
 	} else {
 		/* unknown request */
 		rc = -EINVAL;
 
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin