Change Summary:

	Add "sl=" keyword for route(1M)		Stable
	Change RTM_GET to accept label		Stable
	route(1M) output for "get"		Unstable
	netstat(1m) output for "-rR"		Unstable

Binding:

	These changes are intended for the "Micro/Patch" binding.  The affected
operations require Trusted Extensions as described in "Layered Trusted
Solaris" (PSARC 2002/762), which has not officially released so
incompatibility is not a concern.
	
Background:

route(1m) is extended for systems running Solaris Trusted Extensions(TX)
to accept and apply security attributes when adding or modifying a
route.  The format of these security attributes includes a lower and
upper TX/CIPSO sensitivity label to represent the range of labels the
route is relevant for.  TX also has a mechanism for determining if a
route that lacks explicit security attributes applies to a given label.

The route command also has a 'get' subcommand which is intended to
display the route the system would use to reach a destination for
debugging purposes.  Since TX filters routes based on the requester's
label it is necessary for this command to apply the same rules based on
the caller's sensitivity label to provide a route to the destination
that is valid for the caller.

Proposal:
This case proposes accepting security attributes when getting a route to
allow a caller to debug routing for other labels and add a new 'sl='
token to the route -secattr flag to simplify usage and display of single
label ranges.

The security attributes will be used in place of the caller's label to
search for an applicable route if the caller's sensitivity label
dominates them or the caller is in the global zone. This will allow an
administrator to debug routing on a TX gateway which is routing for
labels that have no local zone.  It will also allow a user or
administrator to debug routing for all of their sensitivity label range
from a terminal at their highest sensitivity label.

Since one gets a route based on a single label but sets security
attributes with a range, the existence of both a min_sl and max_sl is
redundant in route get usage.  A sl= token will be added which is
equivalent to using the existing min_sl= and max_sl= with the same
label.  The sl= token may be used in replacement for specifying both
min_sl= and max_sl= whenever for any usage of route security attributes,
currently route get, change and add.

When displaying a range where min_sl equals max_sl, the output will also
be compacted from "min_sl=LABEL,max_sl=LABEL" to a single display of
sl=LABEL.

Related work:

"TSNET: Trusted Networking with Security" (PSARC 2005/060) has added an
optional sl_set property for hosts and gateways to simplify
administration for sites that represent labels as discrete rather than
as a range.  In contrast, this proposal does not add additional
capabilities for handling multiple discrete labels in routes, but does
simplify syntax those using routing security attributes for one discrete
label.

This project also does not implement "route privacy," meaning that routing
socket listeners will still receive all changes, and no interface changes
are proposed by this project.  A future project may change this.


Man page level diffs follow:

zhadum% diff -c route.1m.orig route.1m
*** route.1m.orig       Fri Jun 16 12:29:50 2006
--- route.1m    Fri Jun 16 12:32:45 2006
***************
*** 493,511 ****

           The -secattr modifier has the following format:


!          min_sl=val,max_sl=val,doi=val,cipso
!
!          The val for min_sl and max_sl is a sensitivity label  in
!          either  hex  or  string  form. The val for doi is a non-
           negative integer. The route will apply only for  packets
           with the same domain of interpretation as defined by the
!          doi value and within the accredation  range  defined  by
           the  min_sl  and  max_sl  values.  The  cipso keyword is
           optional and set by default. Valid  min_sl,  max_sl  and
!          doi  keyword/value pairs are mandatory. Note that if val
           contains a space, it must be protected by double quotes.




--- 493,517 ----

           The -secattr modifier has the following format:

+          min_sl=VAL,max_sl=VAL,doi=VAL,cipso
+          or:
+          sl=VAL,doi=VAL,cipso

!          In the first form the VAL for min_sl and max_sl is a
!          sensitivity label  in
!          either  hex  or  string  form. The VAL for doi is a non-
           negative integer. The route will apply only for  packets
           with the same domain of interpretation as defined by the
!          doi value and within the accreditation  range  defined by
           the  min_sl  and  max_sl  values.  The  cipso keyword is
           optional and set by default. Valid  min_sl,  max_sl  and
!          doi  keyword/value pairs are mandatory. Note that if VAL
           contains a space, it must be protected by double quotes.

+          The second form is equivalent to specifying the first form
+          with the same VAL for min_sl and max_sl.  The second form
+          should be used for the get command since get uses only
+          a single sensitivity label.