#
# shiftn(num,list...)
#
# shift the list num times
#
define(`shiftn',`ifelse($1,0,`shift($*)',`shiftn(decr($1),shift(shift($*)))')')

########################################
#
# Network Interface generated macros 
#
########################################

define(`create_netif_interfaces',``
########################################
## <summary>
##	Send and receive TCP network traffic on the $1 interface.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_$1_if',`
	gen_require(`
		$3 $1_$2;
	')

	allow dollarsone $1_$2:netif { tcp_send tcp_recv };
')

########################################
## <summary>
##	Send UDP network traffic on the $1 interface.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_$1_if',`
	gen_require(`
		$3 $1_$2;
	')

	allow dollarsone $1_$2:netif udp_send;
')

########################################
## <summary>
##	Receive UDP network traffic on the $1 interface.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_$1_if',`
	gen_require(`
		$3 $1_$2;
	')

	allow dollarsone $1_$2:netif udp_recv;
')

########################################
## <summary>
##	Send and receive UDP network traffic on the $1 interface.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_$1_if',`
	corenet_udp_send_$1_if(dollarsone)
	corenet_udp_receive_$1_if(dollarsone)
')

########################################
## <summary>
##	Send raw IP packets on the $1 interface.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_raw_send_$1_if',`
	gen_require(`
		$3 $1_$2;
	')

	allow dollarsone $1_$2:netif rawip_send;
')

########################################
## <summary>
##	Receive raw IP packets on the $1 interface.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_raw_receive_$1_if',`
	gen_require(`
		$3 $1_$2;
	')

	allow dollarsone $1_$2:netif rawip_recv;
')

########################################
## <summary>
##	Send and receive raw IP packets on the $1 interface.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_raw_sendrecv_$1_if',`
	corenet_raw_send_$1_if(dollarsone)
	corenet_raw_receive_$1_if(dollarsone)
')
'') dnl end create_netif_interfaces

########################################
#
# Network node generated macros 
#
########################################

define(`create_node_interfaces',``
########################################
## <summary>
##	Send and receive TCP traffic on the $1 node.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_$1_node',`
	gen_require(`
		$3 $1_$2;
	')

	allow dollarsone $1_$2:node { tcp_send tcp_recv };
')

########################################
## <summary>
##	Send UDP traffic on the $1 node.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_$1_node',`
	gen_require(`
		$3 $1_$2;
	')

	allow dollarsone $1_$2:node udp_send;
')

########################################
## <summary>
##	Receive UDP traffic on the $1 node.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_$1_node',`
	gen_require(`
		$3 $1_$2;
	')

	allow dollarsone $1_$2:node udp_recv;
')

########################################
## <summary>
##	Send and receive UDP traffic on the $1 node.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_$1_node',`
	corenet_udp_send_$1_node(dollarsone)
	corenet_udp_receive_$1_node(dollarsone)
')

########################################
## <summary>
##	Send raw IP packets on the $1 node.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_raw_send_$1_node',`
	gen_require(`
		$3 $1_$2;
	')

	allow dollarsone $1_$2:node rawip_send;
')

########################################
## <summary>
##	Receive raw IP packets on the $1 node.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_raw_receive_$1_node',`
	gen_require(`
		$3 $1_$2;
	')

	allow dollarsone $1_$2:node rawip_recv;
')

########################################
## <summary>
##	Send and receive raw IP packets on the $1 node.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_raw_sendrecv_$1_node',`
	corenet_raw_send_$1_node(dollarsone)
	corenet_raw_receive_$1_node(dollarsone)
')

########################################
## <summary>
##	Bind TCP sockets to node $1.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_$1_node',`
	gen_require(`
		$3 $1_$2;
	')

	allow dollarsone $1_$2:tcp_socket node_bind;
')

########################################
## <summary>
##	Bind UDP sockets to the $1 node.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_$1_node',`
	gen_require(`
		$3 $1_$2;
	')

	allow dollarsone $1_$2:udp_socket node_bind;
')
'') dnl end create_node_interfaces

########################################
#
# Network port generated macros 
#
########################################

define(`create_port_interfaces',``
########################################
## <summary>
##	Send and receive TCP traffic on the $1 port.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_$1_port',`
	gen_require(`
		$3 $1_$2;
	')

	allow dollarsone $1_$2:tcp_socket { send_msg recv_msg };
')

########################################
## <summary>
##	Send UDP traffic on the $1 port.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_udp_send_$1_port',`
	gen_require(`
		$3 $1_$2;
	')

	allow dollarsone $1_$2:udp_socket send_msg;
')

########################################
## <summary>
##	Receive UDP traffic on the $1 port.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_udp_receive_$1_port',`
	gen_require(`
		$3 $1_$2;
	')

	allow dollarsone $1_$2:udp_socket recv_msg;
')

########################################
## <summary>
##	Send and receive UDP traffic on the $1 port.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_$1_port',`
	corenet_udp_send_$1_port(dollarsone)
	corenet_udp_receive_$1_port(dollarsone)
')

########################################
## <summary>
##	Bind TCP sockets to the $1 port.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_tcp_bind_$1_port',`
	gen_require(`
		$3 $1_$2;
	')

	allow dollarsone $1_$2:tcp_socket name_bind;
	$4
')

########################################
## <summary>
##	Bind UDP sockets to the $1 port.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="none"/>
#
interface(`corenet_udp_bind_$1_port',`
	gen_require(`
		$3 $1_$2;
	')

	allow dollarsone $1_$2:udp_socket name_bind;
	$4
')

########################################
## <summary>
##	Make a TCP connection to the $1 port.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`corenet_tcp_connect_$1_port',`
	gen_require(`
		$3 $1_$2;
	')

	allow dollarsone $1_$2:tcp_socket name_connect;
')
'') dnl end create_port_interfaces

define(`create_packet_interfaces',``
########################################
## <summary>
##	Send $1 packets.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="write" weight="10"/>
#
interface(`corenet_send_$1_packets',`
	gen_require(`
		type $1_packet_t;
	')

	allow dollarsone $1_packet_t:packet send;
')

########################################
## <summary>
##	Receive $1 packets.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_receive_$1_packets',`
	gen_require(`
		type $1_packet_t;
	')

	allow dollarsone $1_packet_t:packet recv;
')

########################################
## <summary>
##	Send and receive $1 packets.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_sendrecv_$1_packets',`
	corenet_send_$1_packets(dollarsone)
	corenet_receive_$1_packets(dollarsone)
')

########################################
## <summary>
##	Relabel packets to $1 the packet type.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`corenet_relabelto_$1_packets',`
	gen_require(`
		type $1_packet_t;
	')

	allow dollarsone $1_packet_t:packet relabelto;
')
'') dnl end create_port_interfaces

#
# create_netif_*_interfaces(linux_interfacename)
#
define(`create_netif_type_interfaces',`
create_netif_interfaces($1,netif_t,type)
')
define(`create_netif_attrib_interfaces',`
create_netif_interfaces($1,netif,attribute)
')

#
# network_interface(linux_interfacename,mls_sensitivity)
#
define(`network_interface',`
create_netif_type_interfaces($1)
')

#
# create_node_*_interfaces(node_name)
#
define(`create_node_type_interfaces',`
create_node_interfaces($1,node_t,type)
')
define(`create_node_attrib_interfaces',`
create_node_interfaces($1,node,attribute)
')

#
# network_node(node_name,mls_sensitivity,address,netmask)
#
define(`network_node',`
create_node_type_interfaces($1)
')

# These next three macros have formatting, and should not me indented
define(`determine_reserved_capability',`dnl
ifelse($2,`',`',`dnl
ifelse(eval($2 < 1024),1,``allow' dollarsone self:capability net_bind_service;',`dnl
determine_reserved_capability(shiftn(3,$*))dnl
')dnl end inner ifelse
')dnl end outer ifelse
') dnl end determine reserved capability

#
# create_port_*_interfaces(port_name, protocol,portnum,mls_sensitivity [,protocol portnum mls_sensitivity[,...]])
# (these wrap create_port_interfaces to handle attributes and types)
define(`create_port_type_interfaces',`create_port_interfaces($1,port_t,type,determine_reserved_capability(shift($*)))')
define(`create_port_attrib_interfaces',`create_port_interfaces($1,port,attribute,determine_reserved_capability(shift($*)))')

#
# network_port(port_name,protocol portnum mls_sensitivity [,protocol,portnum,mls_sensitivity[,...]])
#
define(`network_port',`
create_port_type_interfaces($*)
create_packet_interfaces($1_client)
create_packet_interfaces($1_server)
')

#
# network_packet(packet_name)
#
define(`network_packet',`
create_packet_interfaces($1_client)
create_packet_interfaces($1_server)
')