secilc/0004-cil_network_labeling_statements-fixes-nodecon-exampl.patch

From e8bcdb84dc0937b65ca1e9167b436b21375b96ab Mon Sep 17 00:00:00 2001
From: Dominick Grift <dominick.grift@defensec.nl>
Date: Tue, 8 Sep 2020 10:53:29 +0200
Subject: [PATCH] cil_network_labeling_statements: fixes nodecon examples

The order of the subnet and netmask is wrong and also the value of netmask is wrong for single address subnet
Use an ipaddr reserved for documentation: https://tools.ietf.org/html/rfc5737
Add ipv6 example: https://tools.ietf.org/html/rfc3849

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
---
 .../docs/cil_network_labeling_statements.md   | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/secilc/docs/cil_network_labeling_statements.md b/secilc/docs/cil_network_labeling_statements.md
index 49a836c16c55..60aec80d7988 100644
--- a/secilc/docs/cil_network_labeling_statements.md
+++ b/secilc/docs/cil_network_labeling_statements.md
@@ -145,12 +145,21 @@ These examples show named and anonymous [`nodecon`](cil_network_labeling_stateme
     (context context_1 (unconfined.user object_r unconfined.object low_low))
     (context context_2 (unconfined.user object_r unconfined.object (systemlow level_2)))
 
-    (ipaddr netmask_1 255.255.255.0)
-    (ipaddr ipv4_1 192.168.1.64)
+    (ipaddr netmask_1 255.255.255.255)
+    (ipaddr ipv4_1 192.0.2.64)
+
+    (nodecon ipv4_1 netmask_1 context_2)
+    (nodecon (192.0.2.64) (255.255.255.255) context_1)
+    (nodecon (192.0.2.64) netmask_1 (unconfined.user object_r unconfined.object ((s0) (s0 (c0)))))
+
+    (context context_3 (sys.id sys.role my48prefix.node ((s0)(s0))))
+
+    (ipaddr netmask_2 ffff:ffff:ffff:0:0:0:0:0)
+    (ipaddr ipv6_2  2001:db8:1:0:0:0:0:0)
 
-    (nodecon netmask_1 ipv4_1 context_2)
-    (nodecon (255.255.255.0) (192.168.1.64) context_1)
-    (nodecon netmask_1 (192.168.1.64) (unconfined.user object_r unconfined.object ((s0) (s0 (c0)))))
+    (nodecon ipv6_2 netmask_2 context_3)
+    (nodecon (2001:db8:1:0:0:0:0:0) (ffff:ffff:ffff:0:0:0:0:0) context_3)
+    (nodecon (2001:db8:1:0:0:0:0:0) netmask_2 (sys.id sys.role my48prefix.node ((s0)(s0))))
 
 portcon
 -------
-- 
2.29.2