diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-07-30 23:06:07 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-07-30 23:06:07 +0000 |
commit | f476cee6025c9a56bad1af5eefc46de8cae24547 (patch) | |
tree | 13b93562cda662f6d2839b1fefa19dce319ede31 | |
parent | 86902a1ff292f4dfa3f1e7fefb962065c8942927 (diff) | |
download | FreeBSD-src-f476cee6025c9a56bad1af5eefc46de8cae24547.zip FreeBSD-src-f476cee6025c9a56bad1af5eefc46de8cae24547.tar.gz |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Label network interface structures, permitting security features to
be maintained on those objects. if_label will be used to authorize
data flow using the network interface. if_label will be protected
using the same synchronization primitives as other mutable entries
in struct ifnet.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
-rw-r--r-- | sys/net/if_var.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/net/if_var.h b/sys/net/if_var.h index 534bd44..6390ee1 100644 --- a/sys/net/if_var.h +++ b/sys/net/if_var.h @@ -74,6 +74,7 @@ struct socket; struct ether_header; #endif +#include <sys/mac.h> /* struct label */ #include <sys/queue.h> /* get TAILQ macros */ #ifdef _KERNEL @@ -174,6 +175,7 @@ struct ifnet { struct ifqueue *if_poll_slowq; /* input queue for slow devices */ struct ifprefixhead if_prefixhead; /* list of prefixes per if */ u_int8_t *if_broadcastaddr; /* linklevel broadcast bytestring */ + struct label if_label; /* interface MAC label */ }; typedef void if_init_f_t(void *); |