diff options
author | rwatson <rwatson@FreeBSD.org> | 2004-05-04 02:11:47 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2004-05-04 02:11:47 +0000 |
commit | ff404935e298035e368a30eaca5828f456172f23 (patch) | |
tree | e48358fc77e63bf6505384209b672f020edf150b | |
parent | e15e5d49773ef804bc0621274b3ea38a233fe00f (diff) | |
download | FreeBSD-src-ff404935e298035e368a30eaca5828f456172f23.zip FreeBSD-src-ff404935e298035e368a30eaca5828f456172f23.tar.gz |
Switch to using the inpcb MAC label instead of socket MAC label when
labeling new mbufs created from sockets/inpcbs in IPv4. This helps avoid
the need for socket layer locking in the lower level network paths
where inpcb locks are already frequently held where needed. In
particular:
- Use the inpcb for label instead of socket in raw_append().
- Use the inpcb for label instead of socket in tcp_output().
- Use the inpcb for label instead of socket in tcp_respond().
- Use the inpcb for label instead of socket in tcp_twrespond().
- Use the inpcb for label instead of socket in syncache_respond().
While here, modify tcp_respond() to avoid assigning NULL to a stack
variable and centralize assertions about the inpcb when inp is
assigned.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, McAfee Research
-rw-r--r-- | sys/netinet/raw_ip.c | 4 | ||||
-rw-r--r-- | sys/netinet/tcp_output.c | 2 | ||||
-rw-r--r-- | sys/netinet/tcp_subr.c | 9 | ||||
-rw-r--r-- | sys/netinet/tcp_syncache.c | 2 | ||||
-rw-r--r-- | sys/netinet/tcp_timewait.c | 9 | ||||
-rw-r--r-- | sys/netinet/udp_usrreq.c | 2 |
6 files changed, 20 insertions, 8 deletions
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 1953fd8..12ab675 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -248,7 +248,9 @@ rip_output(struct mbuf *m, struct socket *so, u_long dst) int flags = (so->so_options & SO_DONTROUTE) | IP_ALLOWBROADCAST; #ifdef MAC - mac_create_mbuf_from_socket(so, m); + INP_LOCK(inp); + mac_create_mbuf_from_inpcb(inp, m); + INP_UNLOCK(inp); #endif /* diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index 098322e..46d9337 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -692,7 +692,7 @@ send: } m->m_pkthdr.rcvif = (struct ifnet *)0; #ifdef MAC - mac_create_mbuf_from_socket(so, m); + mac_create_mbuf_from_inpcb(tp->t_inpcb, m); #endif #ifdef INET6 if (isipv6) { diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 23f08ba..5fca04c 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -412,7 +412,7 @@ tcp_respond(tp, ipgen, th, m, ack, seq, flags) int isipv6; #endif /* INET6 */ int ipflags = 0; - struct inpcb *inp = NULL; + struct inpcb *inp; KASSERT(tp != NULL || m != NULL, ("tcp_respond: tp and m both NULL")); @@ -427,6 +427,10 @@ tcp_respond(tp, ipgen, th, m, ack, seq, flags) KASSERT(inp != NULL, ("tcp control block w/o inpcb")); INP_INFO_WLOCK_ASSERT(&tcbinfo); INP_LOCK_ASSERT(inp); + } else + inp = NULL; + + if (tp != NULL) { if (!(flags & TH_RST)) { win = sbspace(&inp->inp_socket->so_rcv); if (win > (long)TCP_MAXWIN << tp->rcv_scale) @@ -509,7 +513,8 @@ tcp_respond(tp, ipgen, th, m, ack, seq, flags) * Packet is associated with a socket, so allow the * label of the response to reflect the socket label. */ - mac_create_mbuf_from_socket(inp->inp_socket, m); + INP_LOCK_ASSERT(inp); + mac_create_mbuf_from_inpcb(inp, m); } else { /* * Packet is not associated with a socket, so possibly diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 51575a3..1fb7e99 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -1131,7 +1131,7 @@ syncache_respond(sc, m) inp = sc->sc_tp->t_inpcb; INP_LOCK(inp); #ifdef MAC - mac_create_mbuf_from_socket(inp->inp_socket, m); + mac_create_mbuf_from_inpcb(inp, m); #endif #ifdef INET6 diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c index 23f08ba..5fca04c 100644 --- a/sys/netinet/tcp_timewait.c +++ b/sys/netinet/tcp_timewait.c @@ -412,7 +412,7 @@ tcp_respond(tp, ipgen, th, m, ack, seq, flags) int isipv6; #endif /* INET6 */ int ipflags = 0; - struct inpcb *inp = NULL; + struct inpcb *inp; KASSERT(tp != NULL || m != NULL, ("tcp_respond: tp and m both NULL")); @@ -427,6 +427,10 @@ tcp_respond(tp, ipgen, th, m, ack, seq, flags) KASSERT(inp != NULL, ("tcp control block w/o inpcb")); INP_INFO_WLOCK_ASSERT(&tcbinfo); INP_LOCK_ASSERT(inp); + } else + inp = NULL; + + if (tp != NULL) { if (!(flags & TH_RST)) { win = sbspace(&inp->inp_socket->so_rcv); if (win > (long)TCP_MAXWIN << tp->rcv_scale) @@ -509,7 +513,8 @@ tcp_respond(tp, ipgen, th, m, ack, seq, flags) * Packet is associated with a socket, so allow the * label of the response to reflect the socket label. */ - mac_create_mbuf_from_socket(inp->inp_socket, m); + INP_LOCK_ASSERT(inp); + mac_create_mbuf_from_inpcb(inp, m); } else { /* * Packet is not associated with a socket, so possibly diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 8680491..9c541db 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -728,7 +728,7 @@ udp_output(inp, m, addr, control, td) INP_LOCK_ASSERT(inp); #ifdef MAC - mac_create_mbuf_from_socket(inp->inp_socket, m); + mac_create_mbuf_from_inpcb(inp, m); #endif if (len + sizeof(struct udpiphdr) > IP_MAXPACKET) { |