diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-07-31 16:22:02 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-07-31 16:22:02 +0000 |
commit | 3597c60ec8a111ea76622ccd0326c558e19cc08b (patch) | |
tree | b722af00a96c20c7536fbed58a0e8b9f9f9e3e4c /sys/net/if_ethersubr.c | |
parent | afe9331e201881db82e8194a20c19231550d5395 (diff) | |
download | FreeBSD-src-3597c60ec8a111ea76622ccd0326c558e19cc08b.zip FreeBSD-src-3597c60ec8a111ea76622ccd0326c558e19cc08b.tar.gz |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Label mbufs received via ethernet-based interfaces by invoking
appropriate MAC framework entry points.
Perform access control checks on out-going mbufs delivered via
ethernet-based interfaces by invoking appropriate MAC entry
points.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/net/if_ethersubr.c')
-rw-r--r-- | sys/net/if_ethersubr.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index 6a1a85d..693f184 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -39,11 +39,13 @@ #include "opt_inet6.h" #include "opt_ipx.h" #include "opt_bdg.h" +#include "opt_mac.h" #include "opt_netgraph.h" #include <sys/param.h> #include <sys/systm.h> #include <sys/kernel.h> +#include <sys/mac.h> #include <sys/malloc.h> #include <sys/mbuf.h> #include <sys/random.h> @@ -154,6 +156,12 @@ ether_output(ifp, m, dst, rt0) int hlen; /* link layer header lenght */ struct arpcom *ac = IFP2AC(ifp); +#ifdef MAC + error = mac_check_ifnet_transmit(ifp, m); + if (error) + senderr(error); +#endif + if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != (IFF_UP|IFF_RUNNING)) senderr(ENETDOWN); rt = rt0; @@ -551,6 +559,10 @@ ether_input(ifp, eh, m) { struct ether_header save_eh; +#ifdef MAC + mac_create_mbuf_from_ifnet(ifp, m); +#endif + /* Check for a BPF tap */ if (ifp->if_bpf != NULL) { struct m_hdr mh; |