diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-08-01 21:00:05 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-08-01 21:00:05 +0000 |
commit | 861c05896d6c91d406daa0e5c9dff657bbeab077 (patch) | |
tree | e7faeee5170438aa22912faca7534c733a2b1297 /sys/net/if_gif.c | |
parent | eac603fb18056d40de5410c7662fda3986c240a2 (diff) | |
download | FreeBSD-src-861c05896d6c91d406daa0e5c9dff657bbeab077.zip FreeBSD-src-861c05896d6c91d406daa0e5c9dff657bbeab077.tar.gz |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Label packets generated by the gif virtual interface.
Perform access control on packets delivered to gif virtual interfaces.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/net/if_gif.c')
-rw-r--r-- | sys/net/if_gif.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/sys/net/if_gif.c b/sys/net/if_gif.c index 70aadbc..287e451 100644 --- a/sys/net/if_gif.c +++ b/sys/net/if_gif.c @@ -36,6 +36,7 @@ #include <sys/param.h> #include <sys/systm.h> #include <sys/kernel.h> +#include <sys/mac.h> #include <sys/malloc.h> #include <sys/mbuf.h> #include <sys/socket.h> @@ -340,6 +341,12 @@ gif_output(ifp, m, dst, rt) int error = 0; static int called = 0; /* XXX: MUTEX */ +#ifdef MAC + error = mac_check_ifnet_transmit(ifp, m); + if (error) + senderr(error); +#endif + /* * gif may cause infinite recursion calls when misconfigured. * We'll prevent this by introducing upper limit. @@ -429,7 +436,11 @@ gif_input(m, af, gifp) } m->m_pkthdr.rcvif = gifp; - + +#ifdef MAC + mac_create_mbuf_from_ifnet(gifp, m); +#endif + if (gifp->if_bpf) { /* * We need to prepend the address family as |