diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-07-31 16:23:42 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-07-31 16:23:42 +0000 |
commit | b53ba9c2dc024539e0a0bb8fafea6ec37a0cd6fc (patch) | |
tree | ba98983dcd89a85c067e6278be45bde69ecae6a8 /sys/net/if_tun.c | |
parent | 14cd8a4891b49e1a3571664ff612dda5b7dc5fa6 (diff) | |
download | FreeBSD-src-b53ba9c2dc024539e0a0bb8fafea6ec37a0cd6fc.zip FreeBSD-src-b53ba9c2dc024539e0a0bb8fafea6ec37a0cd6fc.tar.gz |
Introduce support for Mandatory Access Control and extensible
kernel access control.
Label mbufs received via kernel tunnel device interfaces by invoking
appropriate MAC framework entry points.
Perform access control checks on out-going mbufs delivered via tunnel
interfaces by invoking appropriate MAC entry points:
NOTE: Currently the label for a tunnel interface is not derived from
the label of the process that opened the tunnel interface. It
probably should be.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'sys/net/if_tun.c')
-rw-r--r-- | sys/net/if_tun.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/sys/net/if_tun.c b/sys/net/if_tun.c index 18435fd..b4015d7 100644 --- a/sys/net/if_tun.c +++ b/sys/net/if_tun.c @@ -17,10 +17,12 @@ */ #include "opt_inet.h" +#include "opt_mac.h" #include <sys/param.h> #include <sys/proc.h> #include <sys/systm.h> +#include <sys/mac.h> #include <sys/mbuf.h> #include <sys/module.h> #include <sys/socket.h> @@ -436,9 +438,20 @@ tunoutput( struct rtentry *rt) { struct tun_softc *tp = ifp->if_softc; +#ifdef MAC + int error; +#endif TUNDEBUG ("%s%d: tunoutput\n", ifp->if_name, ifp->if_unit); +#ifdef MAC + error = mac_check_ifnet_transmit(ifp, m0); + if (error) { + m_freem(m0); + return (error); + } +#endif + if ((tp->tun_flags & TUN_READY) != TUN_READY) { TUNDEBUG ("%s%d: not ready 0%o\n", ifp->if_name, ifp->if_unit, tp->tun_flags); @@ -735,6 +748,9 @@ tunwrite(dev_t dev, struct uio *uio, int flag) top->m_pkthdr.len = tlen; top->m_pkthdr.rcvif = ifp; +#ifdef MAC + mac_create_mbuf_from_ifnet(ifp, top); +#endif if (ifp->if_bpf) { if (tp->tun_flags & TUN_IFHEAD) { |