Introduce support for Mandatory Access Control and extensible

kernel access control. Invoke the MAC framework to label mbuf created using divert sockets. These labels may later be used for access control on delivery to another socket, or to an interface. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI LAbs
author: rwatson <rwatson@FreeBSD.org> 2002-07-31 16:42:47 +0000
committer: rwatson <rwatson@FreeBSD.org> 2002-07-31 16:42:47 +0000
commit: f2eb16e52dea1e89ac5fe77aa5a8d9b8d5e8ce17 (patch)
tree: 52515b0072bc58e9db7c72f279a183a12edb78bf /sys/netinet/ip_divert.c
parent: 7f656e68063c6162c46d133bdc0221a412956288 (diff)
download: FreeBSD-src-f2eb16e52dea1e89ac5fe77aa5a8d9b8d5e8ce17.zip
FreeBSD-src-f2eb16e52dea1e89ac5fe77aa5a8d9b8d5e8ce17.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c
index 50e939b..ff246f9 100644
--- a/sys/netinet/ip_divert.c
+++ b/sys/netinet/ip_divert.c
@@ -37,6 +37,7 @@
 #include "opt_ipfw.h"
 #include "opt_ipdivert.h"
 #include "opt_ipsec.h"
+#include "opt_mac.h"
 
 #ifndef INET
 #error "IPDIVERT requires INET."
@@ -46,6 +47,7 @@
 #include <sys/kernel.h>
 #include <sys/lock.h>
 #include <sys/malloc.h>
+#include <sys/mac.h>
 #include <sys/mbuf.h>
 #include <sys/proc.h>
 #include <sys/protosw.h>
@@ -264,6 +266,10 @@ div_output(struct socket *so, struct mbuf *m,
 	divert_tag.mh_data = 0;		/* the matching rule # */
 	m->m_pkthdr.rcvif = NULL;	/* XXX is it necessary ? */
 
+#ifdef MAC
+	mac_create_mbuf_from_socket(so, m);
+#endif
+
 	if (control)
 		m_freem(control);		/* XXX */
author	rwatson <rwatson@FreeBSD.org>	2002-07-31 16:42:47 +0000
committer	rwatson <rwatson@FreeBSD.org>	2002-07-31 16:42:47 +0000
commit	f2eb16e52dea1e89ac5fe77aa5a8d9b8d5e8ce17 (patch)
tree	52515b0072bc58e9db7c72f279a183a12edb78bf /sys/netinet/ip_divert.c
parent	7f656e68063c6162c46d133bdc0221a412956288 (diff)
download	FreeBSD-src-f2eb16e52dea1e89ac5fe77aa5a8d9b8d5e8ce17.zip FreeBSD-src-f2eb16e52dea1e89ac5fe77aa5a8d9b8d5e8ce17.tar.gz