Continue to move from generic network entry points in the TrustedBSD MAC

Framework by moving from mac_mbuf_create_netlayer() to more specific entry points for specific network services: - mac_netinet_firewall_reply() to be used when replying to in-bound TCP segments in pf and ipfw (etc). - Rename mac_netinet_icmp_reply() to mac_netinet_icmp_replyinplace() and add mac_netinet_icmp_reply(), reflecting that in some cases we overwrite a label in place, but in others we apply the label to a new mbuf. Obtained from: TrustedBSD Project
author: rwatson <rwatson@FreeBSD.org> 2007-10-28 17:12:48 +0000
committer: rwatson <rwatson@FreeBSD.org> 2007-10-28 17:12:48 +0000
commit: 369fd04f480478bfb9d2cb1566ec0189185a020e (patch)
tree: 538321b7fe182a0082beacd5d1ff13b9d63f3fca /sys/netinet/ip_fw2.c
parent: 6b31aa449ccb86216e7b0fbfdaf1540f5cf34e82 (diff)
download: FreeBSD-src-369fd04f480478bfb9d2cb1566ec0189185a020e.zip
FreeBSD-src-369fd04f480478bfb9d2cb1566ec0189185a020e.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c
index b815707..77fc59f 100644
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@@ -1619,7 +1619,7 @@ send_pkt(struct mbuf *replyto, struct ipfw_flow_id *id, u_int32_t seq,
 
 #ifdef MAC
 	if (replyto != NULL)
-		mac_mbuf_create_netlayer(replyto, m);
+		mac_netinet_firewall_reply(replyto, m);
 	else
 		mac_netinet_firewall_send(m);
 #else
author	rwatson <rwatson@FreeBSD.org>	2007-10-28 17:12:48 +0000
committer	rwatson <rwatson@FreeBSD.org>	2007-10-28 17:12:48 +0000
commit	369fd04f480478bfb9d2cb1566ec0189185a020e (patch)
tree	538321b7fe182a0082beacd5d1ff13b9d63f3fca /sys/netinet/ip_fw2.c
parent	6b31aa449ccb86216e7b0fbfdaf1540f5cf34e82 (diff)
download	FreeBSD-src-369fd04f480478bfb9d2cb1566ec0189185a020e.zip FreeBSD-src-369fd04f480478bfb9d2cb1566ec0189185a020e.tar.gz