Introduce two new MAC Framework and MAC policy entry points:

mac_reflect_mbuf_icmp() mac_reflect_mbuf_tcp() These entry points permit MAC policies to do "update in place" changes to the labels on ICMP and TCP mbuf headers when an ICMP or TCP response is generated to a packet outside of the context of an existing socket. For example, in respond to a ping or a RST packet to a SYN on a closed port. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
author: rwatson <rwatson@FreeBSD.org> 2003-08-21 18:39:16 +0000
committer: rwatson <rwatson@FreeBSD.org> 2003-08-21 18:39:16 +0000
commit: dd0b6b7e289fb78a448ecf62766e2af92801c8ae (patch)
tree: 6a1f15378f4332cafbb49bbd7fdcf872e2d43637 /sys/netinet/ip_icmp.c
parent: 32ed1a62a81fa74b7ba72050f7fcc471b032f95c (diff)
download: FreeBSD-src-dd0b6b7e289fb78a448ecf62766e2af92801c8ae.zip
FreeBSD-src-dd0b6b7e289fb78a448ecf62766e2af92801c8ae.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index 6aaee47..f4df251 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -648,6 +648,9 @@ icmp_reflect(m)
 		goto done;
 	}
 match:
+#ifdef MAC
+	mac_reflect_mbuf_icmp(m);
+#endif
 	t = IA_SIN(ia)->sin_addr;
 	ip->ip_src = t;
 	ip->ip_ttl = ip_defttl;
author	rwatson <rwatson@FreeBSD.org>	2003-08-21 18:39:16 +0000
committer	rwatson <rwatson@FreeBSD.org>	2003-08-21 18:39:16 +0000
commit	dd0b6b7e289fb78a448ecf62766e2af92801c8ae (patch)
tree	6a1f15378f4332cafbb49bbd7fdcf872e2d43637 /sys/netinet/ip_icmp.c
parent	32ed1a62a81fa74b7ba72050f7fcc471b032f95c (diff)
download	FreeBSD-src-dd0b6b7e289fb78a448ecf62766e2af92801c8ae.zip FreeBSD-src-dd0b6b7e289fb78a448ecf62766e2af92801c8ae.tar.gz