diff options
author | rwatson <rwatson@FreeBSD.org> | 2003-08-21 18:39:16 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2003-08-21 18:39:16 +0000 |
commit | dd0b6b7e289fb78a448ecf62766e2af92801c8ae (patch) | |
tree | 6a1f15378f4332cafbb49bbd7fdcf872e2d43637 /sys/netinet/tcp_timewait.c | |
parent | 32ed1a62a81fa74b7ba72050f7fcc471b032f95c (diff) | |
download | FreeBSD-src-dd0b6b7e289fb78a448ecf62766e2af92801c8ae.zip FreeBSD-src-dd0b6b7e289fb78a448ecf62766e2af92801c8ae.tar.gz |
Introduce two new MAC Framework and MAC policy entry points:
mac_reflect_mbuf_icmp()
mac_reflect_mbuf_tcp()
These entry points permit MAC policies to do "update in place"
changes to the labels on ICMP and TCP mbuf headers when an ICMP or
TCP response is generated to a packet outside of the context of
an existing socket. For example, in respond to a ping or a RST
packet to a SYN on a closed port.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/netinet/tcp_timewait.c')
-rw-r--r-- | sys/netinet/tcp_timewait.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c index 8816bc6..26aa1a6 100644 --- a/sys/netinet/tcp_timewait.c +++ b/sys/netinet/tcp_timewait.c @@ -488,10 +488,10 @@ tcp_respond(tp, ipgen, th, m, ack, seq, flags) mac_create_mbuf_from_socket(tp->t_inpcb->inp_socket, m); } else { /* - * XXXMAC: This will need to call a mac function that - * modifies the mbuf label in place for TCP datagrams - * not associated with a PCB. + * Packet is not associated with a socket, so possibly + * update the label in place. */ + mac_reflect_mbuf_tcp(m); } #endif nth->th_seq = htonl(seq); |