diff options
| author | rwatson <rwatson@FreeBSD.org> | 2007-10-24 19:04:04 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2007-10-24 19:04:04 +0000 |
| commit | 60570a92bf794d255e5f8ed235b49c553776ad92 (patch) | |
| tree | fea282db79628eed98808fd38cc46445b2f97ca5 /sys/netinet | |
| parent | 7781c2181af1113baab38322a55a90b5469cba03 (diff) | |
| download | FreeBSD-src-60570a92bf794d255e5f8ed235b49c553776ad92.zip FreeBSD-src-60570a92bf794d255e5f8ed235b49c553776ad92.tar.gz | |
Merge first in a series of TrustedBSD MAC Framework KPI changes
from Mac OS X Leopard--rationalize naming for entry points to
the following general forms:
mac_<object>_<method/action>
mac_<object>_check_<method/action>
The previous naming scheme was inconsistent and mostly
reversed from the new scheme. Also, make object types more
consistent and remove spaces from object types that contain
multiple parts ("posix_sem" -> "posixsem") to make mechanical
parsing easier. Introduce a new "netinet" object type for
certain IPv4/IPv6-related methods. Also simplify, slightly,
some entry point names.
All MAC policy modules will need to be recompiled, and modules
not updates as part of this commit will need to be modified to
conform to the new KPI.
Sponsored by: SPARTA (original patches against Mac OS X)
Obtained from: TrustedBSD Project, Apple Computer
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/in_pcb.c | 6 | ||||
| -rw-r--r-- | sys/netinet/ip_divert.c | 4 | ||||
| -rw-r--r-- | sys/netinet/ip_fw2.c | 4 | ||||
| -rw-r--r-- | sys/netinet/ip_icmp.c | 4 | ||||
| -rw-r--r-- | sys/netinet/ip_input.c | 12 | ||||
| -rw-r--r-- | sys/netinet/ip_options.c | 2 | ||||
| -rw-r--r-- | sys/netinet/ip_output.c | 2 | ||||
| -rw-r--r-- | sys/netinet/raw_ip.c | 4 | ||||
| -rw-r--r-- | sys/netinet/tcp_input.c | 4 | ||||
| -rw-r--r-- | sys/netinet/tcp_output.c | 2 | ||||
| -rw-r--r-- | sys/netinet/tcp_subr.c | 4 | ||||
| -rw-r--r-- | sys/netinet/tcp_syncache.c | 2 | ||||
| -rw-r--r-- | sys/netinet/tcp_timewait.c | 2 | ||||
| -rw-r--r-- | sys/netinet/udp_usrreq.c | 4 |
14 files changed, 28 insertions, 28 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index d85251e..c1727ca 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -187,11 +187,11 @@ in_pcballoc(struct socket *so, struct inpcbinfo *pcbinfo) inp->inp_pcbinfo = pcbinfo; inp->inp_socket = so; #ifdef MAC - error = mac_init_inpcb(inp, M_NOWAIT); + error = mac_inpcb_init(inp, M_NOWAIT); if (error != 0) goto out; SOCK_LOCK(so); - mac_create_inpcb_from_socket(so, inp); + mac_inpcb_create(so, inp); SOCK_UNLOCK(so); #endif @@ -725,7 +725,7 @@ in_pcbfree(struct inpcb *inp) inp->inp_vflag = 0; #ifdef MAC - mac_destroy_inpcb(inp); + mac_inpcb_destroy(inp); #endif INP_UNLOCK(inp); uma_zfree(ipi->ipi_zone, inp); diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c index 35208ff..ee81288 100644 --- a/sys/netinet/ip_divert.c +++ b/sys/netinet/ip_divert.c @@ -376,7 +376,7 @@ div_output(struct socket *so, struct mbuf *m, struct sockaddr_in *sin, ipstat.ips_rawout++; /* XXX */ #ifdef MAC - mac_create_mbuf_from_inpcb(inp, m); + mac_inpcb_create_mbuf(inp, m); #endif /* * Get ready to inject the packet into ip_output(). @@ -439,7 +439,7 @@ div_output(struct socket *so, struct mbuf *m, struct sockaddr_in *sin, } #ifdef MAC SOCK_LOCK(so); - mac_create_mbuf_from_socket(so, m); + mac_socket_create_mbuf(so, m); SOCK_UNLOCK(so); #endif /* Send packet to input processing via netisr */ diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index 2519519..db407e5 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -1619,9 +1619,9 @@ send_pkt(struct mbuf *replyto, struct ipfw_flow_id *id, u_int32_t seq, #ifdef MAC if (replyto != NULL) - mac_create_mbuf_netlayer(replyto, m); + mac_mbuf_create_netlayer(replyto, m); else - mac_create_mbuf_from_firewall(m); + mac_mbuf_create_from_firewall(m); #else (void)replyto; /* don't warn about unused arg */ #endif diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index f5843a0..35718c9 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -221,7 +221,7 @@ stdreply: icmpelen = max(8, min(icmp_quotelen, oip->ip_len - oiphlen)); if (m == NULL) goto freeit; #ifdef MAC - mac_create_mbuf_netlayer(n, m); + mac_mbuf_create_netlayer(n, m); #endif icmplen = min(icmplen, M_TRAILINGSPACE(m) - sizeof(struct ip) - ICMP_MINLEN); m_align(m, ICMP_MINLEN + icmplen); @@ -699,7 +699,7 @@ icmp_reflect(struct mbuf *m) } match: #ifdef MAC - mac_reflect_mbuf_icmp(m); + mac_netinet_icmp_reply(m); #endif t = IA_SIN(ia)->sin_addr; ip->ip_src = t; diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 20bdd6f..7f8703f 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -776,7 +776,7 @@ ip_reass(struct mbuf *m) ip->ip_src.s_addr == fp->ipq_src.s_addr && ip->ip_dst.s_addr == fp->ipq_dst.s_addr && #ifdef MAC - mac_fragment_match(m, fp) && + mac_ipq_match(m, fp) && #endif ip->ip_p == fp->ipq_p) goto found; @@ -852,12 +852,12 @@ found: if (fp == NULL) goto dropfrag; #ifdef MAC - if (mac_init_ipq(fp, M_NOWAIT) != 0) { + if (mac_ipq_init(fp, M_NOWAIT) != 0) { uma_zfree(ipq_zone, fp); fp = NULL; goto dropfrag; } - mac_create_ipq(m, fp); + mac_ipq_create(m, fp); #endif TAILQ_INSERT_HEAD(head, fp, ipq_list); nipq++; @@ -873,7 +873,7 @@ found: } else { fp->ipq_nfrags++; #ifdef MAC - mac_update_ipq(m, fp); + mac_ipq_update(m, fp); #endif } @@ -1015,8 +1015,8 @@ found: m->m_pkthdr.csum_data = (m->m_pkthdr.csum_data & 0xffff) + (m->m_pkthdr.csum_data >> 16); #ifdef MAC - mac_create_datagram_from_ipq(fp, m); - mac_destroy_ipq(fp); + mac_ipq_reassemble(fp, m); + mac_ipq_destroy(fp); #endif /* diff --git a/sys/netinet/ip_options.c b/sys/netinet/ip_options.c index d1c0594..f190df1 100644 --- a/sys/netinet/ip_options.c +++ b/sys/netinet/ip_options.c @@ -508,7 +508,7 @@ ip_insertoptions(struct mbuf *m, struct mbuf *opt, int *phlen) M_MOVE_PKTHDR(n, m); n->m_pkthdr.rcvif = NULL; #ifdef MAC - mac_copy_mbuf(m, n); + mac_mbuf_copy(m, n); #endif n->m_pkthdr.len += optlen; m->m_len -= sizeof(struct ip); diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 261a15f..4105fe4 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -733,7 +733,7 @@ smart_frag_failure: m->m_pkthdr.len = mhlen + len; m->m_pkthdr.rcvif = NULL; #ifdef MAC - mac_create_fragment(m0, m); + mac_netinet_fragment(m0, m); #endif m->m_pkthdr.csum_flags = m0->m_pkthdr.csum_flags; mhip->ip_off = htons(mhip->ip_off); diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 1d0ced5..f23aaf1 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -164,7 +164,7 @@ raw_append(struct inpcb *last, struct ip *ip, struct mbuf *n) } #endif /* IPSEC */ #ifdef MAC - if (!policyfail && mac_check_inpcb_deliver(last, n) != 0) + if (!policyfail && mac_inpcb_check_deliver(last, n) != 0) policyfail = 1; #endif /* Check the minimum TTL for socket. */ @@ -330,7 +330,7 @@ rip_output(struct mbuf *m, struct socket *so, u_long dst) flags |= IP_SENDONES; #ifdef MAC - mac_create_mbuf_from_inpcb(inp, m); + mac_inpcb_create_mbuf(inp, m); #endif error = ip_output(m, inp->inp_options, NULL, flags, diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 4e69016..deb31fb 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -534,7 +534,7 @@ findpcb: #ifdef MAC INP_LOCK_ASSERT(inp); - if (mac_check_inpcb_deliver(inp, m)) + if (mac_inpcb_check_deliver(inp, m)) goto dropunlock; #endif so = inp->inp_socket; @@ -1278,7 +1278,7 @@ tcp_do_segment(struct mbuf *m, struct tcphdr *th, struct socket *so, soisconnected(so); #ifdef MAC SOCK_LOCK(so); - mac_set_socket_peer_from_mbuf(m, so); + mac_socketpeer_set_from_mbuf(m, so); SOCK_UNLOCK(so); #endif /* Do window scaling on this connection? */ diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index c554ffb..58a4ad9 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -846,7 +846,7 @@ send: SOCKBUF_UNLOCK_ASSERT(&so->so_snd); m->m_pkthdr.rcvif = (struct ifnet *)0; #ifdef MAC - mac_create_mbuf_from_inpcb(tp->t_inpcb, m); + mac_inpcb_create_mbuf(tp->t_inpcb, m); #endif #ifdef INET6 if (isipv6) { diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 64d1835..688a5d2 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -525,13 +525,13 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m, * label of the response to reflect the socket label. */ INP_LOCK_ASSERT(inp); - mac_create_mbuf_from_inpcb(inp, m); + mac_inpcb_create_mbuf(inp, m); } else { /* * Packet is not associated with a socket, so possibly * update the label in place. */ - mac_reflect_mbuf_tcp(m); + mac_netinet_tcp_reply(m); } #endif nth->th_seq = htonl(seq); diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index aaee985..430640a 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -640,7 +640,7 @@ syncache_socket(struct syncache *sc, struct socket *lso, struct mbuf *m) } #ifdef MAC SOCK_LOCK(so); - mac_set_socket_peer_from_mbuf(m, so); + mac_socketpeer_set_from_mbuf(m, so); SOCK_UNLOCK(so); #endif diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c index d31e99c..6882642 100644 --- a/sys/netinet/tcp_timewait.c +++ b/sys/netinet/tcp_timewait.c @@ -540,7 +540,7 @@ tcp_twrespond(struct tcptw *tw, int flags) m->m_data += max_linkhdr; #ifdef MAC - mac_create_mbuf_from_inpcb(inp, m); + mac_inpcb_create_mbuf(inp, m); #endif #ifdef INET6 diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 3e122bf..d55377f 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -206,7 +206,7 @@ udp_append(struct inpcb *inp, struct ip *ip, struct mbuf *n, int off, } #endif /* IPSEC */ #ifdef MAC - if (mac_check_inpcb_deliver(inp, n) != 0) { + if (mac_inpcb_check_deliver(inp, n) != 0) { m_freem(n); return; } @@ -843,7 +843,7 @@ udp_output(struct inpcb *inp, struct mbuf *m, struct sockaddr *addr, INP_LOCK(inp); #ifdef MAC - mac_create_mbuf_from_inpcb(inp, m); + mac_inpcb_create_mbuf(inp, m); #endif /* |
