diff options
| author | rwatson <rwatson@FreeBSD.org> | 2007-10-28 15:55:23 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2007-10-28 15:55:23 +0000 |
| commit | 2bca3d4001f67728691cf776e9d18d9c59c19365 (patch) | |
| tree | 6903d27f86e038a8c03b0705e717026eb4846831 /sys/security/mac/mac_inet.c | |
| parent | 5b4c0a83ffe5155893733797736e14c3b44f759a (diff) | |
| download | FreeBSD-src-2bca3d4001f67728691cf776e9d18d9c59c19365.zip FreeBSD-src-2bca3d4001f67728691cf776e9d18d9c59c19365.tar.gz | |
Move towards more explicit support for various network protocol stacks
in the TrustedBSD MAC Framework:
- Add mac_atalk.c and add explicit entry point mac_netatalk_aarp_send()
for AARP packet labeling, rather than using a generic link layer
entry point.
- Add mac_inet6.c and add explicit entry point mac_netinet6_nd6_send()
for ND6 packet labeling, rather than using a generic link layer entry
point.
- Add expliict entry point mac_netinet_arp_send() for ARP packet
labeling, and mac_netinet_igmp_send() for IGMP packet labeling,
rather than using a generic link layer entry point.
- Remove previous genering link layer entry point,
mac_mbuf_create_linklayer() as it is no longer used.
- Add implementations of new entry points to various policies, largely
by replicating the existing link layer entry point for them; remove
old link layer entry point implementation.
- Make MAC_IFNET_LOCK(), MAC_IFNET_UNLOCK(), and mac_ifnet_mtx global
to the MAC Framework rather than static to mac_net.c as it is now
needed outside of mac_net.c.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security/mac/mac_inet.c')
| -rw-r--r-- | sys/security/mac/mac_inet.c | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/sys/security/mac/mac_inet.c b/sys/security/mac/mac_inet.c index ae160a5..22c134f 100644 --- a/sys/security/mac/mac_inet.c +++ b/sys/security/mac/mac_inet.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1999-2002 Robert N. M. Watson + * Copyright (c) 1999-2002, 2007 Robert N. M. Watson * Copyright (c) 2001 Ilmar S. Habibulin * Copyright (c) 2001-2004 Networks Associates Technology, Inc. * Copyright (c) 2006 SPARTA, Inc. @@ -222,6 +222,18 @@ mac_ipq_match(struct mbuf *m, struct ipq *ipq) } void +mac_netinet_arp_send(struct ifnet *ifp, struct mbuf *m) +{ + struct label *mlabel; + + mlabel = mac_mbuf_to_label(m); + + MAC_IFNET_LOCK(ifp); + MAC_PERFORM(netinet_arp_send, ifp, ifp->if_label, m, mlabel); + MAC_IFNET_UNLOCK(ifp); +} + +void mac_netinet_icmp_reply(struct mbuf *m) { struct label *label; @@ -232,6 +244,18 @@ mac_netinet_icmp_reply(struct mbuf *m) } void +mac_netinet_igmp_send(struct ifnet *ifp, struct mbuf *m) +{ + struct label *mlabel; + + mlabel = mac_mbuf_to_label(m); + + MAC_IFNET_LOCK(ifp); + MAC_PERFORM(netinet_igmp_send, ifp, ifp->if_label, m, mlabel); + MAC_IFNET_UNLOCK(ifp); +} + +void mac_netinet_tcp_reply(struct mbuf *m) { struct label *label; |
